Wardriving police: password protect your wireless, or face a fine

http://www.zdnet.com/blog/security/wardriving-police-password-protect-your-wireless-or-face-a-fine/6438?tag=nl.e539
By Dancho Danchev | May 14, 2010, 12:06pm PDT
Summary: Internet users in Germany, whose wireless networks are left password unprotected, can be fined up to 100 euros, according to a recent ruling by Germany's top criminal court. Just how realistic is the ruling, from a security perspective? Is a weak password protected wireless network, any different than the one with no password security at all?


Internet users in Germany, whose wireless networks are left password unprotected, can be fined up to 100 euros, according to a recent ruling by Germany’s top criminal court.
The ruling is in response to a musician’s lawsuit against a user whose unprotected wireless network was used for downloading and sharing music over P2P.
Just how realistic is the ruling, from a security perspective? Is a weak password protected wireless network, any different than the one with no password security at all?

“Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation,” the court said. Internet users can be fined up to euro 100 ($126) if a third party takes advantage of their unprotected WLAN connection.”

The ruling is not just missing the emphasis on the importance of strong passwords, but it also “doesn’t expect users to constantly update the security of their wireless networks“. Moreover, it’s not even building awareness on the fact how the choice of the encryption protocol, can greatly slow down a potential attacker, in a combination with strong password.
With GPU-accelerated WiFi password recovery speeds prone to increase over time, as well as the increasing availability of DIY cracking kits, emphasizing on the use of strong passwords in a combination with with right encryption protocol, next to basic MAC address filtering, is the right security awareness building approach.

The main problem with insecure wireless networks, is the fact that malicious wardrivers can easily forward the responsibility for their activities to the owner of the unsecured wireless network.
For instance, in 2008:

It became evident that a group of Indian militants took unethical hacking courses, and once learning the basics of wardriving, used the insecure wireless network of a U.S expatriate to send emails claiming responsibility for serial bombings that took place in July and September -
“Roaming around Mumbai with Wi-Fi detectors, the suspects looked for open Wi-Fi signals and programmed the e-mail messages to be sent from hacked wireless networks prior to the blasts, the Indian police said. The technique used by the militants is similar to “wardriving,” where hackers roam around to detect and access Wi-Fi networks with security weaknesses.”

The “wardriving police unit” is not a new concept. The first time I heard about it, was in 2006, when the Douglas County Sheriff’s Department was considering to scan for insecure wireless networks, and drop off brochures with instructions on how to properly secure them.
Three years later, Mumbai’s police started implementing the practice, in response to the abuse of insecure wireless networks by Indian militants:

Additional Commissioner of Mumbai Police K Venktesan told Business Standard: “If the Wi-Fi connection in a particular place is not password protected or secured then the policemen accompanying the squad will have the authority to issue a notice to the owner of the connection directing him to secure it.”The police could issue a notice under section 149 of the Criminal Procedure Code (CrPC) to anyone found not securing their Wi-Fi connection and user may face criminal investigations.

Again in 2009, the Australian police also planned similar wardriving sessions:

The Queensland Police plans to conduct a ‘wardriving’ mission around select Queensland towns in an effort to educate its citizens to secure their wireless networks. When unsecured networks are found, the Queensland Police will pay a friendly visit to the household or small business, informing them of the risks they are exposing themselves to.

Although the problem with insecure wireless networks is often greatly underestimated, the big picture has to do with the fact that, when there are hundreds of thousands of password-unprotected wireless networks, this well known fact allows malicious attackers to efficiently propagate wireless malware. Related studies done on the subject, prove just easy it is to execute such a malware campaign.
What do you think?
Does the “Wardriving police” concept have any future? Is your neighbor’s insecure wireless network setting up the foundations for a cybercrime-friendly infrastructure, or are there much more important issues to take care of first, before starting to drop off “Insecure Wireless Network Detected!” brochures?