joeypesci Posted May 6, 2010 Posted May 6, 2010 (edited) We all know how WEP is easy to crack and all and, in England at least, cracking someone's WIFI without their permission is now illegal. Even going on someone's unprotected WIFI is illegal unless you have consent (I could be wrong about that one as some devices just connect automatically to WIFI if it's unprotected). There was a case in 2007 in England for someone being busted. http://www.hackinthebox.org/modules.php?op...r=0&thold=0 However, this is a hypothetical question. If, in your area, you saw a lot of WIFI setups using WEP and you cracked them all. Would you then, as an ethical hacker and not knowing which house which router is in, leave well alone or, attempt to get onto a PC/laptop that was on that network and leave them an obvious note, explaining to them how insecure their WEP WIFI is and that they should change it. If possible, leaving them instructions on how to do so for their specific router? Explaining how to update to WPA or WPA2. It's an interesting question I thought. You want to help these people protect themselves, but have no way of contacting them. The other idea would be to just leaflet the whole street, explaining to them how insecure WEP is and anyone who has it setup and would like help updating, you'll offer your service at a reasonable rate :) Edited May 6, 2010 by joeypesci Quote
d4t4 Posted May 6, 2010 Posted May 6, 2010 (edited) Cracking the WEP encrypted connections is illegal no matter what way you look at it. What your saying is, if a store had very low security and was easy to steal from, stealing from that store but bringing back whatever you stole to make a point about how low their security is, is ethical? Maybe it is ethical, but it is still illegal. So no, do NOT crack other peoples wireless networks to leave them a "note". Edited May 6, 2010 by d4t4 Quote
joeypesci Posted May 6, 2010 Author Posted May 6, 2010 Cracking the WEP encrypted connections is illegal no matter what way you look at it. What your saying is, if a store had very low security and was easy to steal from, stealing from that store but bringing back whatever you stole to make a point about how low their security is, is ethical? Maybe it is ethical, but it is still illegal. So no, do NOT crack other peoples wireless networks to leave them a "note". You obviously didn't read the first sentence then oh arrogant one. I pointed out it was illegal. And you comparing it to stealing from a store then bringing it back is the wrong idea. You could of said breaking into a store and leaving them a note at how easy it was. But yes, would be stupid. But I think the point is. Breaking into a store is a physical thing so no one is going to do it. However, a teenager sitting in their room breaking into their neighbours wifi more than likely happens. It requires no violence or physical access. So it happens. The point was to make people aware of this. I guess the note idea would be a poor one. Although no violence is involved I think the worry factor would be the issue. It would then make people worry, feel like they have been monitored. Violated if you will. In a small way, like a burglary when you're out. You don't know it's happening, you're not there, but feel violated when you get home and realise someone has been there. I guess the best course of action would be to leaflet the street. Again, this was a hypothetical question and not to be taken so seriously as you seem to have. Quote
digip Posted May 6, 2010 Posted May 6, 2010 You know WEP is weak and can be broken within a few minutes. Since you already know this, there is no need crack their wifi, but instead, you should let them know that it can be easily broken in to. If they say how, then you get permission to show them, not the other way around. You dont break in first, then tell them what you did, or you could go to jail. Quote
ParMan Posted May 6, 2010 Posted May 6, 2010 You know WEP is weak and can be broken within a few minutes. Since you already know this, there is no need crack their wifi, but instead, you should let them know that it can be easily broken in to. If they say how, then you get permission to show them, not the other way around. You dont break in first, then tell them what you did, or you could go to jail. i would have to say that he/she put it perfectly! Quote
Alias Posted May 7, 2010 Posted May 7, 2010 Actually I don't even think you need to crack the WEP key anymore. Tools like easside-ng and wesside-ng which are included in the aircrack-ng suite basically killed the need to crack a WEP key. It's a pretty fine line but it's not really cracking the network. Quote
Infiltrator Posted May 8, 2010 Posted May 8, 2010 Moral of the story people should consider upgrading their wireless security to a more effective one, like WAP and implement a very strong passphrase instead of a weak one. Quote
Alias Posted May 8, 2010 Posted May 8, 2010 Moral of the story people should consider upgrading their wireless security to a more effective one, like WAP and implement a very strong passphrase instead of a weak one. Yeah but there a derps everywhere. I was living next to this guy who had his wireless setup with the ESSID of 'wireless' so I just downloaded the WPA tables from Offensive Security and within a few minutes I had his password. It was 'lovefishing' *facepalm* Turns out that one of those so called 'Computer Experts' had set him up with a wireless network for free neglecting to set it up properly. Quote
Infiltrator Posted May 8, 2010 Posted May 8, 2010 (edited) Yeah but there a derps everywhere. I was living next to this guy who had his wireless setup with the ESSID of 'wireless' so I just downloaded the WPA tables from Offensive Security and within a few minutes I had his password. It was 'lovefishing' *facepalm* Turns out that one of those so called 'Computer Experts' had set him up with a wireless network for free neglecting to set it up properly. Funny you brought that up, where I live there are still people who have their wireless SSID set to the factory name like "Linksys or Dlink" and what is more interesting is that, they still use WEP over WPA and sometimes no encryption at all. I have tapped several times onto one of this wireless just for surfing the net and to see what else I could infiltrate into. Edited May 8, 2010 by Infiltrator Quote
joeypesci Posted May 8, 2010 Author Posted May 8, 2010 A few in my area that although set to WPA or WPA2 are still set with their default name. A friend of mine, in her area where she use to live knew an engineer who'd setup WIFI for local people. What he wasn't telling them was because he was setting the password for them and not suggesting they change it later, he'd use it to hop on later to surf the net for free. Naughty. It's also possible some of them are honey pots. Quote
digip Posted May 8, 2010 Posted May 8, 2010 Funny you brought that up, where I live there are still people who have their wireless SSID set to the factory name like "Linksys or Dlink" and what is more interesting is that, they still use WEP over WAP and sometimes no encryption at all. I have tapped several times onto one of this wireless just for surfing the net and to see what else I could infiltrate into. You keep referrign to this as WAP. I think you mean WPA, and at minumum, people should be using WPA 2 with the maximum encryption settings. Quote
Infiltrator Posted May 8, 2010 Posted May 8, 2010 You keep referrign to this as WAP. I think you mean WPA, and at minumum, people should be using WPA 2 with the maximum encryption settings. Sorry my bad, I don't know why I keep doing that? Quote
oxley Posted July 4, 2010 Posted July 4, 2010 I think you need to look at what history has taught us and lessons learnt by other hackers, crackers and phreakers. Usually an uninvited demonstration of a security flaw or even telling someone can lead them to feel insulted and violated, which then puts them on the offensive. So your hypothetical is not “ethical hacking” by my definition, as that is an invited investigation in to finding the flaws. Me, I would sit back and wait until they have been pwned by some script kiddie, or their internet has been capped after a few days because some pervert connected and downloaded a drive full of pron. Then offer my services with a big dollar rate, so they get bent over twice. Quote
metatron Posted July 4, 2010 Posted July 4, 2010 I never really got the whole ethical hacker thing, who's measuring stick are we using? Quote
oxley Posted July 5, 2010 Posted July 5, 2010 I never really got the whole ethical hacker thing, who's measuring stick are we using? Any uninvited penetration of a computer system that could put you in a cell with Bubba and Ben Dover, dealing with another type of uninvited penetration could be considered unethical. I believe a lot of countries are changing laws to cover unauthorised system access. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.