Thorn

lullabud,
That's a very broad statement, which may be true in some places. However, it is not true in all places.

For example, the law here in VT quite plainly says that it is illegal. I would say that it is highly likely that it is illegal in other places.

Cheers,

__________________
Thorn
"I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

lullabud

i don't see how it can be illegal to walk by somebody's house with your laptop running windows XP. it'll jump onto the network wether you like it or not with a default installation, which means that 90% of the people who buy laptops would be breaking the law out of the box without even knowing it. at least it's not a felony unless you cause $5k in damage...

blackwave

ignorance of a law does not dismiss one from the law.

theft of services can be serious when proven, which is what one is doing when accidentally jumping on an unauthorized network even when it is just sitting out there...

chances are that even though one may technically breaking the law and it is improbable that one will ever get caught, it is still technically illegal, and probably should not be practiced, because of the fact it is illegal...

In some states including CA oral copulation is illegal... but I haven't seen too many people being booked for these unless of course one was caught for solicitation or prositution...

The laws don't have to make sense, especially to the masses, and especially when most of the masses don't vote, and therefore allow these laws to take place...

In short, be careful.

__________________
-=BW=-

lullabud

ok then, let's sue microsoft for putting hacker software which defaults to making us commit illegal acts without our knowledge into their OS. if what you're saying is true then we'd win. but really, it's a grey area... and you're right, "ignorance of the law is no excuse" is what every lawyer will tell you. however, what i'm saying is this. you're not stealing bandwidth. you're not stealing anything. dhcp is an invitation. just like it could be illegal to accidentally stumble on somebody's network with built in XP features it could contrarily be very completely legal due to built in DHCP features of the router. i mean, it does take 2 to tango... without an open invitation to join the network then the XP functionality would be null. isn't ignorance of the gaping holes in your network no excuse for being "violated" when somebody accidentally stumbles your network? i'd say it's neglect... the same way it wouldn't be illegal to pick up money you found on the street if somebody was walking down the sidewalk with a bag of money that had a hole in it. the same way it's not illegal to listen in on CB radio conversations that take place over the public CB band, as 802.11b is public. the same way music artists can't sue you for listening to your neighbor's music really loud because you didn't buy the cd, you can hear it wether you like it or not. your participation in recieving the broadcast shouldn't determine wether it's illegal or not, it's broadcasting all the same. the same way you can't sue somebody for overhearing you while you talked about private matters loudly in a public place. we're talking about a broadcast invitation onto a network that is within a public band. i shouldn't get arrested for somebody else's neglect of their own well being or the well being of their resources when i accidentally partake of it, or even willingly partake of it. that's like a girl running around naked at her house with the windows open or even outside and when somebody walks by and notices she sues them for voyeurism.

my view is that the first attempt you make to get onto a network that didn't broadcast dhcp info, is secure or not offering to the public (ie: any mac address) then you are breaking the law, but until then it's an open invite wether they know it or not.

blackwave

lullabud, as it stands right now at this time the only person that would go to jail would be the person using the freely available tools to jump on the freely avaiable network... though the laws are changing where liabilities are now being made to those who create those tools and to those who misuse, and misconfigure those tools, to those who are just plainly ignorant of their non-security...

so maybe in the future a hacker could theoretically sue someone who left their system misconfigured and thus open, and perhaps this caused the hacker to get into an accident while driving... silly as it sounds the tides may turn this way in time...

Currently the pressure is on the hacker, the hacker goes to jail. period.

Don't get caught.

__________________
-=BW=-

Dr3D1zzl3

breif synapsis of laws pertaining to or potentialy pertaining to stumbling.

Mind you these are all federal laws so they apply to everyone!


18 U.S.C. 1029.(a)(7) knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a telecommunications instrument that has been modified or altered to obtain unauthorized use of telecommunications services;

This would apply if a lawyer could make a case that the networkign equip can be considered "telecommunications device" which wouldnt be that hard to do.


18 U.S.C. 1029.(a)(9) knowingly uses, produces, traffics in, has control or custody of, or possesses hardware or software, knowing it has been configured to insert or modify telecommunication identifying information associated with or contained in a telecommunications instrument so that such instrument may be used to obtain telecommunications service without authorization; or

Hmmm nuff said on this one. pretty simple to make a case using this law. Once again hinges around what a telecomunicatiosn device is.


Penalties for these offense are

(c) Penalties.--
(1) Generally.--The punishment for an offense under subsection (a) of this section is.--

(A) in the case of an offense that does not occur after a conviction for another offense under this section.--

(i) if the offense is under paragraph (1), (2), (3), (6), (7), or (10) of subsection (a), a fine under this title or imprisonment for not more than 10 years, or both; and
(ii) if the offense is under paragraph (4), (5), (8), or (9), of subsection (a), a fine under this title or imprisonment for not more than 15 years, or both;

(B) in the case of an offense that occurs after a conviction for another offense under this section, a fine under this title or imprisonment for not
more than 20 years, or both; and
(C) in either case, forfeiture to the United States of any personal property used or intended to be used to commit the offense.


Gees should have read ahead a bit more. here are some definations of what some of hte terms used mean.

(e) As used in this section--

(1) the term "access device" means any card, plate, code, account number, electronic serial number, mobile identification number, personal identification number, or other telecommunications service, equipment, or instrument identifier, or other means of account access that can be used, alone or in conjunction with another access device, to obtain money, goods, services, or any other thing of value, or that can be used to initiate a transfer of funds (other than a transfer originated solely by paper instrument);

(2) the term "counterfeit access device" means any access device that is counterfeit, fictitious, altered, or forged, or an identifiable component of an access device or a counterfeit access device;

(5) the term "traffic" means transfer, or otherwise dispose of, to another, or obtain control of with intent to transfer or dispose of;

(8) the term "scanning receiver" means a device or apparatus that can be used to intercept a wire or electronic communication in violation of chapter 119 or to intercept an electronic serial number, mobile identification number, or other identifier of any telecommunications service, equipment, or instrument

(9) the term "telecommunications service" has the meaning given such term in section 3 of title I of the Communications Act of 1934 ( 47 U.S.C. 153);

(11) the term "telecommunication identifying information" means electronic serial number or any other number or signal that identifies a specific telecomunications instrument or account, or a specific communication transmitted from a telecommunications instrument.



I wont cut and paste any more

lullabud

hacker shmacker, we're talking boxed XP software that a 6 year old could use.

as for the telecommunications stuff, "instrument that has been modified or altered to obtain unauthorized use" doesn't sound like a wi-fi network that invites you on. if it was unauthorized it wouldn't broadcast dhcp to anybody who walked by with a wi-fi device.

"insert or modify telecommunication identifying information"... oh, you mean is wi-fi certified? all you need is a mac address folks, so if this is the case we're all guilty because we all have "controlling custody of" said devices.

not that he's a lawyer, but i just talked to one of the senior 802.11 hardware engineers here at actiontec and he's in complete aggreance with me.

blackwave

In the end, all the judge sees is someone who infiltrated a system.


Good, call him to bail you out

__________________
-=BW=-

lullabud

5|<r1p7 |<1dd113 5|-|/\/\1p7 |<1dd13 ;-)

you know, i wouldn't mind being the example case for the court system's decision on the legal boundaries of 802.11. i stand firm behind my views because i have logical reasons for them. besides, if i lost i'd just sue apple for giving me and enabling hacker tools, the airport utility, which is how i first stumbled a network on accident outside an OSX demo.

blackwave

I think in this day and time it is dangerous to get thrown into the legal rigamarole, especially with WOT, US Patriot Act, Millenium Act.., and terrorism being thrown around for getting into a wrong system, even by accident. Also seeing that getting prision time for being smarter than someone else probably isn't worth it, I would suggest to build the ninja-invisible-stealth skills first before trying to hone the 802.11b infiltrating skills... then at least you wouldn't get caught

the 90's were fun, but those days are over Or are they ?

*NOTE: For informational and educational purposes only...

__________________
-=BW=-

lullabud

what is really lame is that the people who are usually in charge have no clue, which is why i don't have a problem breaking dumb laws. so much of the headlines these days are ridiculous, like this 13 year old kid in walnut creek who just got 2 felonies for shooting another kid in the eye with a spitwad. it wouldn't suprise me if everything i've tried to back up is illegal due to loopholes and shit, but it's lame. if somebody can't accept responsibility for their inadequacies, like the ability to secure their own home network, then they're just following suit of the american legal cushion for a degenerative, manipulative breed of money hungry idiots who have good lawyers that fight for stupidity and all being ignorant stands for. spilled hot coffee, cracked flawed encryption, it's all the same... how are we ever going to make progress if progress involves "illegal" activities? cracking e-book, or DeCSS for example... here's a good link for legalities of the DMCA, a nice perspective, i think might have dropped this in here before...

http://math.berkeley.edu/~benrg/copyright-dmca.html

Thorn

Hey guys, I didn't mean to start a flame war here! I merely wanted to point out that the statement regarding legality might not apply everywhere.

A couple of points:
1) Yes, XP lets you connect with little or no effort. The FBI said before its release that because of that fact alone, it made it a "hacker's dream." (Or words to that effect.) They recommended against that feature being enabled; MS decided to enable it anyways, as a "User Friendly" setup. (Read: help the clueless users out) But just because you CAN do something, doesn't mean you should. After all, personal responsiblity does play some part here.

2) There is a important word in all these laws: INTENT. This must be proven by the prosecution as an element of a crime. So if you accidently connect, there is probably no foul. Staying connected, well, that's probably a different story... Arguably, by staying connected you have at least some intent to use the system/network.

3) DHCP doesn't give you authorization. If I setup DHCP as a user friendly aid for my regular network users and don't take other security measures (through ignorance or stupidity), that still doesn't mean I'm "authorizing" any Tom, Dick, or Harry to waltz in and use the network. All it would take to prove that is a simple statement to the police/prosectution from the sysadmin: "Mr. Ima Cracker is not an authorized user of the XYZ Corp. computer network."

Disclaimer: As I've previously stated, I'm not an lawyer. I have had some limited legal training in the past, but if you get arrested for cracking somebody else's network, you had best call a lawyer licensed to practice law in that jurisdiction.

Cheers,

__________________
Thorn
"I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

lullabud

not to beat a dead horse or rekindle the flame, but i'm working late with a bunch of guys testing some new router firmwares and one of the owners (~30% share holder of our private stock) started talking, without me saying a thing, about the legalities of "ANY" and how SSID's are handled and the 802.11b spec. he pretty much said what i was saying... but he's from asia somewhere originally and he said "in america you can sue somebody for anything". heheh... thought that was funny, because it is really ludicrous, the things you see in headlines these days...

db8tr

Last night I was out stumbling and ran into a DUI checkpoint. When the officer came to my window and saw all of my gear on the seat next to me plus the antennas on the roof, he looked at me like I was up to no good. After figuring out that I was not drunk, he asked me what I was doing with all of my equipment. I told him that I am an amateur radio operator (which is true) and that I was out testing my new equipment. He immeadiately became at ease, told me to have a great night, and waved me through the checkpoint. Where I live (in Kansas) Law Enforcement generally has a good impression of hams since we do all of the storm spotting for the nws. So, at least around here I don't think the LEO's are going to be a problem.

__________________
-Db8tr

blackwave

Also I think appearance helps. If someone looks pretty clean cut and they look somewhat conservative opposed to someone with purple hair, wearing all black, with tshirt that says "keep staring and I might do a trick", playing Manson in the background, and not bothering to turn it down until the LEO does it for you... chances are the clean cut guy will not get into too much trouble, and chances are the not-so-conservative individual will get in trouble no matter what.

Such stereotyping sucks when living the "normal" life... but has its advantages when looking for "free" notebooks in office centers..

What a sad world.

Here is a favorite quote of mine:
"You laugh because I look different, I laugh because you all look the same"

*Note: For informational and educational purposes only... This message does not condone theft.

__________________
-=BW=-