Sophos Cloud Optix![SWAT team raids wrong home in open WiFi network mix-up [VIDEO]](https://nakedsecurity.sophos.com/wp-content/uploads/sites/2/2012/06/swat-team-thumb.jpg?w=250&h=250&crop=1)
Is your home WiFi network left open for anyone to use? Maybe this staggering story from America will make you think twice as to whether that’s a good idea.
After spotting threats posted online, a heavily-armed police SWAT team broke down the door of a house in Evansville, Indiana, smashed windows and tossed a flashbang stun grenade into the living room where an eighteen-year-old girl and her grandmother were watching the Food Network.
Can you imagine how terrifying it must have felt to have been in that room when the grenade was thrown in, and the house stormed by police with their guns drawn?
Oh, and just a small detail – the police had the wrong house. The home had an open WiFi connection, which meant that it could be used from an outside location.
The dramatic events were helpfully captured on video, as the police had invited the local news station to record the raid (presumably their intention was to show themselves in a good light, rather than making a massive goof).
I’m not American, and don’t live in America, so maybe you think I’m not entitled to ask this question, but I’m going to ask it anyway: What on earth is going on? Has the world gone entirely barking mad?
Okay, that out of the way – let’s get on with the story…
The somewhat rattled Stephanie Milan and her family were released without charge once the mix-up became obvious, and police looked further afield for the culprit who had posted messages like the following online:
"Cops beware! I'm proud of my country but I hate police of any kind. I have explosives π made in America. Evansville will feel my pain."
With a second suspect identified at a different house on the same street, police took a more softly-softly approach. This time not using a SWAT team or grenades, but instead using the tried-and-trusted traditional method of knocking on the door.
You would like to imagine that the authorities understand that many people still have poorly secured WiFi networks in their home, which can easily be exploited by people causing mischief, sending pornographic spam or even terrorist-related emails.
The Milans’ door and window are now being repaired at the city’s expense. And presumably the family are taking steps to secure their WiFi connection.
Hat-tip: Ars Technica
SWAT team image courtesy of Shutterstock.
What about unsecured networks in hospitals, etc? Our local hospital has a wifi network freely open for all visitors and patients to use. Is it safe to use those networks if they are freely open to all?
Apparently these types of police officers think flash mobs are what the cool kids do, so they're doing their own version with being flash banged.
Actual line from the story: "We learned about the reports after our reporter became aware of them." Well, that's enlightening.
You don't really have to be American to accept that very bad things could happen as a consequence of not securing WiFi.
So the girl had a slightly harrowing experience, but perhaps the SWAT team did her a huge favour. She might have been charged with a reputation-destroying offence, had someone else used that network to download indecent material. Or her bank account might have been emptied because someone was lifting packets off the network.
And breaking the windows and the doors of the home gave a door and window manufacturer and installer jobs, so why worry about domestic terrorism?
Maybe you don't realize just how many times in the US some overzealous "law enforcement" people have actually stormed the wrong home and shot people or caused other unbelievable consequences.
Not to mention that our Constitution over here is supposed to prevent this type of thing.
But then again, as each day goes by, I realize just how little the people sworn to "uphold and defend" the Constitution even care about it.
Michael,
Are you aware flashbang grenades used by police can and have caused fires and explosions resulting in the destruction of buildings and the death (as well as serious injury) of people inside or nearby the explosions or original fires? I say original fires because they can spread to other buildings, woodlands, meadows and other surrounding areas.
Has it occurred to you that firing a flashbang grenade into a home where it is apparently presumed explosives may be stored under these circumstances is an extremely irresponsible action and threat to public safety, to put it mildly?
Did you notice the statement the police later went to the correct address and made an arrest by knocking on the door (and presumably serving a search warrant and/or an arrest warrant)?
Do you truly believe this was merely "a slightly harrowing experience"?
Are you being sarcastic or serious in stating perhaps the SWAT team did the girl a huge favor by potentially killing her and the other members of her household because possibly in the future someone might have used that network in a manner causing her to be incorrectly charged with some crime or allowing her bank account to be pilfered?
OK, I DO live in America and can attest that this is NOT the usual protocol for police. I am happy for you however that no such thing ever happens in the country in which you live…. or does it? It's so much easier to point the finger and turn it political though isn't it? Go ahead and ask the question, but don't assume this is going on all across this huge country. Granted there are police departments with bad leadership, but keep in mind they are paid employees of the CITY, not the country. At any given time how police adapt policy or behaviors will depend on who is in charge of the city at the time and who is heading that police department.
I've had Los Angeles County Sheriff respond to a trespass report around my home only to have them come down like SWAT on my home and insisting on access to it, which I was afraid to refuse even though they have no right to entry without a warrant.
Why did they do this? All I did was call them to investigate if there was a peeping Tom in the immediate area, a legitimate concern at 11 pm combined with sounds of footsteps outside! At the time a friend was on Skype speaking through speakers who made noise and I thought they were going to attack my computer. By the time they left they realized they raided a concerned citizen and die hard computer geek, but the damage was done. They scared me inside our home to within an inch of my life! My wifi wasn't open or insecure, that's not what it takes to set some over reactive cops off, but they certainly went out of their way to show how much they resented being called to do their freaking jobs….. didn't they?
If they can't protect us and children from potential predators and only show up after we're raped, injured or dead, what good are they? These incidents need neutral methods of being exposed without police interference to hide blunders and hidden activities…violations of rights, but it's a double edge sword. We want them around when we need them. These people in the story were lucky they brought cameras to record this incident. All I had was a friend on Skype to witness their attack, and I to this day believe it was the only thing that stopped them from further abuse…. but it was far from the norm. Granted it was a shock for someone living in a high end gated community, but they treat those living in them as if we don't have same right to protection as the rest of the city. Because a community is gated does not mean it's free from predation. In fact, once a predator picks up on these attitudes, it gives the ill intended free rein to stalk an area.
I think all countries have similar incidents and possibly worse, it's not as if the USA is alone in them… but it made a great story didn't it?
Lynn,
It's standard protocol to check the house of a 911 call. The police have no way of knowing if the person who answered the door is the person who made the call and they have no way of knowing if anyone is in distress. They have to check it out.
Next time instead of calling the police you should get your shotgun and a .45 automatic and turn on the 1000000c Halogen Spotlights. Then get on your bullhorn and tell the invader he's about to get an ass full of double-aught and a couple of .45s thrown his way if he doesn't GTFO right now. You shouldn't have too many problems after that.
You see all you "non Americans", THAT'S why I live in America. I don't HAVE to call the police. I have my Smith&Wesson. That's protection enough.
And I turn up with my RPG………… what good’s your Smiff & Wotsit now?
I’m afraid that I’d rather have an over reactive Police who keep me safe than another 9/11………..
You have far too many questions… didn't they? didn't it? does it? isn't it?
Grow some confidence.
Outsiders using a family’s open Wi-Fi connection can also sniff data being sent on the unsecured network, as we now all know courtesy of Google’s StreetView cars…
Given ISPs can remotely reconfigure routers, surely ISPs should be (a) ensuring all Wi-Fi routers they send out have WPA2 enabled by default, and (b) remotely turning it on for those who were shipped the routers before (a) became standard (albeit with sending them clear instructions on how to get their computers to talk to the router via snail mail in advance)
Maybe if you are unable to secure your own wifi router, you shouldn't have one. It is time people start thinking for themselves. It shouldn't be big brother's job to think for you.
Why should the victims in this story have to bar themselves from providing public access while McDonald’s, Starbucks, Panera Bread and the city of Evansville itself has free public wifi hotspots?
If I want to allow a guest in my home to have internet access without having to ask me for a password, why is that a bad thing?
The “everyone needs to secure their wireless” argument irritates me because it assumes everyone with open wifi is completely clueless and probably isn’t even aware they are open. In fact, there are those on the far other end of the spectrum that know exactly what they are doing and choose to go unsecured willingly. Away from our unsecured home wifi, we may even be in charge of PCI compliance for some of those merchants with open wifi hotspots.
Bruce Schneier (who has kept open wifi at his home for years) and the EFF are both advocating for an open WiFi movement.
https://www.eff.org/deeplinks/2011/04/open-wirele…
http://www.schneier.com/blog/archives/2011/04/sec…
Why don't they just go to the house, sniff some packets and check out the MAC address? Every single piece of hardware that talks tcp/ip has a unique MAC address which is assigned at the manufacturer. The MAC address is transmitted with every tcp/ip packet. You could probably trace the sale of that particular piece of hardware based on a MAC address. It seems they should have called in the FBI and done some actual forensics before just storming into those poor peoples home.
The police had done an investigation which concluded that the threats had been sent from an IP address belonging to that home, so they stormed the home — checking for unsecured Wifi never came into it.
After discovering that the local residents often had unsecured Wifi (likely by default from the ISP), they were much more careful when investigating further locations.
Software can lie about MAC addresses. Hacker toolkits make this trivially easy.
Furthermore, there have been manufacturing mistakes where 2 (or more) NICs with identical MAC addresses have been sold.
Not only that; I personally own at least two devices (one phone and one tablet) that allow me to manually edit at least part of the MAC address.
MAC's can be spoofed just like IP addresses can. I think anyone that uses the internet should have their MAC registered to a particular user, like a registration plate is, and it should be made illegal to spoof a MAC address.
You forgot to mention that the front door was wide open, with only a screen separating the officers from the inside of the house. And they could see the 18 year old watching TV.
I am an American, living in America. What's going on here is pervasive, and though questioned and abhorred continues unchecked. Our police forces have eased through para-military and become completely militarized. I've not heard of anyone studying the why, which is a pity. To Serve and Protect has been replaced by To Bully and Abuse. Tasers and pepper spray are commonly used to break up non-violent demonstrations, like sit-ins. Police commonly explain shooting someone by claiming it looked like the victim was reaching for a weapon. At some point in the not too distant future, one of these "news reports" of mistaken overwhelming force will include the news of injured or killed police, who raided the home of gun wielding, NRA card carrying people who always said they'd need their weapons for self defense.
My impression is that life is no different in Europe. I think I know, anecdotally, that England is like this, if not all of the UK.
This is really not an “unsecured WiFi issue,” but rather a serious issue with the way the police responded. Just consider the chances of the victims being shot either accidentally or because they reacted “threateningly” to the surprise of the flash-bang.
Also, the threats showed in the video did not in any way threaten the families of cops.
I live in Evansville, I would suggest that this should have been better handled. I am all but certain the force used was measured against the fact that the threats were levied against the families of police officers. I am in no way condoning the outcome nor the behavior, however… What do people expect from people? The cops are people and people over-react when it comes to their family members being threatened with death and or dismemberment. I can tell you that Evansville is not a place where violence reigns, yet as temperatures rise and meth labs pop up and threats and stress rise with the mercury the punishment will not always fit the crime, nor will cooler heads prevail.
So – I think that we find ourselves in the realm of, "Save Thyself"; that is ensure that you cannot be exploited and guard every aspect of your residence for you cannot be sure whther a Peace Officer or Judge Dredd will visit your home to serve papers.
I'm not american and not even think in live over there, In my opinion this is very overdone action, why they not just sniff the telephone lines, or listen for about two or more days the conversations in the house its pretty simple to identify a terrorist between a young girl and his grandma and a crazy guy who talk about bombs, USA lives in paranoia.
It occurred to me that RAIDING AN INNOCENT FAMILY HOME WITH A SWAT TEAM is the exact type of overbearing aggressive behavior that makes regular citizens begin hate police in the first place, and in fact reinforces such a position rather than makes them look like heroes.
As well, it turns out that attempting to use controlled media as a tool for pro-militant behavior can backfire on you… especially when social media gets a hold of the story without the slant they expected and spreads it around like wildfire.
Given that America is a very litigious society I fully expect the police in Evansville will be subject to a multimillion dollar lawsuit as a result of their mistaken raid. They're just lucky that they didn't give the grandmother a heart attack–then they could have been up on murder charges. This isn't so much an issue of an unsecured wi-fi network as it is an issue of the police not properly investigating (step 1, check if the location you're raiding has an unsecured wi-fi before throwing grenades). Perhaps the police there need to do more detective work and less military operations.
Wow!! What a frightening situation. Most wireless routers from Linksys, D-Link, etc. all come with the security turn off by defaults with default SSID and admin username and passwords. The reason they’re configured that way is for marketing reasons. Simplicity sells. This allows people to connect their broadband connection to these routers and be up and running immediately. They don’t bother to read the manual or turn on the security. Clearwire mobile hotspots come with a password, and a default SSID, but I recommend changing the defaults to something less obvious. However, it may be illegal to share your broadband connection, as it may violate certain laws. Please secure your router by using WPA2 passwords (strong ones), and changing the admin password to keep people out.
This is why Amurca is known as dumfukistan, cause u tolerate such complete incompetence and brand it as some how good or right. Whoever sanctioned the raid should be severly punished and jailed.
The (first) flashbang scared the crap out of the camera person who was some distance from the house! (Watch the video again if necessary, especially the slow motion at the end.)
Can you imagine what that must have been like INSIDE THE HOUSE? I can't.
"Cops beware! I'm proud of my country but I hate police of any kind. I have explosives π made in America. Evansville will feel my pain."
Um, where is the threat?
I have explosives too. I will set them off in five days. Hint; they're fireworks.
What really gets me and it will piss you off too if you pay attention is when they said the windows are being repaired at the expense of “the city”. Translation = City TAX PAYERS are paying for this f*** up. Why should hard working, law abiding tax payers have to pay for over kill by the police department. If this was a raid and the supposed suspect was clueless about it then he would’ve never known it was coming. Therefore NO NEED to break windows and set off grenades. They should have just knocked and entered the premises. THERE IS AN UNSEEN CRIME HERE. IT HAPPENED WHEN THE CITY STOLE MONEY FROM TAXPAYERS TO PAY FOR THEIR ABUSE OF POWER.
Issue of "no secure wireless router" is still there. With the exception of the rare events (duplicate MAC addresses, etc.) that family got the extreme response of not securing their hardware. Yeah back in the 1950's folks went to sleep and their front doors were unlocked. If you ASS.U&ME…..
Back in France it's an offense to not secure your Wifi, see HADOPI law… So I'm not surprised to see how it works in the US.
Ron Paul= Less Government
Ron Paul = roll back of Civil Rights legislation, too
Probably not the best thing to do considering how minorities are still overwhelmingly targeted by law enforcement.
So they got it wrong, who doesnt make mistakes now and again. Better they investigate and get it wrong then to not investigate at all.
If only America was a democracy… these armed cowards would be locked up for several years and kicked out of the police. Shame America a 'liberal' dictatorship, just like the rest of the West.
They reason the police abuse the power they have is because they have that power in the first place. The assumption that they won't abuse it is the universal fallacy upon which all "government" by state coercion is based.
If the only lesson that readers take away from this "goof" is that they should secure their wireless networks, OK…great. so that's one less opportunity for the goon squads who are supposed to be protecting us to treat us like we're the enemy. That's a maddeningly myopic response. What about the infinite number of other ways they can (and do) abuse their power?
The "system" isn't just broken; it's irreparable. The notion that you can give the power to deprive you of your life, liberty, and property to others and expect them not to use it is insane.
There have been multiple suggestions for the victims of the raid to use WPA2 and secure their WiFi. But think that suggestion through for a sec…
Suppose they DID use WPA2, but with a guessable password or one that somehow leaked. How much harder would it be to prove innocence? What if it was a 20-something guy and not an obviously innocent grandmother + 18yr old girl? With WPA2, he'd be in a cell until the forensics dept finally finds no evidence on his confiscated computers/phones/tablets. Maybe longer if police still refused to believe someone other than him could have guessed a "complex" password of "ARodNY13". With an open AP, plausible deniability could bring the police to their senses and get an innocent man out sooner (or at least give his lawyer something to work with).
My home wireless is unsecured just like my local coffee shop, McDonald's, library, etc. If I require security, I'll use SSL VPN or move to a wired connection. Until I see local business owners having their shops raided – and successfully prosecuted – for having unsecured wireless, that's how mine will remain.
total bad reporting…lots of info but no logic to it at all in the way you reported it…we expect more than a scolding…
Anyone that reads your articles most likely already know about securing wifi systems.
Police raiding the wrong homes happens more often than some realize…most of the time due to 3 main reasons…1. A judge that loosely just signs off for the raid for some raid happy police dept. to take place and doesn't demand more proof to qualify the raid…and 2. the raids gets approved because the evidence given the judge is falsely presented.3. Google Maps, Microsoft maps, poor bookeeping by the telecoms.
Bet ya 10 to 1 that the telecoms gave the police dept this wrong address, due to the IP address attached to the threat.
Most raids do not happen because of reasonable doubt…Searchs do…this was not a search.
More of these types of raids have taken place in the US due to the "loose" interpretations allowed for "homeland security" laws since 911. It's the "other" privacy problem.
I have been through a SWAT team invading your house type event. Thankfully, it was back in the 90s before the big no-knock craze started.
It was scary as hell to answer the door and have a bunch of weapons drawn police swarm into the house threatening to kill your dog and telling you to get face down on the floor.
They didn't do any damage to the house but they also didn't find what they were looking for: my step brother. He'd moved out two weeks earlier.
I can understand SWAT knocking on the door and rushing in to secure the scene.
For anything else they had better be damn certain. I wonder if the news station has run a follow-up story about the mistake. It would be a great time to remind watchers of the importance of securing your WiFi; it would be a make lemonade of of lemon situation.
Sorry, but I would be going after a whole lot more than just getting my broken doors and windows fixed. Evansville, Indiana would be paying me a whole lot of money and some cops would be out of a job. This was totally ridiculous.
oh no worries dennis, i am sure that the girl and grandmom have already retained the services of an attorney. after all, this IS amerika, land of the "no slight is too minor for a possible law suit payoff". don't get me started. the general public has become so dumbed-down at this point people throw their litter out of cars in any neighborhood and they love to leave their garbage on the busses and BART trains. there's no such thing as civility anymore. very sad but oh so true. i hope it's better over in europe.
Here is an update to this story – http://www.14news.com/story/18928310/fbi-arrest-e…
first off: @rvasquezgt ·proper grammar would be "young girl and HER grannie". you're quite welcome. next: i sure hope they catch the wanker that made those statements.
as for my home security concerns here in my apartment in tech savvy san francisco,
my "free with self installation of DSL" router from AT&T only has WEP and just to be safe i only connect with my ethernet cable and never use the wireless connection. of course that means i am stuck here within three feet of the blasted router but i sure
sleep better at night. if anyone has any solutions other than buying a better piece of techno-appliance i am all ears. thanx
Most of the incidents of improper raids are initially caused by some individuals lack of knowledge of computer hardware and the tools used by many hackers / teenagers to avoid detection. One such technique is Mac address spoofing, available on most routers and some network cards as an option recently. They can spoof or imitate any Mac address a person can detect.
Police however don't really have access to that kind of information and if they did would probably quickly dismiss it as a high-tech fantasy. From what direct contact I have had with these action heroes they crave some actual excitement not normally experienced in their slow paced and boring jobs. It is not too hard to imagine how easy it would be to get caught up in the possibility of raiding a house and catching a "bad guy" for once in their lack luster lives. And to rush to "judgement" as a matter of fact in presenting the facts to an also bored District Attorney or Judge that hasn't had any real media attention of late. So in fostering the action hero mentality for the local TV station they all collude in the fantasy of catching a bad guy and subsequently violate both Civil law based on loosely assembled facts and common sense by not checking with someone capable of understanding both "WIFI WAR DRIVING / HACKING" and local options available to anyone in the immediate area. There are lots of ways to spoof both the IP addresses of the routers as well as the MAC addresses, with WEP or WPA enabled. Making the subject of how Wireless security was at fault MOOT, as any self respecting wireless junky would know how to avoid detection.. and consequently anyone of average intelligence (even COPS) would know to double check the area for an OPEN network before endangering Women and Children by charging in half cocked to terrorize innocent P E O P L E. NOT! Too much power always corrupts!
The laws passed in the last 10 years gave the POLICE / MILITARY the right to raid anyone's home that they feel like and WANT to make an example of. Even Obama has signed into law siting terrorist as the excuse, anyone having more than 2 weeks food stores in their home. Or anyone having what can in the future be labeled as a "terrorist weapon" you know like a computer! π And maybe "Republic has become the very evil we have been fighting to destroy?" under the disguise of Democratization. STAR WARS! YEAH THAT'S THE TICKET….
Maybe this ain't the country we grew up in anymore, maybe this is the very evil reactionary power happy and fear based government we have been fighting for the last 10 years. Maybe we have a ROGUE state that has no room for human rights or equality under law.
For lacking the truth a people will accept anything that fills the bill…
If you give killers the the weapons, flood them with praise, make them feel infallible and then give them permission to do what ever they please, just what other out come would you expect!
You should do your homework people, ignorance is not a good excuse.
@horton
Well protect and serve are general terms. I'd like to believe (since police dept run off numbers and statistics) that they have made more legit busts than mistaken busts. Like the other guy said "better to be sure."
I also like how some of you live on the edge not securing your routers.
Ok so if they had explosives in the house why would you throw a flash granade into the house. Sounds like protocol needs to be looked at here for sure.