Unsecured Wireless Networks Can Bring Criminal Investigations, Depending on Who Is Using It

(Published in the Prism Risk Management blog, December 27, 2012. Used with permission.)

Many businesses benefit from providing wireless internet access, commonly known as “Wi-Fi,” to their employees or customers. While some businesses may offer Wi-Fi access as a bonus to customers, such as coffee shops, others may prefer to limit access to authorized users. Allowing unknown individuals onto a wireless network can pose security problems, as hackers may be able to access other customers’ computers, or even find a way into the business’ network. One recent case has demonstrated how a criminal investigation can result when online criminal activity traces to an unsecured Wi-Fi network.

Wi-Fi technology first came into use in 1999, when the Wireless Ethernet Compatibility Alliance announced a standard for wireless internet connections. The term “Wi-Fi” was chosen as a simple way to describe the new standard. It allows users to access the internet on a computer or mobile device without cable connections, provided they are close to a wireless router. Wi-Fi “hotspots” are available at many businesses and public spaces. Some require paid registration or subscription, and others simply require the user’s computer to register on the network. Some wireless routers have no restrictions on who may use them, particularly routers in private homes. This leaves them open to exploitation by others.

Many people have, at one time or another, used an unsecured Wi-Fi network, but most people would do so for a mundane purpose like checking e-mail. According to federal prosecutors in Pittsburgh, Pennsylvania, Richard Stanley used an unsecured network to share child pornography. Investigators with the Pennsylvania State Police traced the activity to a specific internet protocol (IP) address, that of a paying Comcast subscriber who knew nothing of Stanley’s alleged activities. They obtained the person’s address through Comcast, executed a search warrant on the premises, and found nothing. Because suspicion of child pornography is something that no person or small business wants as the subject of a search warrant, this story should serve as a warning to maintain secured wireless networks at all times.

Fortunately for the Comcast subscriber, police concluded that someone else was using the Wi-Fi network. This is where the story takes an interesting turn in both a technological and legal sense. Police investigators used a program known as Moocherhunter, which can locate other computers or mobile devices connected to a Wi-Fi network in the immediate vicinity. The determined that Stanley, who lived across the street, was “mooching” off the person’s Wi-Fi, and used that information to obtain a warrant to search Stanley’s home.

Stanley’s criminal case has largely revolved around the question of whether police may use a program like Moocherhunter to pinpoint a suspect’s location without a warrant. A judge ruled last month that Stanley did not have a reasonable expectation of privacy, since he was using someone else’s network. For small businesses, homeowners, and other wireless internet users, the risk of actual criminal liability from a case such as this seems minimal to nonexistent, but that may be beside the point. The real issue is avoiding even the appearance of involvement with activities such as those described in this ongoing criminal matter. Maintaining the security of one’s Wi-Fi network seems like a wise investment.

© David C. Wells 2014