IT/Legal Question

fenrir

fenrir

Member
Hey guys, have a question about legal issues with an open Wireless access point at my apartment complex. I am a IT professional so I know my way around the technical side of IT. This evening I went do laundry at my apartments lodge/house where they also have a free to use wireless point with no encryption for the whole complex to use. Being my self I just went to see who else is using the access point and discovered that the management has there "management" PC connected to the same access point. It gets better though, they have a share that is free to access that holds everyone's lease agreements and other private information.
I would send an anonymous letter in telling them about the issue but I think they would have no idea what I was talking about and ignore it. I would like to tell them about the issue and help them fix it because my wife's and I's SSNs are also being freely put out there. Are there any legal issues I should worry about? I technically didn't "hack" anything since it was freely open and available for use with the permission of the management which is in my lease.
 
reefraff

reefraff

Active Member
Originally Posted by Fenrir
http:///forum/post/3280607
Hey guys, have a question about legal issues with an open Wireless access point at my apartment complex. I am a IT professional so I know my way around the technical side of IT. This evening I went do laundry at my apartments lodge/house where they also have a free to use wireless point with no encryption for the whole complex to use. Being my self I just went to see who else is using the access point and discovered that the management has there "management" PC connected to the same access point. It gets better though, they have a share that is free to access that holds everyone's lease agreements and other private information.
I would send an anonymous letter in telling them about the issue but I think they would have no idea what I was talking about and ignore it. I would like to tell them about the issue and help them fix it because my wife's and I's SSNs are also being freely put out there. Are there any legal issues I should worry about? I technically didn't "hack" anything since it was freely open and available for use with the permission of the management which is in my lease.
My wife is in the legal field, Paralegal working for real lawyers, not some strip mall wannabe lawyer hack. Anyway she doesn't THINK you did anything illegal but take that for what it's worth. I still think the note from a stranger would be the way to go, that or steal everyone's info and sell it and jump into the class action suit against the management company
I would be tempted to just take my laptop into their office and pull up their computer with it. Don't tell them you snooped. You show them the possibility someone could get personal info. Not that you did.
 
fenrir

fenrir

Member
I would leave the note if it didn't have my personal info on it. But I want that info out of the public eye. I think I would be OK legally because I had permission to be on the network via my lease. Besides I know for a fact that kind of business has to legally have some safe guards in protecting that kind of information. I think I will bring the laws with me tomorrow just in case they don't know about them. I know most of the staff and the owner and they all seem reasonable.
 
D

dragonzim

Active Member
I would definitely start off with an anonymous letter and check to see if it had any result after a week or so. If not, I'd probably show up at their office. I'm not sure if what the management company is doing with leaving all that info out like that is illegal but it definitely not something they'd like being made public.
 
bionicarm

bionicarm

Active Member
Just take your laptop to the management, and show them exactly what you found. There are laws against any company making personal and financial information of their 'clients' available and accessible to the public. A local TV station just 'exposed' a doctor's office who dumped a bunch of patient files into the trash, and some passerby found the and reported them to the TV station. These people obviously don't have a clue about securing their wireless network, and I guarantee you they don't even realize they are doing it.
Me and a buddy actually made money 'exposing' vulnerable wireless networks around our neighborhoods. We'd drive down the street looking for AP's that were broadcasting their SSID, then see if we could connect to the AP without a WEP key. If we got in, we'd look for file shares and computers that we could access. Once we collected the data, we'd knock on the home door and ask for the owner. We'd explain what we did for a living, then dropped our laptop on their table and showed them what we found. Most of them were surprised and amazed by the results, and for a small 'fee' we spent about 30 minutes showing them how to secure their wireless network. Half of them told us they didn't even had a need for the wireless, because they had no devices that used it. Some of the home's wireless AP's had the default settingsthat came with the ISP's router.
 
reefraff

reefraff

Active Member
We have a dummy in this neighborhood with an open network. I can't believe people still do that.
 
socal57che

socal57che

Active Member
Originally Posted by reefraff
http:///forum/post/3280727
We have a dummy in this neighborhood with an open network. I can't believe people still do that.

If my router hickups, I use one of several neighbors' open networks. I make jokes on fb about my dog stealing internet from the neighbor's unprotected WLAN.
 
scsinet

scsinet

Active Member
As long as the data was accessible with NO effort to get it ... passwords, firewalls, encryption, etc, then you are probably okay legally. The DMCA makes it a crime to bypass encryption and many security schemes, even if your intentions are good. I'm not sure if the scope of the law applies to this situation or not anyway.
One thing though... you've got to be very careful here. People that don't know anything about computers generally get so intimidated in these situations that they scream "HACKER" and go legal crazy. I had it happen to me once... where I tried to point out a security weakness and I got "Well we had ABC Company set this up and they said it was secure so you must have hacked it, I'm calling the police."
The "anonymous" letter, if it somehow gets traced back to you, may freak them out even more.
 
fenrir

fenrir

Member
Originally Posted by SCSInet
http:///forum/post/3280751
As long as the data was accessible with NO effort to get it ... passwords, firewalls, encryption, etc, then you are probably okay legally. The DMCA makes it a crime to bypass encryption and many security schemes, even if your intentions are good. I'm not sure if the scope of the law applies to this situation or not anyway.
One thing though... you've got to be very careful here. People that don't know anything about computers generally get so intimidated in these situations that they scream "HACKER" and go legal crazy. I had it happen to me once... where I tried to point out a security weakness and I got "Well we had ABC Company set this up and they said it was secure so you must have hacked it, I'm calling the police."
The "anonymous" letter, if it somehow gets traced back to you, may freak them out even more.
That is what I was thinking, the share is out there for anyone to connect to. I think I am just going to go in there and tell them about my self being a secuirty professional employed by the state. Hopefully that will have them relax and then tell them about the issue. I will try to be as non scary sounding as possible.
 
spanko

spanko

Active Member
Is it true you are a security professional employed by the state? If so can't you ask legal in your office how to go about this?
 
fenrir

fenrir

Member
Thats what I did before leaving from work this afternoon. I was ok legally since I did not have to break any encryption and I had permission to be on the network. I just got back from helping them turn it off. I basically walked in and showed them what I did last night and they were grateful for letting them know. They are bringing corporate down tomorrow to fix the issue permanently and they may be using me for help tomorrow. We will see how it goes durring the week, thanks for all of the help guys!
 
fenrir

fenrir

Member
Well they did not head my warning and they have the network back up with the same data out in the open. I need to call the authorities but have no idea who to call. I know the regular police department will have no idea what I am talking about. Does anyone know who I should call? I have looked online for some government agencies but really can't find one for this type of situation.
 
bionicarm

bionicarm

Active Member
Originally Posted by Fenrir
http:///forum/post/3281325
Well they did not head my warning and they have the network back up with the same data out in the open. I need to call the authorities but have no idea who to call. I know the regular police department will have no idea what I am talking about. Does anyone know who I should call? I have looked online for some government agencies but really can't find one for this type of situation.
Check with your local police department. Most of them have 'Cybercrime Units' these days. Our police even have a group who peruse forums, Facebook, MySpace, etc. looking for child predators. If they are clueless, just contact one of your local TV stations and let them do an expose on it. You can also contact your State District Attorney. They also have Cybercrime Divisions.
 
fenrir

fenrir

Member
Did a little research and it seems I need to contact the FTC about the issue. They were not in the office this afternoon and I will call them tomorrow morning to make sure that they don't have it scheduled to be fixed tomorrow. I'm just really pissed that the emergency maint guy wouldn't page the manager this evening about the issue. It's like they want to get sued or something.
 
socal57che

socal57che

Active Member
Maybe you should hire an attorney and start preparing signs with your name on them to replace the old community signs with. (so they are ready when you own the place, lol)
 
stdreb27

stdreb27

Active Member
Personally I'd just go in there and tell em. Offer to get things patched up in the mean time. Then make em an offer if you know how to do it professionally.
You might want to get something like lifelock in the mean time.
 
You must log in or register to reply here.
Top