Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 

 

 

Unauthorized Network access becomes a felony

Oracle Tips by Burleson Consulting

 

Bad News for wi-fi owners and users

With the epidemic of unsecured wireless networks being used as platforms for illegal attacks, and we see that lawyers and victims are fighting back.  In many cases, the crooks simply set-up a portable wi-fi Starbucks and wait for the suckers to connect.  They plant password sniffers and sit-back while the PC e-mails ssh passwords to them. 

  • Unauthorized access to a computer network becomes a felony – Even casual access to an unsecured wireless network in a hotel can destroy your career.  You can be arrested on-the-spot, even if you have no criminal intent (other than stealing their bandwidth, of course).  In Canada, it’s called Theft of Telecommunications
     
  • Sue the hapless wi-fi homeowner - Hacking victims now have a cause-of-action against the owners of wireless networks that have been used as access points to commit crimes.  If you manage a computer network, (even if it’s ole Aunt Sara’s) the wi-fi cannot serve as an open-relay for bad guys.  It’s called “negligence”.

The Polestar of the Paranoid – Maybe they are out to get you

On one occasion I had a server breech where a fellow from a China IP address tunneled right-in via ssh to a confidential server.  After an exhaustive investigation  it was discovered that the perp had used a wi-fi at a hotel to entice suckers into connecting and them planted a password sniffer that mailed he unencrypted passwords overseas.  In response, many States are expanding existing laws that were made to curtail cable TV theft (Hence the “unauthorized access” component), as noted in this Tennessee law:

It is an offense for any person, knowingly and with the intent to defraud a communication service provider of any lawful compensation for providing a communication service, to: 

       (1) Possess, use, make, develop, assemble, sell, distribute, possess with intent to distribute, lease, license, transfer, import into this state or offer, promote or advertise any unlawful communication device for the unauthorized acquisition or theft of any communication service or to receive, intercept, disrupt, transmit, re-transmit, decrypt, acquire or facilitate the receipt, interception, disruption, transmission, re-transmission, decryption or acquisition of any communication service without the express consent or express authorization of the communication service provider as stated in a contract or otherwise, or as otherwise expressly authorized by law . . .

The Accidental Felon

The threat of arrest aside, I would not want to be one of those goofs whose defense is that they did not know that connecting to an unsecured network was not a serious crime?  Hey, why accidentally commit a felony?  Ignorance of the law is no excuse, and it makes you look stupid, too. . . .

We are now seeing a backlash against those who tap-into unsecured wireless networks for evil purposes, and local police are now arresting those who tap-into unsecured wireless networks.  As we see, even the benign use of a wireless network is a felony.  Not getting permission is called "unauthorized access to a computer network, a third-degree felony.” 

http://www.sptimes.com/2005/07/04/State/Wi_Fi_cloaks_a_new_br.shtml

“Police say Benjamin Smith III, 41, used his Acer brand laptop to hack into Dinon's wireless Internet network. The April 20 arrest is considered the first of its kind in Tampa Bay and among only a few so far nationwide.”

The article notes that, according to experts, wireless networks are often used as a launching pad for criminal acts:

“People have used the cloak of wireless to traffic in child pornography, steal credit card information and send death threats, according to authorities.”

In more-and-more cases, police have been able to detect and prosecute wi-fi criminals:

“Last year, a Michigan man was convicted of using an unsecured Wi-Fi network at a Lowe's home improvement store to steal credit card numbers. The 20-year-old and a friend stumbled across the network while cruising around in a car in search of wireless Internet connections - a practice known as "Wardriving."

The article also notes that tapping into an unsecured wireless network is a felony in Florida:

“In a way Dinon was fortunate the man outside his home stuck around since it remains a challenge to catch people in the act. Smith, who police said admitted to using Dinon's Wi-Fi, has been charged with unauthorized access to a computer network, a third-degree felony.”

Evil-twins and honey pots

I learned about how hackers work by planting “honey pots”, internet-enabled computers with loose security.  I kick-back, look-over the crooks shoulder and observe their behavior.  In one case, a hacker from China upgraded my version of Linux!  The wi-fi equivalent of a honey pot is the “evil twin” attack. 

“A more recent threat to emerge is the "evil twin" attack. A person with a wireless-equipped laptop can show up at, say, a coffee shop or airport and overpower the local Wi-Fi hotspot. The person then eavesdrops on unsuspecting computer users who connect to the bogus network.

At a technology conference in London this spring, hackers set up evil twins that infected other computers with viruses, some that gather information on the user, the Wall Street Journal reported.”

Going after negligent wi-fi administrators

This year I’ve been talking to the FBI Cybercrine agents and federal attorneys on a foreign “John Doe” subpoena, and we are hearing that even if the attacker used an unsecured wireless network (or an “open relay” by a negligent ISP), the victims can still collect damages from the hapless owners of the unsecured wireless network.  That makes sense.  Most homeowners policies have a “gross negligence” clause, and enabling criminals  sure sounds negligent to me.

BTW, this is also true in cases where the network is protected by inadequate security such as “WEP”, which can quickly be bypassed by free web programs.  WEP is an acronym for “Wired Equivalent Privacy”, and it can easily be bypassed, according to the link above:

“Not all encryption is rock solid, either. One of the most common methods called WEP, or Wired Equivalent Privacy, is better than nothing but still can be cracked using a program available on the Web.

"Anybody with an Internet connection and an hour online can learn how to break that," said Guerin, the Dunedin network administrator. Two years ago when the city of Dunedin first considered Wi-Fi, Guerin squashed the idea because of WEP's inadequacy.”

OK, are you paranoid yet?

This should serve as a sobering note for unsecured wi-fi owners.  If someone taps-into your unsecured wireless network to commit an attack, YOU are responsible for the damages, under the "gross negligence" doctrine.  This is what happens when they make wi-fi too easy, and granny unwittingly becomes a “network administrator” when the lawyers sue her for providing a portal for a hacker.

In most cases, your homeowner’s policy will cover damages up to $250,000, but a major attack could cause you to loose everything, including your house and life-savings.  For me, it’s not worth the risk.  Protect your wireless network with “real” security, and don’t just hop onto any unsecured wireless that your computer detects.

BTW, there are other unique Wi-fi intrusion detection tools that offer “practical mind protection for paranoids”, across the globe, like this one for only $12.95.

For more information on identifying paranoid schizophrenics on the web see my new book, ”Web Stalkers: Protect yourself from Internet Criminals and Psychopaths”. 

It’s only $19.95, and a great read, a real eye-opener.


 

 

��  
 
 

 
 
 
 
oracle dba poster
 

 
 
Oracle performance tuning software 
 
Oracle Linux poster
 
 
 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright © 1996 -  2014

All rights reserved by Burleson

Oracle © is the registered trademark of Oracle Corporation.