Following last fall’s wave of fraud that hit Capitol Hill after what the Secret Service said was a breach of an area restaurant’s point of sales system, federal investigators tell CHS that efforts this month to seize a First Hill man’s car as part of a “wardriving” and identity theft investigation are not related to the 2010 breach.
In a US District Court filing, an investigator described the First Hill car as a network hacker’s dream ride:
According to the investigator, the First Hill man’s 1988 black Mercedes Benz had been used as part of a ring of break-ins and identify theft that has ranged from Redmond to Capitol Hill in its actions — and possibly across the globe with its victims — for more than five years. The investigation into the ring was first reported by the Seattle PI last week.
The First Hill man has not been charged as part of the investigation but his vehicle has yielded valuable clues regarding a “wardriving” component of the alleged burglary ring:
Wardriving — as many commenters in this Slashdot thread on the investigation will tell you — is not necessarily a crime. But the First Hill man’s formal introduction into the story of the five-year investigation does, indeed, involve some criminal activity. According to the documents, authorities first came into possession of the wardriving-mobile in October after the owner was arrested for using stolen gift cards at 12th Ave’s The Local Vine.
According to the police report on the incident, police discovered that gift cards stolen in a Bellevue burglary had been used at the Capitol Hill wine bar on October 5th. The investigator following the wardriving and burglary ring arranged to be contacted by East Precinct if stolen cards were again used at the wine bar. Just two weeks later on a Thursday night, the flag went off. The man had returned to The Local Vine with stolen cards in tow. Parked nearby, the investigator found the black 1988 Mercedes Benz and had it impounded. Visible inside the car: a laptop, an antenna, binoculars, a box of memory cards, and a copy of “Real Time Pricing” software.
When questioned, the man told police he had purchased the cards off Craigslist, according to the court document. When detectives said they knew the man was lying and that the cards had been stolen in a burglary, he reportedly said, “I know, but I can’t tell you about it.”
A month later and armed with a warrant, investigators were able to tear into the impounded wardriving Mercedes. Inside, the detective found network cabling under the floorboards and connections for a directional antenna. A scan of the laptop found in the car revealed it “contained hacking tools and other evidence related to specific incidents of network intrusion activity.” The windows were heavily tinted and there were rear blinds so that a person “conducting criminal activity” inside the Mercedes could do so in “nearly complete privacy,” the investigator wrote. And there was more:
All of this added up to approval for the seizure of the car this spring as suspects Brad Lowe, 36, and Josh Witt, 34, are charged with nine counts of burglary for their alleged roles in the break-ins that appeared to target hardware containing names and information of employees and customers. The 35-year-old First Hill man does not currently face charges. But it’s unlikely he’ll get his car back anytime soon.
While concurrent and related in categorical terms of crime, the episode will likely not shed any new light on Capitol Hill’s fall 2010 fraud wave. The Secret Service agent in charge of the investigation of the 2010 Hill fraud wave said there is “no correlation between the two cases.”
“We still have an investigation ongoing into the other case involving the Capitol Hill business from last fall,” the agent tells CHS.
…we should all secure our wireless networks. These clowns drive around and map out for the world where they can get unfettered internet access.
You should do more than secure. Make sure you aren’t using the outdated WEP security and instead use WPA. It’s very easy (and well documented) how to break into a wireless network protected by WEP. Almost all networks are secured these days and these guys more than likely were breaking into WEP systems.
No, it’s why we should secure the machines attached to a wireless network.
I leave my wi-fi network open as a courtesy to guests and neighbors, then treat it as unsecured.
The Electronic Frontier Foundation write:
“We will need a political and technological “Open Wireless Movement” to reverse the degradation of this indispensable component of the Internet’s infrastructure. Part of the task will simply be reminding people that opening their WiFi is the socially responsible thing to do, and explaining that individuals who choose to do so can enjoy the same legal protections against liability as any other Internet access provider.1 Individuals, including Bruce Schneier and Cory Doctorow, have laid some of the groundwork. It’s time to spead the message far and wide.”
The paragraph immediately following this one states that new technology is needed to make this possible. It’s helpful to have this context. I understand why you left it out though. You are just picking and choosing the statements that best support your positon.
First five paragraphs of the aforementioned EFF piece:
They also wrote:
and:
Whenever people are convinced to do something as a result of law enforcement agencies busting in doors with SWAT gear, then telling the world, “See what happens?” I’m skeptical of following.
The root cause of the New York mishap was not an open wi-fi network, but horribly irresponsible policing. That unlawful activity is conducted using the Internet from a machine connected to a particular IP address is not an indication that said unlawful activity happened inside the home of the person to whom that address is registered. Police should not have busted into that guy’s house with guns blazing any more than they should have done so if the network traffic of interest initiated at an Internet café, coffee shop, airport, or library.
We don’t lock down postal mailboxes over the risk that someone will use them as anonymous drop-boxes for mail bombs; we simply acknowledge — and insist that our police acknowledge — that anyone can use the box, so the owner should not be held responsible for all communications that initiate there.
So you agree with their assessment that the technology is not ready to do what you are suggesting.
Really? Leaving your wifi open to everyone is just asking for trouble. Sure, it’s a nice thing to do, I agree – but fuck if I’m going to be held responsible for some guy committing any of a number of illegal activities over a connection with my name on it.
Far better to put a short message and an email address in your SSID and share keys (and possibly the bill) with people you can at least vet a little.