It may be illegal in some places, it may not. Depends on how good your lawyer is and how wasteful of taxpayer money our prosecutor is.
One way to look at it is some guy has a piece of land with a 10 year lease and decides he wants a park, so he hires a contractor to build him a public park. It has no signs indicating that it's private. Lots of people use it and enjoy it but one day he sees you there and he doesn't like blacks so he calls the sheriff who arrests you for trespass. Another way to look at it is this guy leased a lawn but forgot to take down the "open lawn, lawn for rent" sign. You came and started digging up the lawn, knowing it was someone elses property and that custom dictated that you be gentle. Basically, if you checked your e-mail no jury will convict. If you downloaded iso's, it might make sense to plead no-contest to a misdemeanor trespass, probation is better than time. If you used the internet access as a springboard for copyright infringement, a crime or anonymous/unpopular speech, well then you will be charged with trespass and a half dozen other ill-fitting charges. The hope will be that you plead to a few of them so they don't have to hire private investigators or depend on their police force to actually prove a case against you. I would think the biggest threat is not from the county prosecutor or the law, but from the owner of the AP. While he's unlikely to go after you, if he just happened to have a "security" team around that detected your presense while being unable to secure the AP (probably because some VP can't figure out how to click on an icon and type his password), then they might convince him to go after you in court, which would be costly, especially if you go to trial and win. Mostly what that article about was promoting the the author who is somekind of "McDonalds College Security Expert" who thinks WEP has anything to do with security. It was an article in Computerworld after all; not a magazine for people with brains. -- Daniel On Wed, 30 Jun 2004, Jim Henry wrote: ]I disagree with thew author of that article in that it is not a crime to ]just connect to an unsecured wireless network (in the U.S.A. anyway) if you ]do not use the connection in a malicious way. If I'm mistaken I'd sure like ]to see the specific section of the law being violated. ] ]-- ]James Henry [EMAIL PROTECTED] ]AirPower Information Services www.airpower.com ]Stop SPAM dead in its tracks. It worked for us! ]http://spamarrest.com/affl?392504 ] ] ] ]> -----Original Message----- ]> From: [EMAIL PROTECTED] ]> [mailto:[EMAIL PROTECTED] Behalf Of ]> [EMAIL PROTECTED] ]> Sent: Wednesday, June 30, 2004 6:00 PM ]> To: [EMAIL PROTECTED]; [EMAIL PROTECTED] ]> Subject: [nycwireless] Confessions of a War Driver ]> ]> ]> Confessions of a War Driver ]> Opinion by David Ramel ]> ]> ]> JUNE 30, 2004 (COMPUTERWORLD) - I admit it: I'm a war driver. ]> Cloaked in ]> anonymity, I cruise the alleyways and byways of corporate America, ]> lurking, searching, probing for a weakness. ]> There! The telltale tone in my earphones alerts me to a potential ]> target. I quickly glance at my laptop in the passenger seat. No ]> encryption on this wireless network. It's wide open. ]> ]> I have the tools. I have the knowledge. Seizing the opportunity, I ... ]> do nothing. ]> To go further and actually connect to the wireless network I've found ]> would violate the cardinal rule of war drivers: Thou shall not access ]> another's network under any circumstances. ]> ]> "Don't do it," says war-driving guru Chris Hurley. Regardless of your ]> motivation -- to experiment, to prove a point, to show an admin his ]> network is unsecure -- "you're committing a crime," he says. ]> ]> Hurley, a.k.a. Roamer in the war-driving world, is the ]> organizer of the ]> WorldWide WarDrive (WWWD), a project in which volunteers armed with ]> wireless-network-detection software and GPS receivers map all the ]> networks they can find in a week. The war drivers compile statistics ]> that reveal where the networks are and whether or not they are using ]> basic encryption methods. They are trying to prove a point: Wireless ]> network managers need to take security more seriously. ]> ]> This year's event, WWWD No. 4, ended June 19 after locating 228,537 ]> access points (AP). Of those, about 38% had basic encryption, such as ]> Wired-Equivalent Protocol (WEP) or Wireless Application ]> Protocol (WAP). ]> Last year's WWWD found 88,122 APs, of which 32% had ]> encryption. Complete ]> stats are available online. ]> ]> Hurley is encouraged by the increase in the percentage of encrypted ]> networks, but he was looking for more. "I was kind of hoping for a ]> better increase, up to 40%," he says, but adds, "As long as ]> there is an ]> increase, you're happy." ]> ]> Hurley, an information security engineer working in the ]> Washington area, ]> became interested in war driving after Peter Shipley reported on his ]> fledgling war-driving efforts at the Def Con security ]> conference several ]> years ago. Since then, Hurley has taken over the annual Def Con ]> war-driving events and the WWWD in an effort to publicize the ]> vulnerabilities of wireless networks. ]> He points out in his book, WarDriving: Drive, Detect, Defend, ]> A Guide to ]> Wireless Security, that hackers can easily take war driving a ]> few steps ]> further and use freely available tools to connect to an unencrypted ]> network for free Internet access or to sniff out passwords ]> for complete ]> access. That would allow them to steal information or use the ]> network as ]> a base to launch future attacks. It's not much harder, he says, to use ]> other free tools to crack the notoriously flawed WEP ]> encryption scheme. ]> Even the more secure WAP is vulnerable to certain attacks. (Note: ]> Wireless hacking tools are detailed in the story "The ]> Hacker's Wireless ]> Toolbox.") ]> ]> "There are so many threats that you open yourself up to by ]> not securing ]> your wireless network," Hurley says. ]> And as Hurley and his war drivers have shown, there are a lot ]> of people ]> out there opening themselves up. ]> My own war-driving forays support his take on the sorry state of ]> wireless security. Using the free Windows application NetStumbler, I ]> consistently found more than 100 wireless APs on my 19-mile drive to ]> work -- before 9 a.m. Of these, typically about 70% aren't encrypted. ]> And about 44% are using their default Service Set Identifier, which ]> makes them more vulnerable to hackers. ]> ]> Of course, the nature of the terrain in my commute indicates that most ]> of these APs are on private home networks. Hurley believes that the ]> recent explosion in home networking is responsible for much of the ]> increase in networks discovered by war drivers. While these ]> home network ]> owners may not have corporate secrets to protect, they could ]> be leaving ]> themselves open to Internet access interlopers. Or worms or viruses ]> transmitted from the outside computer. Or worse. Hurley recounted the ]> November 2003 case in which a Toronto man was found in his car using ]> another person's wireless home network to download child pornography. ]> ]> While that man was arrested, Hurley pointed out that if ]> someone accessed ]> a network to download child pornography and then disconnected from the ]> network, the network owner couldn't prove that he himself ]> didn't commit ]> the crime. ]> ]> But it's in the corporate world where unsecured wireless networks are ]> the most dangerous. If you war-drive through any office park, you will ]> likely find lots of wide-open nets. Last Saturday, I did exactly that. ]> Few people were around, and nobody paid any attention to me, but the ]> networks were still running, letting me know they were available. ]> ]> News reports have detailed how a Lowe's home improvement store earlier ]> this month was attacked by wireless hackers intent on stealing credit ]> card numbers from the parking lot. And as far back as 2002, ]> researchers ]> revealed to Best Buy executives that some of their stores were ]> transferring credit card numbers over unsecured wireless networks. ]> During last month's Mobile & Wireless World conference, an Intel ]> executive mentioned that someone once wirelessly "snooped" ]> the e-mail of ]> 10 to 12 vice presidents in a company facility in Oregon. ]> ]> And those are just the hacks that have been made public -- companies ]> obviously are reluctant to talk about wireless security ]> breaches. Hurley ]> says he has heard of many other slip-ups that he can't talk about. ]> ]> So why, with all the publicity about wireless security, with ]> all the Web ]> sites, books, magazines, white papers, consultants and TV shows ]> detailing how to secure wireless networks, are corporate ]> staffers still ]> failing to take appropriate security precautions? ]> Hurley thinks it's overworked administrators who aren't ]> trained to work ]> with wireless networks. He says they are often just told by their ]> managers to put in a wireless network, and they do it as fast and as ]> easily as possible. ]> ]> And, he says, network administrators are supposed to make ]> sure that the ]> company's network is up and usable -- that's their main job. It's the ]> job of security officers to ensure it's protected from attackers. The ]> two job functions are often at odds. And many companies don't ]> even have ]> security officers, Hurley says. It all adds up to war drivers finding ]> thousands of unsecured networks, year after year. (To get a security ]> manager's take on the threats posed by unsecured wireless networks, go ]> to QuickLink 47059.) ]> ]> What advice does Hurley have for corporate America? First, he says, ]> decide if you really, really need a wireless network to begin with. If ]> there's an absolute business case that you do, and you put one in, ]> "basic security measure aren't enough," he says. "You need to ]> have some ]> secure form of authentication as well as a [virtual private ]> network] ... ]> so they are encrypting all their traffic through means other ]> than WEP or ]> WAP." ]> ]> The bottom line, he says is that network administrators should ]> "essentially treat your wireless network the same way you treat a ]> dial-up user." ]> ]> That's because there may be people out there who don't adhere ]> to the war ]> driver code of not connecting to networks they find. There might be a ]> curious journalist, for example, who wonders if he really ]> could connect ]> to those networks and get free Internet access. ]> ]> He might take his D-Link AirPlus XtremeG DWL-G650 Wireless Cardbus ]> Adapter and his Dell notebook and his free NetStumbler ]> software and find ]> out that it's incredibly simple to jump on someone's network and surf ]> the Web. ]> Then he might wonder if he really could see the traffic on these ]> networks. He might try a bunch of readily available tools and ]> find that ]> the trial version of CommView is one of the few applications ]> that works ]> with his card and allows him to actually sniff network packets. ]> ]> Then he might chicken out and erase all evidence of such illegalities ]> and proceed no further. ]> Others, however, might not. ]> ]> http://www.computerworld.com/printthis/2004/0,4814,94225,00.html ]> -- ]> "NEXTEL-1 IT'S NOT JUST NEXTEL" ]> Note The New address ]> Subscribe to Nextel-1: http://www.groups.yahoo.com/subscribe/NEXTEL-1 ]> ]> "NEXTEL2 FOR iDEN SOFTWARE DEVELOPERS" ]> Subscribe to Nextel2: http://www.groups.yahoo.com/subscribe/NEXTEL2 ]> ]> "WIRELESS FORUM HOMELAND SECURITY GROUP" ]> The Complete Resource for Wireless Homeland Security. ]> Subscribe to WFHSG: http://www.groups.yahoo.com/subscribe/WFHSG ]> ]> ]> -- ]> NYCwireless - http://www.nycwireless.net/ ]> Un/Subscribe: ]> http://lists.nycwireless.net/mailman/listinfo/nycwireless/ ]> Archives: http://lists.nycwireless.net/pipermail/nycwireless/ ]> ]> --- ]> Incoming mail is certified Virus Free. ]> Checked by AVG anti-virus system (http://www.grisoft.com). ]> Version: 6.0.712 / Virus Database: 468 - Release Date: 6/27/2004 ]> ] ]--- ]Outgoing mail is certified Virus Free. ]Checked by AVG anti-virus system (http://www.grisoft.com). ]Version: 6.0.712 / Virus Database: 468 - Release Date: 6/27/2004 ] ] ]-- ]NYCwireless - http://www.nycwireless.net/ ]Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ ]Archives: http://lists.nycwireless.net/pipermail/nycwireless/ ] -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
