Thursday, July 14, 2011

False Kid Porno Raid Gets Media Play

A Buffalo, NY, man gets an early morning visit (and alleged contusions) from the ICE: His left his Wi-Fi network open, and extremely poor FBI work (according to this AP report) led to a raid on his home because that's where the IP address led. While it's no crime in the US—it is in some other countries—to leave your network open for anyone to access, this isn't the first time this has happened. I've written up a few previous similar incidents that led to police or federal agents breaking down the doors for criminal acts conducted over the network at the physical address. In most cases, a neighbor is the guilty party. You'd think the FBI would be briefing agents on this issue, so that they don't face multi-million-dollar lawsuits for faulty work that pinpoints the wrong person. The Buffalo man isn't suing, even though his attorney alleges he was thrown down the stairs by Immigration and Customs Enforcement (ICE). He says they didn't properly identify who they were after breaking down the door and brandishing weapons. (Who knows from ICE?) Even on an open network, it's possible to track identifiers that would allow relatively easy confirmation of which machine was the case, or to stake out the area for a few nights, tracking signals and locations. Then agents could enlist the homeowner with the open network to ensure the Wi-Fi signal remained available and could be used to track at which exact moment that a perpetrator was engaged in an illegal act and then raided at the same time. (We're talking child pornography here, not file swapping.) The AP article says that US-CERT recommends "closing" a Wi-Fi network among other security measures. This option, labeled differently on each maker's router software, disables default beaconing, and thus the network name and availability isn't broadcast. However, whenever the network is use by a party that knows the name and has associated with it (encryption or otherwise), traffic can be snooped and connection information extracted. I don't recommend closing a network as it provides no effective security, and neither does limiting an network to specific MAC addresses (the Wi-Fi adapter's unique hardware number). US-CERT has six recommendations for best home practices on its Securing Wireless Networks page , which include these two. Closing a network is noted as "Protect Your SSID." Really, using a nine-letter/digit WPA password is the simplest way to protect a network in a reliable and secure way no matter what other restrictions are in place. I choose to password protect my network in part because I don't want to be indirectly responsible for anyone's actions on my network (whether in a raid or just because someone commits a nefarious act using my router), and because Comcast caps my use at 250 GB per month.