Is it illegal?

[BrandonND]

To connect to a OPEN network.

[Sparda]

Depends. Open wireless networks are illegal in certain countries.

[BrandonND]

I am in Canada under the ISP of Sasktel, but they are under either Saktel or Shaw, or Rogers, but only about 1% of them.

[VaKo]

Technically unless you have explict permission to connect to the network it is a crime. At the very least getting caught would ruin your day. In practice however, most networks are secured out the box today so I would be thinking about potential honeypots. As long as your subtle you should be able to connect with impunity.

[digininja]

I don't know if this is true or not but I've always heard it described as "if someone leaves their front door unlocked you would be breaking the law if you just wandered in". Yust because you don't lock your door doesn't mean you invite anyone in, same thing as leaving your wifi unsecured.

[taiyed14]

check with your local authorities.

as long as you're not being a bandwidth hog or doing anything illegal, I'm sure the owners wouldn't mind

[BrandonND]

I was just wondering because today I was setting up my latest hack + mod, a Wifi sattelite dish. And I saw at least 10 open networks out of the 15 that came up ( this is in a small town btw) the other five were wep, 3 were 64 bit, two were 128, according to kismet at least. (didnt break in, I was just curious ) I went through the hoops of connecting to the strongest Open Network,

1) Pop in a live cd

2) Use Mac Changer to change to somethign that would decode to an acer with an atheros chipset. ( thank god for nmaps config files that halped me to do this xD )

3) connected

4) Did a quick LAn security scan, to check if I might have been being monitored.

5) Connected to the router and sliced out the logs that showed I had ever been there. ( there was no password NONE)

And this got me to wondering, if this is legal, why am I hiding it? In fact... is this legal? I knew with a little effort I could take over this entires town netowrking in a matter of hours, this kind of security ashames me, with a quick 15 minute wireshark monitor, I saw about half a dozen people I could have ARP poisined. Anyway, thanks for telling me, I was just wondering :P I take like 100% more precaution then is needed, but thank you

[digip]

Unless its a cafe or openly public access point, its ilegal. The fact that you removed the logs to hide your tracks is enough to probably get a person in trouble, although connecting alone might not be. For instance, you have a router and the ssid is linksys(why you leave the default, but anyway) and when you are away from home, someone has an ssid with the same name. If you are on windows, your machine will automatically reconnect to this foreign router based on the ssid. You may not even know you are connected, putting your machine at risk since you are now on some unknown lan. Best practice, disable wireless unless you need it, and for every ssid/AP you add to windows, manually change the access method to not auto reconnect to the AP.

In your scenario, you intentionally connected to someones AP. Not only that, you were running Kismet, which means all you would have had to do was open wireshark and you are now wiretapping all the Open AP's, which is also illegal for the most part.

Rule #1, if you have to ask if its illegal, don't do it.

Rule #2, if you ignore rule #1, don't tell other people what you did or are continuing to do.

Rule #3, it's only illegal if you get caught, so you put yourself at risk, its your fault if you go to jail. I could care less, but use your own moral compass, not mine.

[3w`Sparky]

I Heard of a case in the UK where the Owner of the access point got into trouble after someone used it to carry out naughty crimes. not because it came from there ip but more so because they never took any measures to secure there access point , as the owner you have to take reasonable measures towards securing your network, wep64 is enough tho. - yeah right !

[barry99705]

I Heard of a case in the UK where the Owner of the access point got into trouble after someone used it to carry out naughty crimes. not because it came from there ip but more so because they never took any measures to secure there access point , as the owner you have to take reasonable measures towards securing your network, wep64 is enough tho. - yeah right !

Actually it is. You're right it's not enough to keep people out of your network, but it is enough in the eyes of the law that you "took steps to prevent unauthorized access".

Pretty much anywhere in the US, unless you have express permission from the network owner it's illegal to connect.

[Kyle 2.0]

Its illegal technically, but its one of those "I think my neighbor is a serial killer" calls. Law enforcement get all sorts of crazies calling them daily that they'll likely shrug you off as part of the tin-foil hat club.

Good luck finding a cop who will be willing to investigate it seriously let alone one who understands how to investigate something like that. Its such a joke of a claim that no one outside of your local police dept. or sheriff will even field your call unless you have evidence of something major like child porn or something.

Edit* I asked my roommate who is a dastardly copper what he would do if someone called and reported that someone was gaining unauthorized access to their wireless network. His response was "What? You can do that?" I rest my case.

[Corrosion.]

The chances of getting caught are not very high as long as your not using the connection for illegal purposes, using the connection day after day or abuse the network ex: deleting shared files, printing over the network, etc

[Machstorm]

check with your local authorities.

as long as you're not being a bandwidth hog or doing anything illegal, I'm sure the owners wouldn't mind

Just because you can does not mean you should, like digininja said just because someone leaves their door unlocked does not give you permission to walk in to their house. Also, by your train of thought they wouldn't mind you borrowed their car without asking and drove it around as long as you were not using it in any hit and runs or bank heists. It does not work that way.

[The Sorrow]

Rule #1, if you have to ask if its illegal, don't do it.

Rule #2, if you ignore rule #1, don't tell other people what you did or are continuing to do.

Rule #3, it's only illegal if you get caught, so you put yourself at risk, its your fault if you go to jail. I could care less, but use your own moral compass, not mine.

this is the advice i follow, in the end its your own morals, anyone that can catch you would secure a wireless AP (and thats not the average pc user)

[taiyed14]

Just because you can does not mean you should, like digininja said just because someone leaves their door unlocked does not give you permission to walk in to their house. Also, by your train of thought they wouldn't mind you borrowed their car without asking and drove it around as long as you were not using it in any hit and runs or bank heists. It does not work that way.

Look at it this way. YOUR wireless access point is broadcasting into MY house without my permission. My computer is merely accepting and invitation by your AP. So really I'm not walking into to your house because the door is unlocked, I'm walking into your house because the door is unlocked and you invited me in.

Also,let's say at my house I have a Linksys router set to factory defaults, ie now encryption, ssid is linksys. I decided to do some computing (paper writing) at the park down the street. While at the park, my computer automatically connects to the neighbors AP which is also a Linksys router with factory defaults. I am now a criminal because that person cannot secure an AP. Please.

[digininja]

I wouldn't say for certain but I'd guess this is one of those illegal things that you'd never actually get done for as it can reasonably shown that it was accidental. If you knew you were out of range of home and deliberately connected then it may be different.

A prosecutor may also be able to use the technical competency level of the user to show what was reasonable. If I, with my GAWN Gold, connect to a linksys in the next city I doubt that I could argue that I though it was home but if a user with no experience did the same they might get away with it.

Could be completely wrong here. Anyone know any lawyers?

[Corrosion.]

I say don't worry about it, at all.... but if your worried enough to ask i agree you shouldn't in the first place

[shonen]

YOUR wireless access point is broadcasting into MY house without my permission.

Does that logic still apply for someone such as myself who has a 500mw signal amp, 15dbi omni and 24dbi grid dish antenna? =P

Weather its is illegal or not is beside the point, at the end of the day it is unethical and wrong. You can put sugar on shit all you want but it doesn't change the fact its still shit.

FYI and yes I am unethical but I don't make any excuses for my actions.

[Machstorm]

Look at it this way. YOUR wireless access point is broadcasting into MY house without my permission. My computer is merely accepting and invitation by your AP. So really I'm not walking into to your house because the door is unlocked, I'm walking into your house because the door is unlocked and you invited me in.

Also,let's say at my house I have a Linksys router set to factory defaults, ie now encryption, ssid is linksys. I decided to do some computing (paper writing) at the park down the street. While at the park, my computer automatically connects to the neighbors AP which is also a Linksys router with factory defaults. I am now a criminal because that person cannot secure an AP. Please.

Yes you are because you have the technical competency to know better, also ignorance is not an excuse to break the law. Also, why do you feel entitled to do such things moreover why are you acting so egocentric?

Let's apply your logic to a scenario:

Ok, I know most of everyone can drive a car in this forum right? We know that cars can have many functions like delivering the mail to a mailbox. Let say that the mailman delivers you neighbors mail to you by mistake. Most of us would walk over put the mail in the neighbors mail box. However by your logic that mail is yours because it was delivered to your mailbox, but that still does not make it legal to open mail that is not yours.

Also, by your same logic that mail truck parked outside in front of your house is yours for the taking because the mailman left his door unlocked so that gives you the right to take the mailtruck and drive it around town. Then when you are caught all you have to say is "I don't know how to drive" to get out of trouble. "Please".

[taiyed14]

the mail is sealed (protected), an open wireless ap is not (unprotected). Let's say the mailman delivered a postcard, i have every right to read it if its in my mailbox.. also, you are assuming that a piece of mail is the same as radio waves. it is not.

i think you are confusing ethics and law. is it ethical to connect to an open ap you haven't had permission for? maybe. is it illegal, i don't know, I'm not a lawyer. should it be illegal, absolutely not.

[shonen]

You have a point but laws are based on ethics. =P

[Machstorm]

the mail is sealed (protected), an open wireless ap is not (unprotected). Let's say the mailman delivered a postcard, i have every right to read it if its in my mailbox.. also, you are assuming that a piece of mail is the same as radio waves. it is not.

i think you are confusing ethics and law. is it ethical to connect to an open ap you haven't had permission for? maybe. is it illegal, i don't know, I'm not a lawyer. should it be illegal, absolutely not.

There you go again with the self entitlement by dancing around the issue. Network traffic is also delivered in packets just like mail and sometimes its sealed and needs a signature. Oh and by the way yes it is illegal.

your acting like one of those kids when they are playing cops and robbers and one kid tells the other "Bang you're dead" and your the other kid saying "Nuhuh I have magic armor so bullets cant hurt me". Give it up you are trying to justify unlawful behavior.

It also appears that you live in Illinois and I have their statutes right here:

16D-3. COMPUTER tampering

s 16D-3. COMPUTER Tampering. (a) A person commits the offense of COMPUTER

tampering when he knowingly and without the authorization of a COMPUTER'S

owner, as defined in Section 15-2 of this Code, or in excess of the authority

granted to him:

(1) Accesses or causes to be accessed a COMPUTER or any part thereof, or a

program or data;

(2) Accesses or causes to be accessed a COMPUTER or any part thereof, or a

program or data, and obtains data or services;

(3) Accesses or causes to be accessed a COMPUTER or any part thereof, or a

program or data, and damages or destroys the COMPUTER or alters, deletes or

removes a COMPUTER program or data;

(4) Inserts or attempts to insert a "program" into a COMPUTER or COMPUTER

program knowing or having reason to believe that such "program" contains

information or commands that will or may damage or destroy that COMPUTER, or

any other COMPUTER subsequently accessing or being accessed by that COMPUTER,

or that will or may alter, delete or remove a COMPUTER program or data from

that COMPUTER, or any other COMPUTER program or data in a COMPUTER

subsequently accessing or being accessed by that COMPUTER, or that will or may

cause loss to the users of that COMPUTER or the users of a COMPUTER which

accesses or which is accessed by such "program".

(B) Sentence.

(1) A person who commits the offense of COMPUTER tampering as set forth in

subsection (a)(1) of this Section shall be guilty of a Class B misdemeanor.

(2) A person who commits the offense of COMPUTER tampering as set forth in

subsection (a)(2) of this Section shall be guilty of a Class A misdemeanor and

a Class 4 felony for the second or subsequent offense.

(3) A person who commits the offense of COMPUTER tampering as set forth in

subsection (a)(3) or subsection (a)(4) of this Section shall be guilty of a

Class 4 felony and a Class 3 felony for the second or subsequent offense.

© Whoever suffers loss by reason of a violation of subsection (a)(4) of this

Section may, in a civil action against the violator, obtain appropriate

relief. In a civil action under this Section, the court may award to the

prevailing party reasonable attorney's fees and other litigation expenses.

You can find more information here:

http://nsi.org/Library/Compsec/computerlaw/Illinois.txt

And here:

http://law.findlaw.com/state-laws/computer-crimes/illinois/

I am Majoring in Information Assurance and Forensics so I have to deal with Cyberlaw. If you have any more questions feel free to ask.

[gcninja]

Look at it this way. YOUR wireless access point is broadcasting into MY house without my permission. My computer is merely accepting and invitation by your AP. So really I'm not walking into to your house because the door is unlocked, I'm walking into your house because the door is unlocked and you invited me in.

Well, actually wouldnt an invitation be more of it sending a request to connect or auto connection?

Also, with the over crossing waves into your house analogy, wouldnt it be more like "our houses are connnected (his the AP yours the computer) and your door is open so i enter, STILL illegal (like the conencted hotel rooms, busting into your neighbors room via the door IS illegal)

Also,let's say at my house I have a Linksys router set to factory defaults, ie now encryption, ssid is linksys. I decided to do some computing (paper writing) at the park down the street. While at the park, my computer automatically connects to the neighbors AP which is also a Linksys router with factory defaults. I am now a criminal because that person cannot secure an AP. Please.

And wouldnt mac addresses cause this to be IMPOSSIBLE? otherwise routers with "default" for names and such would be rampant random connections, a fair percentage dont change default names either outta laziness or unknown knowledge of how to.

just my 2 cents

[decepticon_eazy_e]

And wouldnt mac addresses cause this to be IMPOSSIBLE? otherwise routers with "default" for names and such would be rampant random connections, a fair percentage dont change default names either outta laziness or unknown knowledge of how to.

just my 2 cents

XP has this fixed now, so you don't connect to random connections, even with the same SSID. But up until then, nope, that is exactly how it worked. That's what the whole "evil twin" attack is based on.

Same with the pineapple/jaseger thing. The only difference there is that it's waiting for your card to look for old SSIDs. You still connect to an AP with a SSID that's a spoof of one you've been on.

Companies sell expensive WLAN/IDS devices/solutions to counter act the whole "rouge AP" problem, which is exactly what you're talking about.

So, it's far from IMPOSSIBLE, it's more like COMMON EVERYDAY PROBLEM WE DEAL WITH.

[3w`Sparky]

my friends daughter got a computer for xmas ages ago , it had on the packaging and laptop (internet ready)

i wasn't till about 3 days later when they saw her surfing the web that they asked her what she was doing , she explained it said internet ready and it was on the internet that was for sure, via the neighbours accesspoint !

hows that for legal ?