Jump to content

Archived

This topic is now archived and is closed to further replies.

sud0nick

Deauth and Jamming Illegal

Recommended Posts

I did a quick search of the forums but didn't find anything related to this. I came across this page on the FCC's site that states deauth attacks and jamming of WiFi are illegal in the US as of January, 2015. They also state the following:

In addition, we reiterate that Federal law prohibits the operation, marketing, or sale of any type of jamming equipment, including devices that interfere with Wi-Fi, cellular, or public safety communications. Detailed information about the prohibition against jamming is available on the Commission’s website at http://www.fcc.gov/encyclopedia/jammer-enforcement.

If you read the example they gave about a Marriott hotel deauthenticating users it appears the FCC doesn't know the different between that and jamming a signal. Of course they added that catch-all statement that any device that interferes with WiFi communications is illegal. Page 2 of that document states that no commercial establishment is allowed to block WiFi communication but the next paragraph down has the quote I posted above. It would appear that using the deauth feature of the Pineapple is now illegal, unless if I'm misinterpreting this.

Share this post


Link to post
Share on other sites

While the saying claims you shouldn't attribute to malice that which can be explained by stupidity, in this case I'm quite confident this "[not knowing] differen[ce] between [deauthing] and jamming a signal" is quite deliberate. I'm thinking they're viewing this problem from the end-user's perspective, whom you'd be depriving of a service via these actions. The FCC is simply saying "you can't do that" which, actually, makes perfect sense.

I read about the illegality of signal jamming some years ago in the context of a coffeeshop (the dutch kind, where you might be able to get a cup of coffee, but it's not their intended purpose) that had problems with dealers of harddrugs that would basically hang around at their establishment, waiting for someone to call to meet up to make a deal. The coffeeshop owner didn't appreciate this business so he installed a jammer and got these people to not show up in very short order, however some of those folks reported the telephony sink-hole to their mobile operator who eventually sent a tech over, discovered the jamming signal and they quickly advised the owner to turn it off or face rather substantial penalties.

You're allowed to jam any signal you want within the confines of your own premesis, but once that signal leaks out onto the street and disrupts service there, people get mighty pissed, mighty quickly. Penalties are rather stiff because you might be preventing someone to call 911 (or equivalent) at some crucial moment, which incidentally would make you partially liable for the consequences of the potentially delayed arrival of the emergency services.

In terms of WiFi, the area might be grayer because no emergency service is made unavailable by blocking it, but the law doesn't make this destinction and since it's worded around the concept of depriving someone the legitimate use of a service, you only need 1 law to deal with this whole class of problems. The alternative would be that a new law/rule would have to be written up for, say, a flooding attack against an AP, another for a deauth attack, yet another for outright jamming of a frequency and so on. It makes some sense to prefer somewhat broad wording here.

Share this post


Link to post
Share on other sites

Guys, let's not forget, that a newly purchased MKV does not come with a DEAUTH infusion. You have the option to download the infusion and use it for personal use. Maybe Hak5 should put a disclaimer or something like that prior to downloading an infusion.

The MKV, could be used for many other things such as an ABS tracker, Pentesting/auditing etc...

Also, not all of us live in the US. I'm sure there are some/many countries that have no law regarding this.

Cheers

Share this post


Link to post
Share on other sites

I think a disclaimer is kind of moot point. The MKV and tools like it, are intentionally meant for pentesting, experimentation and home hobbyists who uses them to test and defend their networks. Tools of any type will always find asshats that all they want to do is screw with other peoples networks. It's in the end users discretion and responsibility at all times what they do and how they use their devices and software tools. People buying the device, know damn well what they are capable of; what they should and shouldn't be doing with them, and I think any person(s) trying to hold claim that they didn't know what they were doing if they got in trouble with the law while using one, would find themselves very quickly shot down defending themselves in court whether in the US or abroad.

Share this post


Link to post
Share on other sites

Guys, let's not forget, that a newly purchased MKV does not come with a DEAUTH infusion. You have the option to download the infusion and use it for personal use. Maybe Hak5 should put a disclaimer or something like that prior to downloading an infusion.

The MKV, could be used for many other things such as an ABS tracker, Pentesting/auditing etc...

Also, not all of us live in the US. I'm sure there are some/many countries that have no law regarding this.

Cheers

PineAP has the ability to deauth although I assume people are using the infusion more.

I, too, think a disclaimer is unnecessary. Using anything on the Pineapple against a network/device you do not own without proper consent is illegal already.

Share this post


Link to post
Share on other sites

To suggest a disclaimer is like demanding all toothpicks are provided with a protective sheeth to prevent injury.

... and somewhere in America a lawyer will go "Hrmmm. I wonder who I can screw out of a couple of million over this?"

Share this post


Link to post
Share on other sites

The follow-up to that 2012 story: The guy tried to create a legal ownership construct whereby he hoped he couldn't be held responsible for what happened on what was, legally, not his land anymore. The judge saw right through it and called it "a sham". The guy walked out of the courtroom at one point yielding him a 12-day prison sentence for contempt of court and for his continued violation of the law he got a 90-day prison sentence on top of the 30 days in 2012. The dams have since been removed by government officials armed with a court order, for which he gets to pick up the tab.

What you must understand is that he constructed several dams to thus create a total of 3 ponds of significant size (200 olympic swimming pools worth). There's a 1909 state law that appropriates all water falling on Oregon soil as being owned by the public, but which exempts run-off from an impervious surface such as a rooftop. You're required to get a permit for the collection of the remainder of the water that falls on your land. He never got those permits but did build those dams to ensure he collects more water than would naturally occur.

And just so you know (as I for one didn't), Oregon is another one of those states that has a drought problem.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...