ZeroPaid.com » wifi

Second Target of Anonymous FBI Raids Steps Forward to Claim Innocence

Drew Wilson — Fri, 22 Jul 2011 21:37:08 +0000

There was a cross country US raid conducted by the FBI on Tuesday. Unfortunately, since the initial sweeps, reasons to doubt that the raids having an impact on Anonymous have been cropping up. Today, another person who was the target of those raids has stepped forward to say he is not only not a hacker, but also barely even knows how to turn a computer on.

Just hours after the FBI raid on the 19th, questions were being raised as to the effectiveness of the headline grabbing event. Just yesterday, the day after the raids, one person was identified as one of those arrested. In a detailed look at Scott Matthew Arciszewski, we found that the only evidence that was publicly available was of him posting comments about Infragard security publicly. The incident only fueled speculation that the people who were arrested in the FBI raids were probably little more than script kiddies. Now, a report has surfaced that might suggest that saying that only script kiddies were affected may have been an overstatement to the effectiveness of the FBI raid. In a report appearing in The Brooklyn Paper, a second individual has come forward as someone who was affected by the FBI raids. His name is Garrett Deming, a 25 year old, a singer in a band. He, and his room mates were targeted in the FBI probe, but Deming isn't really a hacker at all. From the report:

“I can barely turn my computer on. Any of our computer use is for band promotion stuff,” he said.

Ouch. Doesn't exactly sound like the kind of person the FBI was looking for. So, exactly how would someone get wrapped up in the FBI probe? The speculation for him was that his WiFi was hacked. When any illicit activities were discovered by the FBI, a plain old IP address would have merely lead to him instead. More from the report:

Deming and Eugenides lived in the fifth-floor apartment at the McKibbin Lofts with their band for a year, but moved to Bed-Stuy a few weeks ago when their lease was up. The current tenant told us that the agents were looking for the band. “They asked me about the wireless and whether I was stealing the Internet. They asked if any of my roommates were good with computers,” said Meaghan Ralph, 21, who sleepily answered the door when a half-dozen armed agents knocked at 6:15 am. “They said that they wanted the people that were living there before me.”

So, forget script kiddies, some of the people that the FBI were apparently netting barely knew anything about the activities of Anonymous. So, so far, it appears that the FBI is 0 for 2 in terms of catching anyone related to Anonymous. What this case also serves as a great reminder that it's next to impossible to connect an IP address to an actual person - something that people who want three strikes laws in place for many countries are all too willing to forget. Wrong people will be implicated whether for copyright infringement or for alleged hacking activities. In any event, I think that this is really shaping up to be a PR disaster for the FBI so far. [Hat tip: AnonymousIRC] Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at drew@zeropaid.com.

300 Irish Internet Users Wrongfully Receive First Strike Notices

Drew Wilson — Fri, 17 Jun 2011 23:00:54 +0000

False accusations have long been a subject for those sceptical of a three strikes law. Given the complexity of tying an IP address to a subscriber is much too complicated for any form of automated system, it should come as no surprise for sceptics to find out that people are wrongfully receiving notices for copyright infringement.

Record labels have been pressuring ISPs to implement a three strikes law in Ireland for years. In fact, in 2008, the record labels went to the extreme length of suing Irish ISP Eircom in a bid to get them to implement a three strikes law. In 2009, the ISP folded to pressure and agreed to implement a three strikes law for its users. Then, as of 2010, Eircom implemented the three strikes policy on their subscribers much to the outrage of many people including the Pirate Party of Ireland. There's plenty of ways to be critical of a three strikes law or policy. One way is to be critical of the technical nature of such a policy. It's all well and good to be able to find an IP address on a file-sharing network, but it's quite a different matter of actually tying that to an actual person. For instance, one person could by hijacking someone's IP address via an insecure Wifi network. Even marginally secure Wifi networks won't guard against any possible threat. Back in 2010, a USB device circulated the Chinese marketplace that would crack in to Wifi networks. Ultimately speaking, one person could be using someone else's IP address to share copyrighted material unbeknownst to the actual subscriber. Of course, there;s also the study even further back in 2008 which showed that even a printer could be framed for copyright infringement. So really, it's should come as no surprise to copyright observers that false accusations are being made even with a three strike policy present. That was certainly the case, as EDRI points out, in Ireland when 300 users received first strike notices over infringements they never even committed. According to IT Law in Ireland, Eircom is investigating the matter and offered the following explanation:

This was due to a software failure caused when the clocks went back last October, it said.

As was noted in the posting, it's very peculiar that there is an effort to take on the enormous task of identifying people via IP address, yet, this same effort can't even account for daylight savings time. It get's even more interesting:

The DPC said it was investigating the complaint "including whether the subject matter gives rise to any questions as to the proportionality of the graduated response system operated by Eircom and the music industry"
This is unsurprising - when the Eircom / IRMA three strikes settlement was being agreed the Data Protection Commissioner identified significant data protection problems with it. These problems remain, notwithstanding the deeply flawed High Court judgment which approved of the system - a judgment which, for example, decided on the question of whether or not IP addresses are personal data without once considering the views of the Article 29 Working Party. It is not surprising that the Data Protection Commissioner was not convinced by that judgment (the judgment was problematic at least in part because the Commissioner was not represented - the only parties before the court had a vested interest in the system being implemented). However, until a concrete complaint arose no further action could be taken. The complaint in this case has now triggered that action, and it seems likely that the Commissioner will reach a decision reflecting his previous views that using IP addresses to cut off customers' internet connections is disproportionate and does not constitute "fair use" of personal information. If so, the Commissioner has the power and indeed the duty to issue an enforcement notice which would prevent Eircom from using personal data for this purpose - which would ultimately seem likely to put the matter back before the courts.

Indeed, there have been numerous legal questions surrounding a three strikes law. Early this month, Frank La Rue, the UN’s Special Rapporteur on freedom of opinion and expression said that a three strikes law was a violation of the International Covenant on Civil and Political Rights. What all this seems to suggest is the crumbling of the attempt to implement a global three strikes law. Even if secret agreements like ACTA or TPP say that countries must implement a three strikes law, it now runs in to obstacles such as the UN Rapporteur and complaints about false accusations. I would go so far as to say that the window of opportunity to force a global three strikes law is passing. It certainly was more possible three years ago to try and force countries to implement a three strikes law, but now it is becoming increasingly difficult to not only persuade countries to implement them, but to make sure countries that have some form of implementation to keep the policy in place. Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at drew@zeropaid.com.

Chinese USB Wifi Crackers Make Three Strikes Laws Obsolete?

Drew Wilson — Thu, 06 May 2010 08:05:49 +0000

With many countries considering a three strikes law, it's interesting how privacy and copyright can go hand in hand online. With China's notoriety for online censorship, it's only interesting that a new product is out in the Chinese market that allows for easy Wi-Fi hacking.

There's a number of objectives set out when a country considers a "graduated response" or three strikes law if you believe proponents. One of those objectives is to simplify the ability to go after alleged file-sharers when all that is available is an IP address and a time stamp. Another objective is that it's suppose to reduce file-sharing. While, on the surface, a new product known as network-scrounging cards doesn't seem to do much for file-sharers, it really puts another dent in the robustness of a three strikes law. Networkworld describes the network-scrounging cards as a USB device that allows "a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people." The USB item comes with two CDs - one for installing the drivers and the other being a live Linux CD for the purpose of using BackTrack. Once installed "the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network." The bundle, according to NetworkWorld, sells for 165 yuan ($24). In other words, it's not much more complicated then installing the drivers for a mouse or webcam. Here's why this is so significant when looking at this through the perspective of a three strikes law. The three strikes law depends on an IP address accurately identifying an individual. At best, some countries mandate that a WiFi access point be secured (protection that seems to be all but destroyed with this product). If one were to access another persons Wi-Fi, the only person that authorities could possibly track copyright infringement to is the owner of the Wi-Fi point, not the individual using it without authorization practically speaking. As for efficiency, NetworkWorld had this to say about the set-up:

One of the kits took over an hour to crack the WEP key equivalent to the password "sugar" in a test attack on a personal router set up for the purpose using 40-bit encryption.

Still, when someone is, say, living in an apartment building with 20 some access points to choose from right from your own living room, an attacker has all the time in the world to crack the passwords. How often to Wi-Fi owners, on average, change their passwords anyway? Unfortunately, such a product only exists in China currently, but who knows? It might come to other countries who are determined to pass such a flawed law in the first place. As for the developer of BackTrack, they aren't happy that their product is being used in this fashion because BackTrack was meant for penetration testing more than anything else. Still, it shows another example of why tightening copyright laws will never solve anything with regards to file-sharing. Functionally speaking, this has resemblance to the "HADOPI router" which was actually a fake ad (more recently, another company released a similar product), but this iteration seems to be more portable. Perfect for the growing use of laptops. It's easy to say that this alone makes a three strikes law obsolete because even if a hacker is tracked down, the resources spent on tracking him/her down pretty much obliterates a lot of the objectives set out by a three strikes law in the first place. Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at drew@zeropaid.com.

False Copyright Accusations – December 2009

Drew Wilson — Tue, 05 Jan 2010 06:09:25 +0000

Eating ribs, a vlogger, and a class lecture are among a few that start our brand new monthly series on false accusations.

Imagine a world where false accusations are a new weapon to anyone, against anyone. There's no need for evidence, just a trio of simple accusations of copyright infringement. Those accusations would then, in turn, disconnect alleged infringers from the internet. The copyright industry has long hoped this would become a reality and with the Anti-Counterfeiting Trade Agreement, this hope by major copyright businesses could become a reality. We here at ZeroPaid were curious to know just how common false accusations really are and sent out a call for people's stories who were part of a false accusation for copyright infringement. You, the readers, certainly already delivered. Here are the false accusations we received from you as well as a few we found already hanging around the web.

Accusation #1

IslamWay Our first alleged false accusation comes from an anonymous submitter who simply passed along a YouTube clip of the story. In a nutshell, according to the video, the alleged false accusation came about when users who disagreed with this vlogger set up a website called “IslamWay” well after the vlog was started. After setting up the website, the users then sent a DMCA notice to YouTube to pull down any videos about IslamWay claiming copyright infringement. This does not constitute legal advice, nor is this an expert legal opinion, but as far as we know, at least in Canada, when an idea is transfixed onto a medium, the creator automatically gains a copyright on that given work. One can't simply have an idea and claim copyright as it has to be transfixed. Registering the work is another story, but if one can prove something was created prior to someone else producing an identical work, it would be difficult for the person who created that second work to go after the first person who created that work – especially if that idea also isn't registered. Are there legal questions to be made? Maybe. Does it matter? Not in a three strikes system.

Accusation #2

Usher.mp3 This is a well known case clear back in 2003. Many articles surfaced describing the tale. Apparently, a teacher posted lectures on an FTP site. The problem was that the last name of that teacher was “Usher” and he posted his lecture as “Usher.mp3”. The file, along with another file with a similar story, caused the automated system the RIAA had to combat piracy shoot a DMCA notice against Penn State's department for astronomy and astrophysics. Administrators were puzzled and later communicated with the RIAA. The RIAA, pink in the face, were forced to apologize for the false accusation and withdrew its case saying that it was just some temporary employee. Was an error made? Yes according to both sides. Does it matter under a three strikes regime? Not really.

Accusation #3

A Ribbed Viacom Remember the Viacom case of 2007? That case where they sent thousands of DMCA notices to YouTube? Then Viacom discovered that some of those videos were not really there's? yup, that's the one! What a shame someone's rib dinner wound up being caught in the mix. The story goes that while talks between Viacom and Google over filtering technology were going on, Viacom sent a DMCA notice to YouTube demanding the removal of over 100,000 video's. The video takedown was brought to you by various keyword searches. As a result, someone's video of eating a rib dinner was caught up in what many consider the Viacom YouTube dragnet. It's unclear what became of the story, but it was pretty obvious a mistake was made somewhere along the line. Was a mistake made? Probably. Does it matter in a three strikes regime? Nope.

Accusation #4

I Downloaded What? Another anonymous user sent us the following e-mail:

Yup, got a warning notice from our provider saying I had downloaded a certain movie. I don't download movies. Just the same I scanned every computer in the house for the file I supposedly had--nada. We have a secure network, and I doubt it would be hacked since both our immediate neighbors have left theirs open. So I replied with a somewhat nasty letter saying they better not keep any sort of record saying I did this....never heard back.

This sort of thing has been known to happen for anyone who watched any popular file-sharing forum for a few years. It seems that sooner or later, a user receives a copyright complaint. Puzzled, the owner scans the computers in the household and finds nothing. From this point, some users realize they have an open wifi and it was highly probably that someone hijacked the WiFi point - a particularly common problem in densely populated cities. These days, Wifi security is much more commonly practised though since awareness has been boosted, in part, by problems in the past. Still, one cannot ignore one of two possibilities: 1) Wardriving has also become more sophisticated or 2) Someone managed to hijack an IP address (at which point, there's probably little a user can do to avoid receiving a legal complaint if they are innocent). Was the user innocent? More than likely. Is it good standard practise to secure a personal WiFi hotspot? Absolutely. Is there reasonable doubt should a case like this go to court? Definitely. Does it matter in a three strikes regime? Definitely not. --- It should be noted that, if you'd like to submit a false copyright infringement accusation story, it doesn't have to have happened immediately, that day or even that year. It could be several years old at this point and we'll be happy to take them. It also doesn't matter to us if the case is ongoing or settled through counter-notice DMCA claims. We do not provide legal advice nor do we have any professional legal opinions on the matters. You can also submit the stories anonymously and have all members in the case anonymous as well. We are just after stories about false accusations. If you'd like to submit a story, and similar stories to the ones mentioned above are more than welcome, to us about a false copyright infringement accusation, feel free to send me, Drew Wilson or Jared Moya an e-mail (At this time, stories submitted to Jared will probably be forwarded to me): Drew Wilson - drew@zeropaid.com Jared Moya – jared@zeropaid.com Total accusations: 4 Total people it could disconnect: 1 Stories don't have to be file-sharing related in particular – just as long as the accusation is related to use of the internet in some way. You can simply put “False Accusation” in the header of your e-mail with your story as this will help us sort out e-mails a little easier. Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at drew@zeropaid.com.

Best WiFi Hotels 2007

Jared Moya — Tue, 01 May 2007 16:35:07 +0000

It is time for one of our most popular features, HotelChatter’s annual look at hotel brands with the Best and Worst WiFi experiences.

This year, we are going to boldly say that hotel WiFi landscape has reached an impasse. When we first started doing this report, hotels made our best list for offering up free wireless internet access. The next year, hotels made our best list for offering up free wireless internet access with a high degree of consistency across brands and locations. So we assumed that by 2007, more hotels would be offering free wireless and with greater consistency, seeing that guests love, need and want free WiFi. Alas, that is not what we found.

Instead of finding more and more hotels offering free WiFi, we are finding more restrictions are being added to free hotel WiFi. For instance, you can get free WiFi in the lobby, but in-rooms it’s ethernet and it starts at $9.95. Or you can get free WiFi in your rooms but you need to belong to a hotel’s loyalty program or be assigned a code with a special password. So while wireless networks in hotels has reached near ubiquity, it is amazing that consistent wireless internet access, pricing, and service, is not a given across hotel brands, small hotel groups, or even from the lobby to your room.

Yet, free wireless is still what many hotel guests are after, and hotels still have a great opportunity to gain a loyal following by doing hotel wireless right.

Culver City, CA Adds Pornography and Copyright Filtering Technology to Public Wireless Network

Jared Moya — Wed, 23 Aug 2006 06:03:49 +0000

CULVER CITY, CA – According to a press release from California-based technology company Audible Magic Corp (AMC), the “first Los Angeles-area municipality to offer the public a free all-access wireless Internet system” is now filtering that access to strain out “illegal and problematic content” on their network.

According to the AMC release, Culver City decided to incorporate filtering following an analysis conducted via AMC’s CopySense technology, indicating that Culver City’s open network “included some illegal trading of copyrighted music, movies and other video content, including pornographic videos and access to pornographic web sites.”

The city’s Wi-Fi system, which covers approximately 10 square blocks of the recently renovated Town Plaza, offers citizens and visitors free wireless access, both indoors and outdoors, within the covered area.

“Our campaign initially said ‘free and open Wi-Fi access to everybody,’” said John Richo, Director of IT for Culver City. “As part of the incentive plan to bring pedestrian traffic to Town Plaza, people were quick to sign up, and it was clear this was going to be a popular offering.”

Municipal WiFi is the new hope for Net Neutrality – thinker

Jared Moya — Thu, 17 Aug 2006 13:50:15 +0000

Municipal WiFi networks could help beat US carriers and politicians in the battle over so-called “net neutrality,” according to one leading campaigner

Stanford University law professor Larry Lessig has argued the WiFi clouds popping up across cites from Philadelphia to San Francisco could provide broadband access over the “last mile” between the internet cloud and users’ doorsteps.

Lessig, author and co-leader of the Creative Commons, told LinuxWorld attendees in San Francisco, that unification of the WiFI patchwork would provide an infrastructure that frees the last mile from the “proprietary control” of carriers like AT&T and Verizon. This would restrict carriers’ ability to charge content providers different fees in order to prioritize delivery of their data packets across the internet.

“When one owns the wires as these network operators do, there is a desire to leverage control. To exploit and capture the value up the stack,” Lessig said.

Are You Liable If Someone Does Something Illegal On Your WiFi?

Jorge Gonzalez — Tue, 21 Mar 2006 22:55:14 +0000

For years, whenever the press has written one of their fear-mongering stories about open WiFi, they almost always include some tidbit about how if someone uses your network to do something illegal, you can be arrested for it. It’s one of the popular open WiFi horror stories — but is it true?

Well, of course, you can be arrested, but it’s unlikely that there would be any legal grounds for the arrest. The latest debate on this issue comes from a tech writer at the Houston Chronicle who is taking Tim Lee to task for an op-ed piece Tim wrote in the New York Times about open WiFi. The Chronicle writer says Tim is missing the real security issue, about how the RIAA can go after you if someone downloads music on your open WiFi. While it is true that they can go after you, there are valid legal defenses for this — as has been discussed for years.