Bandwidth theft continued - criminal prosecutions

D

dominic

Legal Expert: Telecoms
Joined
Sep 7, 2004
Messages
7,329
Reaction score
134
Location
Mi CASA
Singapore sentences WiFi pirate - http://australianit.news.com.au/articles/0,7204,21073422^15405^^nbv^15306-15322,00.htm

there are also a number of prosecutions happening in SA relating to bandwidth theft over dsl lines - the courts and cops seem to be getting a little comfier with the process (although they insist on prosecuting these cases as fraud which is, imho, incorrect - it is an offence under the Electronic Communications and Transactions Act)
 
Syndyre said:
They steal someone else's username and password and then use that to authenticate.
Click to expand...
sorry if not clear - theft of username and password/ use of username and password where not stolen but no authorisation to use them / exploitation of vulnerabilities

i am personally not aware of any convictions in SA as yet but, if there are not any yet it is a matter of time now
 
So what happens if you sit in your house or block of flats and pick up someones WiFi which is unprotected/unencrypted and you jump on his zone and surf. Isn't that also bandwidth theft?
 
Gadget_guy said:
So what happens if you sit in your house or block of flats and pick up someones WiFi which is unprotected/unencrypted and you jump on his zone and surf. Isn't that also bandwidth theft?
Click to expand...
as far as i am concerned, yes - if you are not authorised to use it it constitutes unauthorised access

if it is regarded as fraud - fraud for criminal la purposes is defined as

The unlawful and intentional making of a misrepresentation which causes actual prejudice or which is potentially prejudical to another (Snyman’s Criminal Law)..

i.e. i am intentionally misrepresenting that i am entitled to use that bandwidth - given the existence of caps i will be causing prejudice to someone else if i use their bandwidth (e.g. they may be capped and thereafter unable to run their business)

section 89 ECT Act said:
Unauthorised access to, interception of or interference with data

86.
(1) Subject to the Interception and Monitoring Prohibition Act, 1992 (Act No. 127 of 1992), a person who intentionally accesses or intercepts any data without authority or permission to do so, is guilty of an offence.
(2) A person who intentionally and without authority to do so, interferes with data in a way which causes such data to be modified, destroyed or otherwise rendered ineffective, is guilty of an offence.
(3) A person who unlawfully produces, sells, offers to sell, procures for use, designs, adapts for use, distributes or possesses any device, including a computer program or a component, which is designed primarily to overcome security measures for the protection of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the intent to unlawfully utilise such item to contravene this section, is guilty of an offence.
(4) A person who utilises any device or computer program mentioned in subsection (3) in order to unlawfully overcome security measures designed to protect such data or access thereto, is guilty of an offence.
(5) A person who commits any act described in this section with the intent to interfere with access to an information system so as to constitute a denial, including a partial denial, of service to legitimate users is guilty of an offence.
Click to expand...

it is not clear where bandwidth theft would fall in the above....
 
Boodles said:
how does a person steal bandwidth over dsl lines?
Click to expand...

Very easily, sadly. Wander over the known ADSL IP ranges connecting until you find a router on default passwords, log in, steal account details, use them to steal bandwidth. ISPs should enforce changes to subscriber equipment default passwords. In some short tests of a security checker I was developing some months back I found approx 2-3% of routers on default passwords, in addition to some other surprising connections.
 
Thanks goes to Dom for digging this out.

Sadly, bandwidth theft is a reality, and it is up to the systems administrator to make sure that all possible exploits are closed or patched, but is not always feasible.

One problem associated with bandwidth theft is that the person stealing your bandwidth usually surfs for contraband, thus leaving you with a couple of very hot potatoes. (kiddie pr0n, posting of defamatory writings, etc).

It is not easy for manufacturers and suppliers of wifi access points or adsl routers and the such, to make use of random passwords, as this will clog up their support lines - the onus falls therefore on the end user to make sure his system is configured correctly.
 
Regarding the WiFi issue:

I see it this way if you walk down a corridor in a block of flats, and you walk past someone's front door which is open, it is trespassing if you go in and have a look around?
 
dominic said:
it is not clear where bandwidth theft would fall in the above....
Click to expand...

Well, not the bandwidth theft itself, but to steal bandwidth you have to steal a login/password to authenticate with, and doing so is clearly in violation of 86(1) in your quote.
 
BW theft is def a huge problem.
As dominic stated it is only a matter of time before it happens locally. Don't know of any yet.

Word on the wire is that the cops are going as far as meeting with the ISP's to get their input on how to capture / tighten / fight the theft of bandwidth.
 
lilDeath said:
As dominic stated it is only a matter of time before it happens locally. Don't know of any yet.

.
Click to expand...
i am personally dealing with two such prosecutions (but will be doing my best to make sure these do not turn into convictions :))
 
dominic said:
as far as i am concerned, yes - if you are not authorised to use it it constitutes unauthorised access

if it is regarded as fraud - fraud for criminal la purposes is defined as

The unlawful and intentional making of a misrepresentation which causes actual prejudice or which is potentially prejudical to another (Snyman’s Criminal Law)..

i.e. i am intentionally misrepresenting that i am entitled to use that bandwidth - given the existence of caps i will be causing prejudice to someone else if i use their bandwidth (e.g. they may be capped and thereafter unable to run their business)



it is not clear where bandwidth theft would fall in the above....
Click to expand...

This is very interesting. I know a lot of people for instance. Someone technically challenged like my mom. She carries her laptop everywhere, but is one of those people who will click "yes" all the time.

What happens if she moves into an area, her computer picks up an open network and connects to it, and starts using the bandwidth for the latest version of whatever new worm is out there?
 
The_Librarian said:
Thanks goes to Dom for digging this out.

Sadly, bandwidth theft is a reality, and it is up to the systems administrator to make sure that all possible exploits are closed or patched, but is not always feasible.

One problem associated with bandwidth theft is that the person stealing your bandwidth usually surfs for contraband, thus leaving you with a couple of very hot potatoes. (kiddie pr0n, posting of defamatory writings, etc).

It is not easy for manufacturers and suppliers of wifi access points or adsl routers and the such, to make use of random passwords, as this will clog up their support lines - the onus falls therefore on the end user to make sure his system is configured correctly.
Click to expand...

A computer should be like a car, you need a licence to get one. Its thanks to end user machines run by users who think they know best, but know nothing, that allow those zombie bot nets to wreck havok and spam relay the world.:o
 
w1z4rd said:
This is very interesting. I know a lot of people for instance. Someone technically challenged like my mom. She carries her laptop everywhere, but is one of those people who will click "yes" all the time.

What happens if she moves into an area, her computer picks up an open network and connects to it, and starts using the bandwidth for the latest version of whatever new worm is out there?
Click to expand...
her conduct lacks the mental element - the intentional conduct which must be proved beyond reasonable doubt - so she has no worries :)

"the unlawful and intentional making of a misrepresentation which causes actual prejudice or which is potentially prejudical to another" (Snyman’s Criminal Law)

[basically if you take a definition like the above and separate it out
- unlawful (this is a truly legal concept -look at it as "does this kind of conduct offend society and should it be punished?")
- intentional
- making of a misrepresentation
- actual or potential prejudice

the state has to prove all of these before it gets to put mrs wizard away for a nice long stretch in the chook]
 
dominic said:
section 89 ECT Act said:
Unauthorised access to, interception of or interference with data

86.
(1) Subject to the Interception and Monitoring Prohibition Act, 1992 (Act No. 127 of 1992), a person who intentionally accesses or intercepts any data without authority or permission to do so, is guilty of an offence.
(2) A person who intentionally and without authority to do so, interferes with data in a way which causes such data to be modified, destroyed or otherwise rendered ineffective, is guilty of an offence.
(3) A person who unlawfully produces, sells, offers to sell, procures for use, designs, adapts for use, distributes or possesses any device, including a computer program or a component, which is designed primarily to overcome security measures for the protection of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the intent to unlawfully utilise such item to contravene this section, is guilty of an offence.
(4) A person who utilises any device or computer program mentioned in subsection (3) in order to unlawfully overcome security measures designed to protect such data or access thereto, is guilty of an offence.
(5) A person who commits any act described in this section with the intent to interfere with access to an information system so as to constitute a denial, including a partial denial, of service to legitimate users is guilty of an offence.
Click to expand...

it is not clear where bandwidth theft would fall in the above....
Click to expand...
There are IMO a few cases for application of those clauses to someone who has gained access to someone else's ADSL ISP account username & password:
  1. Data that a suspect accesses [e.g. websites, email, etc] using someone else's ADSL ISP account username & password.
  2. As a result of [1], any suspect that renders someone else's ADSL ISP account ineffective due to the cap on such ADSL ISP account.
  3. Where "access code" is the username part of an ADSL ISP account, and password is obviously the associated password.
  4. Seems like repitition of [3].
  5. If a suspect causes someone else's ADSL account to reach its cap, and the owner of the ISP account is denied access - even partially in the case of highly contended international access [that was once a reality].
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X