Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mumbai Police To Enforce Wi-Fi Security

Soulskill posted more than 5 years ago | from the taking-a-stand-against-e-loitering dept.

Privacy 134

caffeinemessiah writes "In the wake of the recent terrorist attacks in Mumbai, India, the local police are going to be sniffing out unsecured wi-fi access points and ordering the owners to secure them. The article notes that 'terror mails were sent through unsecured Wi-Fi connections' before bomb blasts in other Indian cities. No word on if they'll be walking around using Kismet, or if people who use pathetically weak WEP encryption will be ordered to switch to more advanced protocols. Unfortunately, a gesture like this does not take into account the insidious scenario of walking into a cafe, buying a coffee and then (legally) using the cafe's wi-fi. Or the fact that terrorists might actually be able to pay to use a cybercafe, and know what VPNs are." On the other hand, the Mumbai police may still be keeping track of the mandatory keyloggers that went into the area's cybercafes in 2007.

cancel ×

134 comments

Sorry! There are no comments related to the filter you selected.

Red header = start your engines (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26399969)

For first post!

Indian IT at its finest (1)

ringbarer (545020) | more than 5 years ago | (#26399983)

Remember that Vista was written by India's blessed IT 'experts', and look at how well that turned out.

Re:Indian IT at its finest (0)

Anonymous Coward | more than 5 years ago | (#26400499)

And the Son of Sam killer was an American, just like Andy Dick.

Wait, what's the point we're making here?

Not enough (5, Interesting)

rite_m (787216) | more than 5 years ago | (#26400037)

Unless this policy is applied throughout the country, the city of Mumbai getting rid of unsecured wifi access points will not solve much. A terrorist can take a 3 hour bus ride to Pune to get unsecured wifi access. Mumbai itself is too big, are they talking about only the city or the whole suburbia included? Thane? New Mumbai?

Sounds like a scare tactic to me. A publicity stunt to make people more aware of consequences of unsecured wifi.

Re:Not enough (4, Insightful)

dbolger (161340) | more than 5 years ago | (#26400127)

Calling it a "scare tactic" is a bit harsh. I'd say its more the police wanting something to point to when their bosses ask what they've done to "make Mumbai safe from this happening again".

Re:Not enough (1)

Scrameustache (459504) | more than 5 years ago | (#26400343)

Calling it a "scare tactic" is a bit harsh. I'd say its more the police wanting something to point to when their bosses ask what they've done to "make Mumbai safe from this happening again".

Big brother waltzes in, and you think he's just there for show?

I'm not saying this will have any terror-reducing qualities as ascribed to them by the official channel, but it's not just song and dance like the water bottle thing, it's another way of removing anonymity. Making sure that all ctivity can be monitored, all citizens controlled...

By making you secure your acces point? (1)

GuloGulo (959533) | more than 5 years ago | (#26400605)

"it's another way of removing anonymity"

Please explain, in a way that those of us who aren't completely wrapped in tin-foil from head to toe, can understand.

As I see it, a secured access point is no lees anonymous than an unsecured access point.

Re:By making you secure your acces point? (2, Insightful)

gnupun (752725) | more than 5 years ago | (#26400865)

Please explain, in a way that those of us who aren't completely wrapped in tin-foil from head to toe, can understand.

Well, an unsecured point means big brother can't track who exactly is using it -- relatively anonymous. Since 9/11, big brother (in many countries) has become obsessed with tracking everything everyone is doing under the guise of security. That kind of power can be easily abused and there are no laws preventing the abuse.

Re:By making you secure your acces point? (1)

GuloGulo (959533) | more than 5 years ago | (#26400877)

"Well, an unsecured point means big brother can't track who exactly is using it "

SO does a secured access point.

Re:By making you secure your acces point? (1)

gnupun (752725) | more than 5 years ago | (#26400925)

Don't you need a password to access a secured point? Some random stranger can't just start using it without hacking the password.

Re:By making you secure your acces point? (1)

GuloGulo2 (972355) | more than 5 years ago | (#26401169)

Don't you need a password to access a secured point? Some random stranger can't just start using it without having the password.

FYP, and think about the difference.

Re:By making you secure your acces point? (0)

Anonymous Coward | more than 5 years ago | (#26401923)

well, the unsecured wireless point provides more anonymity because, it becomes impossible to track the data you send when using it, back to you. if you think about, its the ultimate in anonymous proxies. anything you do while using it is traced back to the poor sod you leeched off.

Imagine how much these (wifi generous) guys were tortured before their outright denial of any wrongdoing was accepted.

Re:Not enough (2, Insightful)

Kindaian (577374) | more than 5 years ago | (#26402465)

It's very easy to make Mumbai safe from a repetition...

The problem is making it safe from the next DIFERENT thing.

And a small detail, the city must be kept working...

Re:Not enough (4, Funny)

dmomo (256005) | more than 5 years ago | (#26400131)

3 hour bus ride? That's a lot of time taken out of a terrorist plot. Do you have any idea how much evil can HAPPEN in three hours? Hot dang. That's a whole 8th of a season. Just ask Jack Bauer.

Re:Not enough (0)

Anonymous Coward | more than 5 years ago | (#26400315)

6hrs with the return to mumbai. Very interesting season indeed.

Re:Not enough (0, Offtopic)

rite_m (787216) | more than 5 years ago | (#26400519)

3 hour bus ride? That's a lot of time taken out of a terrorist plot. Do you have any idea how much evil can HAPPEN in three hours? Hot dang. That's a whole 8th of a season. Just ask Jack Bauer.

3 hours is a lot if this was going to be a hit and run attack like done recently in Taj hotel and elsewhere. But you have the understand the complete context here. India has had attacks which were done much differently. There have been cases when the terrorists were *in* India for days and sometimes months. Some of those attacks have cost more lives (mumbai train blasts [wikipedia.org] come to my mind) than the recent one. And these attacks are much more common.

So, yes, you are right if the cops are only targeting Taj Mahal sort of attacks. But thats 'not enough', as I said.

Re:Not enough (0, Offtopic)

Chris Burke (6130) | more than 5 years ago | (#26401623)

3 hour bus ride? That's a lot of time taken out of a terrorist plot. Do you have any idea how much evil can HAPPEN in three hours? Hot dang. That's a whole 8th of a season. Just ask Jack Bauer.

True, but that could be a great trick to get an uninteresting subplot out of the way and off the screen for a few episodes. Hazid and Bazid take a bus to another city to send the evil terrorist message via unsecured wifi. Don't worry about them for a while, back to Jack!

They could show it instead in a kind of special feature on the DVDs, where you see all the things that happen while the camera is elsewhere, or during the commercials. That's where you'd see Jack on the can*, the CTU director stuffing a patchouli in her face, and characters stuck in LA rush hour traffic. And then three straight hours of the two terrorists on a bus. One hour, one sleeps and the other sits up looking stern. Then the sleeping one wakes up, and gets out a portable Scrabble board.

* Just kidding, nothing escapes Jack Bauer.

It is A publicity stunt (3, Insightful)

WindBourne (631190) | more than 5 years ago | (#26401629)

They want ppl to feel like they are doing something to help the nation. It is no different than when W has been saying that American airports, ports and harbors are secure. They are not. It is more work, but it is still possible to smuggle weapons on-board aircraft (in fact, far too easy). The same is true of Mumbai. Assume that these guys want to attack again. So what? They simply rig an encrypted wifi close by and then use it for themselves. VERY easy to do. In fact, they can even set up some systems where they are 5KM away and use an antenna to beam to the top of the hotel. From there, plug in various antenna's just prior to the attack. It is that simple.

Re:Not enough (1)

DerekLyons (302214) | more than 5 years ago | (#26403543)

Unless this policy is applied throughout the country, the city of Mumbai getting rid of unsecured wifi access points will not solve much. A terrorist can take a 3 hour bus ride to Pune to get unsecured wifi access.

Excellent! Now what used to take a terrorist planner a few moments takes him 6 hours (round trip), making his life that much more difficult. From a security point of view, that's a win.
 
That's what many folks here don't seem to understand; the idea isn't to stop the terrorist cold, but to make his task incrementally more difficult. If he has to walk into a coffee shop and buy a coffee on a regular basis, that means he has to show up someplace where he might be seen - and remembered. If they have to rig their own network, that means they have to put forward the effort (and suffer any failures) and that the network is susceptible to detection. Etc. etc...

Fuck Mumbai (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26400053)

Any time a terrorist act is used to restrict the free, anonymous flow of information, you can rest assured that the terrorism is government sponsored.

It is only a knee-jerk reaction to place draconian technological restrictions after an event to those who perpetrated it. The innocent and the free would never try do such things, as they have nothing to hide.

Always look to see who benefits from the "reaction" whenever there is some kind of "action" and you most likely have your perpetrator.

Fuck Mumbai.

Easy Solution to Keyloggers (1)

Gastrobot (998966) | more than 5 years ago | (#26400057)

Don't use keys. Copying and pasting messages, usernames, and passwords from a USB stick would work perfectly well for a terrorist at a cybercafe.

Re:Easy Solution to Keyloggers (2, Insightful)

Puffy Director Pants (1242492) | more than 5 years ago | (#26400123)

It is as easy to capture the data from a Copy and paste as it is from key-input.

Heck, that text file used to copy and paste could just as easily be e-mailed and then you lose all your passwords at once.

Re:Easy Solution to Keyloggers (0)

Anonymous Coward | more than 5 years ago | (#26400155)

Encryted zip the file.

Re:Easy Solution to Keyloggers (1)

Ethanol-fueled (1125189) | more than 5 years ago | (#26400265)

Or use steganographic [wikipedia.org] messages.

Re:Easy Solution to Keyloggers (1)

1s44c (552956) | more than 5 years ago | (#26400577)

Or use steganographic [wikipedia.org] messages.

Are you really suggesting creating or decoding them on a computer you don't trust? There is no security in that.

Re:Easy Solution to Keyloggers (4, Interesting)

Ethanol-fueled (1125189) | more than 5 years ago | (#26400653)

A computer need not be bugged and/or connected to the internet to create or decode a steganographic message.

Create/encode on a trusty laptop, use USB key to transfer it to an internet cafe's rented computer to actually send it, have the other guy receive it at some other access point and then use a USB key to get it to his trusted computer where the message can be decoded. Simple without having to use suspicious VPNs and SSH and encryption and whatnot.

Re:Easy Solution to Keyloggers (1)

Z00L00K (682162) | more than 5 years ago | (#26401249)

Use of keywords is another way.

Don't make it harder than it has to be. You may do a phone call and have a conversation and then you end it with something like "Send my regards to Bill" and it means something special only for those that holds the conversation.

Methods like that is old, but still works because it's a legitimate context.

Re:Easy Solution to Keyloggers (1)

nospam007 (722110) | more than 5 years ago | (#26401567)

They were just too cheap to pay, just use any phone with a prepaid card and throw it away when done.

Re:Easy Solution to Keyloggers (0)

Anonymous Coward | more than 5 years ago | (#26401731)

Create/encode on a trusty laptop, use USB key to transfer it to an internet cafe's rented computer to actually send it, have the other guy receive it at some other access point and then use a USB key to get it to his trusted computer where the message can be decoded. Simple without having to use suspicious VPNs and SSH and encryption and whatnot.

So you need two laptops, two USB keys, and two people who know how to use them. This is India, a third world country. They can't afford laptops and guns.

Re:Easy Solution to Keyloggers (2, Interesting)

legirons (809082) | more than 5 years ago | (#26400993)

Or use steganographic [wikipedia.org] messages.

Are you really suggesting creating or decoding them on a computer you don't trust? There is no security in that.

Is this the end then? Has the government cryptofascism got so bad that even normal geeks are designing terrorist plots just as response to the outrage of hearing the latest news criminalising anyone who disagrees with the policies?

Re:Easy Solution to Keyloggers (1)

1s44c (552956) | more than 5 years ago | (#26401803)

Is this the end then? Has the government cryptofascism got so bad that even normal geeks are designing terrorist plots just as response to the outrage of hearing the latest news criminalising anyone who disagrees with the policies?

...and by the standard of jabber on here designing them badly.

Re:Easy Solution to Keyloggers (1)

1s44c (552956) | more than 5 years ago | (#26400375)

Encryted zip the file.

You can't be serious. The weak XOR on encrypted zips can be broken with script kiddie tools.

Re:Easy Solution to Keyloggers (0)

Anonymous Coward | more than 5 years ago | (#26400791)

And then you can't copy and paste any of your passwords!

Brilliant!

Re:Easy Solution to Keyloggers (3, Informative)

1s44c (552956) | more than 5 years ago | (#26400437)

Don't use keys. Copying and pasting messages, usernames, and passwords from a USB stick would work perfectly well for a terrorist at a cybercafe.

Thats just silly. The real answer is one time passwords.

However you really can't do much with a computer you mistrust, they know everything that happens in your session and they might be able to remote control it in the middle of your session.

Re:Easy Solution to Keyloggers (1)

Kindaian (577374) | more than 5 years ago | (#26402655)

The best keyloggers take not only keys, but screenshots, clicks and the clipboard...

Naturally no keylogger resists a memory reset...

But, if the keylogger is HARDWARE based, you don't even manage to detect it, because, if done correctly, it isn't even on the computer...

Alas...

Will this even help? (4, Insightful)

dmomo (256005) | more than 5 years ago | (#26400059)

I honestly don't know. If this were in effect before the attack, what difference would it have made? I can't help but think "not a heck of a lot". Terror has a way of routing itself around obstacles. While it's good to have a secure network, should it be mandated?

Is a network "unsecure" if you intentionally keep it open? Does this outlaw sharing access then?

Re:Will this even help? (2, Insightful)

internewt (640704) | more than 5 years ago | (#26401123)

The joke of an article simply refers to "terror mails" sent before the bombings. Are they saying that the bombings were planned via email through these open APs?

If so, then I feel that the police's actions give insight as to their real drives: get a conviction, secure that pay-rise and promotion. If an AP is open it gives a pretty good defence to the owner, but if it is secure then that defence may not fly. The police get a successful conviction, even though it might be totally the wrong person.

If you don't think that law enforcement will care more for conviction than solving a terrorist atrocity then just take a look at the Birmingham pub bombings. [wikimedia.org]

It's a usual knee jerk reaction - the police have to be seen to be doing something, but I dunno how closing of open APs will stop terrorist actions. Generally, if you want to stop terrorism you need to stop pissing off the people bombing you.

A very insidious scenario... (4, Insightful)

oojimaflib (1077261) | more than 5 years ago | (#26400125)

the insidious scenario of walking into a cafe, buying a coffee and then (legally) using the cafe's wi-fi

This is the first (and I hope the last) time I have heard such a scenario described as "insidious".

Lame (5, Insightful)

Idiomatick (976696) | more than 5 years ago | (#26400129)

Unless i'm at university I always leave my network unsecured. My neighbors use it on occasion (i check logs). And I use theirs on occasion, with us being on separate ISPs we get at least 5 9s of uptime. It frustrates me that secured is become standard or in this case enforced. It was much better a few years ago when i could get wireless access in most places to check emails and such. Why do have to have such a community of locked doors? If someone has a laptop they likely have their own wireless internet which you could use, it is a perfectly fair deal. If my neighbours did a few gigs a day i'd stop it but it never went over a few megs.
Standard security should not allow access to lan. It should be allowed to set limits for outsiders and should have a message redirect when you first open FF/IE/Opera saying the rules and so forth. Thats it. Making sharing and redundancy illegal is ridiculous and as the summary suggests it doesn't help anything.

Re:Lame (1)

Jumperalex (185007) | more than 5 years ago | (#26400327)

Well I don't want people on my network as yet another layer to prevent access to data shared on my network between the three computers I have on the network.

Or am I missing something here? and I mean that sincerely. If there is something I'm missing about protecting your data and the openness of my network please tell me.

Re:Lame (0)

Anonymous Coward | more than 5 years ago | (#26400529)

Well I don't want people on my network as yet another layer to prevent access to data shared on my network between the three computers I have on the network.

Or am I missing something here?

Yes, you are missing how to form sentences.

Re:Lame (1)

pegdhcp (1158827) | more than 5 years ago | (#26401093)

You are both right and wrong. Your computer's security should be at a level that is designed agains a punched thru firewall anyway. So while you are right that it is more secure when you keep people out of your home network, the security of your home computers should not rely on the assumption that there is no foreign objects on the network.
I guess the most dangerous thing that can happen that, if somebody has unauthorized access to your network and that they can do something illegal like child porn and leave logs with your IP address as the source.

Re:Lame (1)

Jumperalex (185007) | more than 5 years ago | (#26402001)

That is why I've referred to layers. It is just one layer of defense to try to keep people off the network to start. And not just layers, but also protection against a specific attack vector ... hopping on my network via wifi access vice punching through my firewall, or rooting my kit.

Re:Lame (1)

Scrameustache (459504) | more than 5 years ago | (#26400393)

Making sharing and redundancy illegal is ridiculous and as the summary suggests it doesn't help anything.

It helps the government keep an eye on everyone.

"Who said that about the justice minister?"
"That guy, we'll go fuck his life up now..."

But, you know, think of the children, if you don't give the gvmnt all they want, terrorist will kill jesus (or Rama, depending on what gets people emotional where it's being said)!

Bullshit (1)

GuloGulo (959533) | more than 5 years ago | (#26400629)

"It helps the government keep an eye on everyone."

HOW? This is the second time you've made that bullshit claim, and the second time I've called you on it.

Take your meds guy.

Re:Bullshit (1)

Idiomatick (976696) | more than 5 years ago | (#26401359)

He is referring to india's mandatory key logging program in net cafe. There is a growing concern in india that this will spread to modems or routers. As evidenced by government being comfortable to set rules with how you use your home internet (enforced wpa)....

Re:Bullshit (2, Insightful)

Belial6 (794905) | more than 5 years ago | (#26401537)

Your kidding right? The whole point and stated goal of mandating secure wifi is to stop anonymous communication. Did you not read the article? This isn't a case of the government claiming to do something different. This is a case of the government saying "we need to be able to keep eye on everyone." Did you read something else into the plan to require secured wifi?

Re:Lame (0)

Anonymous Coward | more than 5 years ago | (#26401221)

You sir are very trusting of your neighbors (and anyone in range of your wireless network). I personally would not leave mine open - only because I don't trust people. I would not want to deal with the hassle (and a big hassle it would be) of having someone connected to my network downloading child porn or something else illegal. I understand that they might not be able to show it was you. I understand you have logs - but none of that will stop the fact that someone comes to your door with a search warrant and hassles the heck out of you.

If "other people" could be trusted, I would also leave my wireless open.

Re:Lame (2, Informative)

interiot (50685) | more than 5 years ago | (#26402149)

Two problems:
  1. Wifi uses a shared-communications medium, so various attacks like DNS spoofing, TCP hijacking, etc. that people have stopped studying because they "went away" once everyone replaced their hubs with switches... Surprise! They're back. It's trivial to spoof DNS over wifi, which means it's trivial to do HTTPS man-in-the-middle attacks. This is the very reason that Firefox tightened up their self-signed SSL certificate behavior recently.
  2. Most home gateways have a layer2 bridge between the wifi and LAN networks, which means it's possible to do an ARP spoofing attack on the wired segment, which means that it's possible for someone on the wireless side to sniff traffic on the wired side.

Both of these issues have solutions (DNSSEC + IPSEC for the first, turning off bridging for the second), but the first is onerous enough that 99% of users won't do it, so having a "must use WPA encryption" policy is actually a good idea for in most cases.

Complexity... (0)

Anonymous Coward | more than 5 years ago | (#26402331)

It frustrates me that secured is become standard or in this case enforced.

I would leave my WiFi unsecured, but the truth of the matter is that I don't want to implement the same kind of border security on my LAN interfaces as I do on my WAN interface.

I suppose I could VLAN off a virtual AP, but I'm waaaay too lazy for that (not to mention slightly lacking in the skill dept.).

Fucking nazis (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26400161)

Remember the Nazis were a puppet state by Zionists who sacrificed 6 Million of their own people to rape the Middle east and steal all their oil money so they can kill innocent children who are not "people" because they aren't in the name of "God".

The Mumbai police will be taking your rights for "God" and all the profits will be given to the Rothschilds puppet "Al-Qaeda" who is really a scam to get your money

This "credit crunch" will lead to all Americans being converted to jews. Remember Jews made sure you paid your "interest" with pounds of flesh.

Those "shoes" that you "throw at puppet bush" are being made for by Jews.

This will also be modded down as troll by the bury brigade sponsored by the Jews who fund $lashdot.

Cybercafe scenario is bogus (5, Informative)

yelvington (8169) | more than 5 years ago | (#26400177)

Unfortunately, a gesture like this does not take into account the insidious scenario of walking into a cafe, buying a coffee and then (legally) using the cafe's wi-fi.

Wrong. You can't just walk into a cafe in Mumbai and use the wifi. You have to show a government ID (such as a passport), which is recorded, before you even get access credentials.

The point of this exercise is to shut down anonymous Internet access, which is illegal in India.

Similarly, you can't legally buy a SIM card for a mobile phone in India without providing identity credentials to the seller, who is responsible for recording the information for possible police followup.

Re:Cybercafe scenario is bogus (2, Interesting)

nurb432 (527695) | more than 5 years ago | (#26400363)

Yup, gotta keep those citizens down, or they might rise up and blow something up in protest...

On a more serious note, since they are so against anonymity do they also outlaw personal use of encryption technologies?

Re:Cybercafe scenario is bogus (0)

Anonymous Coward | more than 5 years ago | (#26401843)

hshhhhhh not yet!!! stop giving them ideas you fool.

Re:Cybercafe scenario is bogus (4, Insightful)

Scrameustache (459504) | more than 5 years ago | (#26400419)

You can't just walk into a cafe in Mumbai and use the wifi. You have to show a government ID (such as a passport), which is recorded, before you even get access credentials.

Exact. And since terrorists would NEVER steal a passport, it means that this will keep the children safe, and not at all only serve to mess with regular citizens while being a mere inconvenience for true criminal intents.

*sigh*

Re:Cybercafe scenario is bogus (4, Insightful)

Anonymous Coward | more than 5 years ago | (#26401807)

You're right. Nobody should ever check IDs for anything because they can all be faked.

In fact, why even have laws? Terrorists can just go around shooting everybody anyway.

Re:Cybercafe scenario is bogus (1)

yams (637038) | more than 5 years ago | (#26400749)

Well, these people are terrorists - they don't need to legally do anything. They don't even need to provide a good fake document - I know how diligent the SIM card dealers are. The terrorist can show a torn up copy of a fake ration card and walk out with a SIM card in 5 minutes. Some of these SIM card dealers themselves are very shady.

I doubt that any of these regulations will prevent good old me from getting a fake SIM card, let alone a well trained terrorist. I think we need to review our very approach to solving terrorism.

Re:Cybercafe scenario is bogus (1)

argiedot (1035754) | more than 5 years ago | (#26400767)

Similarly, you can't legally buy a SIM card for a mobile phone in India without providing identity credentials to the seller, who is responsible for recording the information for possible police followup.

It's funny though, it's illegal enough if you don't do this, but easy enough to get away with. Even today.

Re:Cybercafe scenario is bogus (4, Funny)

Kindaian (577374) | more than 5 years ago | (#26401371)

Okie... so...

1. Terrorists don't use satellite phones,
2. They don't use any kind of walkies-talkies,
3. And specially, they abide by ALL laws!

Re:Cybercafe scenario is bogus (2, Insightful)

westlake (615356) | more than 5 years ago | (#26402369)

3. And specially, they abide by ALL laws!

The smart ones do. The less attention you draw to yourself the better.

Re:Cybercafe scenario is bogus (1)

mdmkolbe (944892) | more than 5 years ago | (#26402059)

anonymous Internet access, which is illegal in India.

Thank you, that explains a lot. But now I wonder how on earth they made anonymous Internet access illegal. I mean really; are they also going to make snail-mail with no return address illegal?

Re:Cybercafe scenario is bogus (0)

Anonymous Coward | more than 5 years ago | (#26402467)

The point of this exercise is to shut down [strike]anonymous[/strike] [ins]FREE[/ins] Internet access, which is illegal in India.

That should fixed it.

Re:Cybercafe scenario is bogus (1)

IronChef (164482) | more than 5 years ago | (#26402791)

I've been worried that the US would begin looking at similar policies for a long time. I haven't caught a whiff of it yet though.

After the anthrax hoo-hah I was sure that we'd begin to see TSA-like procedures for the mail. Aside from mail to government offices being delayed for X-rays, though, nothing seemed to materialize. I can still put a package in the mail anonymously, which somehow surprises me.

Maybe we're not as dumb as I am afraid of.

Oops, I bet I just jinxed myself!

They're just trying to look busy. (0)

Anonymous Coward | more than 5 years ago | (#26400189)

It's obvious that police everywhere are technologically clueless, and are simply acting out of ignorance in an effort to appear to be doing something.

Forcing terrorists to use encryption along with the rest of the public would not appear to facilitate surveillance.

That being said, I'm in favor of anything which keeps the government's nose out of private communications, and this would be an inadvertent step inthat direction.

Anonymity will always be possible. Terrorists will take to writing on bathroom doors if they have to.

Product Placement? (0)

Anonymous Coward | more than 5 years ago | (#26400241)

"No word on if they'll be walking around using Kismet"

Why would they use that tool over myriad of other tools?

Perhaps if they used Kismet while driving a Nano listening to Abhimanyu and eating McDonalds I'd be interested in the story.

A bit short sited article ... (2, Interesting)

Jumperalex (185007) | more than 5 years ago | (#26400259)

Yes there are still going to be other ways for baddies to use the inter-tubes without being tracked, but limiting those access points can help. Instead of having a nearly limitless, and randomly distributed, source of connections they will now be funneled into a small set of access point which are also KNOWN access points.

Does this mean I agree ... I don't know yet ... but as with all security measures (both cyber and safety related) there is no such thing as a 100% solution. But we all know defense should be in depth, and each layer should be effective in accomplishing what it is meant to do. In many cases we all read about here, the proposed solution is nothing more than security theater, but shutting down the plethora of open wifi access points IS an effective way to limit the ability of bad actors (terrorists, kid-touchers, black-hats, etc) to access the internet at will; not a solution, but a factor.

As for law abiding citizens, since most of us use our own account anyway or walk into a cyber-cafe, and I assume few bother trying to use an insecure wifi, it really doesn't impact that much (well except when I'm at my sister's place and she has inexplicably jacked her wifi router forcing me to use someone else's wifi :O ).

I'm still not thrilled with the idea of the gov riding around with netstumbler looking for open wifi and then knocking on my door, but the idea of wanting to limit open-wifi is, imo, a good one. The execution is another issue entirely.

Now if you REALLY want to have fun thinking about it ... consider an area with known terrorists / suspects, you make sure all open wifi points are closed ... then you open your own as a honeypot ... BAM you get to see all their traffic ... well anything that isn't encrypted beyond the wifi encryption. It is a very effective technique to shut down all method of comms except one in an effort to intercept all comms.

Re:A bit short sited article ... (1)

wjh31 (1372867) | more than 5 years ago | (#26400477)

if all this means is you now have to pay a couple of roupees (or whatever it would be) for a coffee to get access, then it hardly limits the access points

Re:A bit short sited article ... (0)

Anonymous Coward | more than 5 years ago | (#26400673)

if all this means is you now have to pay a couple of roupees (or whatever it would be) for a coffee to get access, then it hardly limits the access points

In fact it does. It's not like cafes with internet access are on every corner, they are rare. These places also record your ID if you want to use the internet. Then you end up sharing one dial up line with 6 or 7 people. And it's not going to be a good quality phone 56K connection either, They don't wire to American standards.

Practically speaking getting internet access to send a message at a certain time would be a nightmare.

Re:A bit short sited article ... (1)

Jumperalex (185007) | more than 5 years ago | (#26400837)

Sure it does ... now instead of having the option either 1 free open anonymous wifi or a coffee house you only have the coffee house. A place that is KNOWN, and not exactly anonymous. Clearly this is not a 100% solution, but nothing is. The point here is to make it harder for baddies to get access without being noticed, tracked, or snooped. If you were law enforcement would you want to worry about a million access point, that you don't even know where they all are? or a few thousand/tens of thousands and are generally known? And then those can be better regulated as some other posters have mentioned in india you have to show ID. Sure it can be a fake ID but that means now you ALSO need a fake ID rather than just using any random open wifi.

Again, it is about making it harder, and easier to manage. Not about stopping it 100%. If every method of defense needed to be 100% we would do nothing. Millions of cars get stolen every year because it is pretty easy to smash a window and break the starter key lock. And yet we still lock doors and use keys for the starter. Why? Because a lot more cars would be stolen if the doors didn't lock and all cars started with just a button press. More importantly YOUR car will get stolen if YOURS isn't locked, has the keys on the seat, and everyone elses doesn't.

What it would do (1)

jesterzog (189797) | more than 5 years ago | (#26400285)

Unfortunately, a gesture like this does not take into account the insidious scenario of walking into a cafe, buying a coffee and then (legally) using the cafe's wi-fi.

No, but it would help to narrow down the places from where potential terrorists could anonymously communicate to a number of places that might be manageable -- which is closer to what they want. If most access points were secured, it'd be that much harder to find an unsecured access point in a place unlikely to be covered by police or cameras... especially terrorists who aren't that net-savvy, because most people aren't regular slashdot-reading geeks.

Even with the negative effects on public freedom which should be controversial (but keep in mind that India is a very different country from somewhere like the USA), the police are trying to make things harder for terrorists so they can't just do whatever they want to do with total simplicity. If it's necessary to go to greater lengths to do stuff, it becomes more and more likely that someone will make a mistake that'll be detected, and they'll get caught.

Not that this would stop terrorist attacks or stop terrorists communicating or (most importantly) stop people from wanting to blow stuff up in India in the first place. It's just another step in a game of whack-a-mole until people sort out their disagreements.

Re:What it would do (1)

Vellmont (569020) | more than 5 years ago | (#26401635)


the police are trying to make things harder for terrorists so they can't just do whatever they want to do with total simplicity.

You seem to have a strange view of the problem. This kind of system is doomed to failure. Does anyone _really_ think this will do squat to stop "The Terrorists"? "The Terrorists" will simply pick another means of anonymous communication. There's hundreds of ways to do that, and you can't stop all of them.

Re:What it would do (1)

jesterzog (189797) | more than 5 years ago | (#26402153)

Perhaps you could list a few alternatives that are easy for people who aren't technically inclined, which are generally foolproof, and which don't leave forensic traces that equipped police can follow.

Of course it won't stop terrorism. It'll just force them to do something other than what they wanted, make anonymous communication harder, and raise the chance they'll make a mistake. It'll probably annoy some people who have legitimate uses for unsecured access points, too.

AirSnort and WepCrack (0)

Anonymous Coward | more than 5 years ago | (#26400329)

Well, there's always AirSnort and WepCrack

I'm surprised that this sort of idiocy is coming from the same place that our tech support calls get routed to.

WEP might be pathetic... (1)

blindbat (189141) | more than 5 years ago | (#26400337)

...but it works.

I have seen routers that support wpa but some devices (e.g. my macbook) will not stay connected with that encryption.

I've seen this with other devices too, and other brand routers. Different implementations of a "standard" is a failure.

Re:WEP might be pathetic... (1)

wjh31 (1372867) | more than 5 years ago | (#26400445)

i agree, i use WEP on an ad-hoc to share internet to my girlfriend in the flat, and i can monitor the traffic from the computer to make sure nothing is awry, i use it over WPA for the same reason you list, and my parents use WEP with their router, again because some computers still seem unable to play nicely with WEP.

and to be honest, its not like WPA is uncrackable, and if someone knows how to get through WEP they can probably figure how to get through WPA in the end. I think that for most people, security on the home network its just to keep curious neighbours from stumbleing in, rather that over concern that some terrorist is going to be sitting in a van outside using their network to help execute their plans to destroy the world

Re:WEP might be pathetic... (1)

caffeinemessiah (918089) | more than 5 years ago | (#26401709)

and to be honest, its not like WPA is uncrackable, and if someone knows how to get through WEP they can probably figure how to get through WPA in the end.

This is incorrect. WEP has a well-known attack that uses statistical properties of captured packets to limit the search space of the brute-force search. With enough captured packets, it takes under a few minutes to crack a WEP key. WPA does not have this vulnerability, although some variants of WPA are still less secure than other. In other words, all you have to do to crack WEP encryption is put most cheap $20 wireless cards into "monitor" mode, capture WEP encrypted packets and with enough packets, crack the key in under a few minutes. Again, WPA is not perfect, but does not have such an easy statistical attack either.

All it takes is for you to watch one long YouTube video or transfer a relatively large attachment to capture enough WEP packets. I had included a link with the original story that was removed by Soulskill, here [google.com] . You don't even have to be "hacker smart" to crack WEP, just know enough to read a few articles, run linux and download a few pieces of software.

What's worse is that where I live, AT&T ships 2WIRE routers that only have WEP encryption with 40bit keys and no MAC filters. This almost guarantees that AT&T DSL can be easily cracked by someone with a laptop and the (freely downloadable) aircrack suite. That's something to think about the next time you're downloading a torrent... So, monitor your routers access log, set up a MAC filter, use better encryption if possible, or at least longer WEP keys -- nothing's perfect, but it each puts up one more obstacle.

Re:WEP might be pathetic... (1)

AceofSpades19 (1107875) | more than 5 years ago | (#26401833)

i agree, i use WEP on an ad-hoc to share internet to my girlfriend in the flat, and i can monitor the traffic from the computer to make sure nothing is awry, i use it over WPA for the same reason you list, and my parents use WEP with their router, again because some computers still seem unable to play nicely with WEP. and to be honest, its not like WPA is uncrackable, and if someone knows how to get through WEP they can probably figure how to get through WPA in the end. I think that for most people, security on the home network its just to keep curious neighbours from stumbleing in, rather that over concern that some terrorist is going to be sitting in a van outside using their network to help execute their plans to destroy the world

it might not be uncrackable, but if a guy on a laptop can't crack it in 5 minutes, then he is probably going to move on to a different target thats easier

Re:WEP might be pathetic... (0)

Anonymous Coward | more than 5 years ago | (#26403705)

WEP is easily crackable in under 2 minutes, fully automated. It's no challenge whatsoever and you should not rely on it for any type of security or piece of mind. Check out the aircrack-ng suite.

Personally, I crack any WEP encrypted network I find - if a user is smart enough to setup WEP they are more likely to have open file shares, etc for me to play with.

Re:WEP might be pathetic... (0)

Anonymous Coward | more than 5 years ago | (#26400649)

Same here.
I have a wireless(802.11b/g) AP/router that I got some time 2004/2005 (May 2005 at the latest) that with WEP stuff works fine.
If I turn on WPA it becomes hit and miss. Our Wii takes like 30 seconds to get something and sometimes doesn't(and I'm pretty sure 30 feet of air isn't the problem), makes web browsing on it annoying as wireless will go up and down.
Laptop on the outer edge of reception(45 ft horizontal, 15 ft vertical and 2 floors) worked with WEP, doesn't with WPA.
I think I was reading it was something to do with the slowness(as in CPU speeds and stuff, not Mb/s stuff) of the wireless stuff in that AP. The laptop logs show a time out occurring when I was in linux. Laptop works fine when I'm at school with WPA on. Yes, that was a thought that the WPA didn't work, but it works fine with WPA at school, when I have my desktop setup as an AP. I also tried moving closer to this old AP/router to get a stronger signal, but even sitting next to it didn't work.

Rubbish (0)

Anonymous Coward | more than 5 years ago | (#26400339)

Look, India isn't like America. For the most part it's a third world slum lacking basics like clean water, sewage treatment, or safe food.

Any kind of computer equipment isn't within the reach of the 'normal' population. Only the rich have such things. It doesn't matter about wifi over there, they have FAR bigger problems.

Re:Rubbish (1)

Skapare (16644) | more than 5 years ago | (#26402919)

There are villages with no running water or sewage, but do have wifi. They are already accustomed to the sanitation issues they have and know how to work around it. But they want access to the net because it means potential economic advancement.

Only fixing symptom not real problem (3, Interesting)

ldcroberts (747178) | more than 5 years ago | (#26400511)

Surely the fact terrorists have anonymous access to physical roads and footpaths is a bigger issue? If that was restricted it would make their intentions measurably harder to pursue.

This is Useless (4, Interesting)

yams (637038) | more than 5 years ago | (#26400541)

I think this is a big waste of time for the Mumbai police. If the terrorists can't send an e-mail with their threats, they will just send it by postal mail (just as they were doing before e-mail). Stopping them from sending anonymous e-mail won't stop the acts of terror. The Mumbai police should focus on investigating the actual attacks and preventing further attacks, rather than shooting the messenger.

Some people think that this can prevent them from coordinating their attacks, but I don't think so. Their attacks can be coordinated using various other techniques that may even be illegal - won't mention them, use your imagination.

Fundamentally, creating new rules will not stop terrorists - remember that there are already laws that prevent people from acquiring AK-47s & explosives. New rules will only inconvenience law abiding citizens - not terrorists.

Also, on another note - I don't like Times of India because they selectively prevent some comments from being displayed. I specifically mentioned this point in their comments and they have not published it, even after 2 days.

So who is going to secure the mobile network? (1)

Skinkie (815924) | more than 5 years ago | (#26400559)

What a non-sense again; now we limit wireless access, what about the 2G variant? Mobile telephones. Sorry this is a pathetic attempt that should be spoken out loud.

Re:So who is going to secure the mobile network? (2, Informative)

blueg3 (192743) | more than 5 years ago | (#26401097)

The point is to limit anonymous Internet access. Mobile phone communications are all tied to a particular mobile phone, which cannot be acquired anonymously in India (for appropriate definitions of "cannot").

Re:So who is going to secure the mobile network? (1)

Skinkie (815924) | more than 5 years ago | (#26401231)

I guess anyone can buy simcards (outside India), and GSM modems...

And suppose the measure works perfectly? (0)

Anonymous Coward | more than 5 years ago | (#26400563)

And it becomes impossible to send a bomb warning in India without being identified? The purpose of those warnings after all is to give people a chance of getting out of the building before the bomb goes off. Do the Mumbai police prefer that the bombings happen with no warning?

Good Luck with that! (4, Insightful)

Adeptus_Luminati (634274) | more than 5 years ago | (#26400593)

Newsflash: Mumbai has 17 MILLION people. Granted at most 500,000 have computers.

But still the level of computer literacy in Mumbai in police force is complete joke. Hey, their government offices don't even have computers.

I think the most ridiculous thing is that there's countless MILLIONS starving on the streets and now they are going to equip police with laptops to chase after unprotected WiFi signals?

Didn't they get the memo a few months ago that even WPA2 was cracked with Nvidia CPU/GPUs?

What are they going to do, enforce people to implement breakable security? Where's the sense in that.

Indian stock market is down over 60%, I think the police should be focusing their efforts on preventing civil unrest. And government spending their money far more wisely. People are starving everywhere you look in Mumbai, not to say the same thing in just about every other Indian city.

But that's just my 2 cents.

NOTHING is secure about Wi-Fi (0)

Anonymous Coward | more than 5 years ago | (#26400991)

Good luck. hahaha. I wouldnt use wifi if you had a gun to my head. They cant hardly secure wired connections yet. Good luck with that.

Re:NOTHING is secure about Wi-Fi (1)

blueg3 (192743) | more than 5 years ago | (#26401117)

You can secure both wired and wireless connections very well. It's just not convenient or cost-effective.

Security Theatre (1)

rlp (11898) | more than 5 years ago | (#26401109)

I suppose that's easier and cheaper than replacing the Mumbai police's ancient Enfield rifles and providing adequate weapons training to the police force.

It will never work... (1)

Kindaian (577374) | more than 5 years ago | (#26401299)

The messages can just come and go... and even if they are saved and stored... they will mean nothing... ..unless you are on the knowing of how the message is.

Seams to me that people just don't know anything about cryptography...

Alas...

So lemme get this straight (1)

willoughby (1367773) | more than 5 years ago | (#26401505)

You have a man with a rifle in his hands, two pistols in his pockets, and a backpack full of ammunition & explosives - and you want to cut off his internet access?

Let me get back to you on this one...

Re:So lemme get this straight (0)

Anonymous Coward | more than 5 years ago | (#26402079)

You have a man with a rifle in his hands, two pistols in his pockets, and a backpack full of ammunition & explosives - and you want to cut off his internet access?

It might stop him buying more weapons from ebay.

Securing hotspots too? (0)

Anonymous Coward | more than 5 years ago | (#26401879)

All internet hotspots with the ever popular web authentication are insecure..anyone can easily hijack the session of a paid/authenticatied user at any time.

Are the Mumbai police going to shut these down as well? Where does this nonsense end? Accept the fact that people can communicate instantaneiously with anyone they damn well please and deal with it!

When open WiFi is a terrorist tool (1)

Gothmolly (148874) | more than 5 years ago | (#26402083)

Then only terrorists will use open WiFi.

Nice try, Bombay police, but FAIL.

So (0)

Anonymous Coward | more than 5 years ago | (#26402823)

The terrorists used a Ford in their attack, so it we ban all Fords we should be safe?

keyloggers via wifi? (1)

Skapare (16644) | more than 5 years ago | (#26402891)

How do the keyloggers work via wifi when the terrorist brings along his own EEE or AAO, buys a cup of joe, pays for some wifi access, enters his passphrase to access his data partition, and proceeds to send out all the terror messages?

Security theater - Indian version... (0)

Anonymous Coward | more than 5 years ago | (#26403109)

This is security theater - the Indian version. Bigger BS than the American version.

The reason for securing the wireless access is to deny terrorists ways / means to send an email. The only time terrorists send email (which authorities trace) is after an attack / atrocity and some group claims responsibility. They claim responsibility by sending an email to media.

I have no idea how blocking access to internet will secure the nation or Bombay.

Blocking wireless, more stringent PATRIOT style rules (POTA in India) and other nonsense is window dressing...or putting band-aid on a wound without asking how the wound happened.

unsecured wifi has its uses (0)

Anonymous Coward | more than 5 years ago | (#26403249)

There are lots of legitimate and socially useful uses of unsecured WiFi purposely configured as such by the network's owner, and not all WiFi networks provide a connection to the Internet. It would be incorrect to force WiFi owners to use security if they don't want it.

They could say that whoever leaves their WiFi open would be liable in case someone uses it to do something bad, but this makes me wonder why should some networks be considered common carriers while others are not. Either all networks should be treated as common carriers or not, no matter whether they are run by an individual or an organisation.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>