Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Legality of WEP Cracking
From: Bob Radvanovsky <rsradvan () unixworks net>
Date: Sat, 19 May 2007 06:29:27 -0500

Actually, in some states, such as Florida, capturing ("sniffing") packets is illegal based on its *intent*; the intent, 
unless you are performing this on your own wireless network, is to either illegally connect, or utilize any captured 
information in a subversive manner.  This was pointed out to me at a cybercrime conference last year by an FDLE officer 
(Florida Status 815.06 under the Florida Computer Crime Act of 1988).  I was demonstrating that the hotel had several 
networks that were wide open (not initially realizing that he was a police officer), demonstrating that both businesses 
and individuals alike, were overly-trusting about their computer networks.  Nonetheless, it was an interesting 
conference.

So although -- at a federal level (within the United States) -- it may not be illegal to perform packet capturing on 
wireless networks, it *may* be at local or states (provincial) levels, such as the case with the State of Florida 
(http://www.clas.ufl.edu/docs/flcrimes/section2_1_1.html).  I believe that there are several other states which have 
similar laws, which -- if caught -- carry a stiff penalty.  California is one of 'em (see also: 
http://www.securityfocus.com/columnists/412).

Hope this helps...

-rad

DISCLAIMER: I am NOT an attorney at law, nor do I represent any such organizations providing any legal advise; if you 
are unsure of your actions, please contact your local law enforcement office, regional FBI office, or an attorney.

----- Original Message -----
From: Morning Wood [mailto:se_cur_ity () hotmail com]
To: pen-test () securityfocus com
Subject: Re: Legality of WEP Cracking


The UK law is clear, I quote from the UK Computer Misuse Act 1990
(http://www.opsi.gov.uk/ACTS/acts1990/Ukpga_19900018_en_2.htm):


 from what I understand here in the US...

"sniffing the air"        is legal
"connecting to an AP you do not have explicit permission"       is illegal
"possession of an access restriction device" eg: WEP key
that you are not explicitly allowed permission                           is 
illegal

capturing airborne packets "may" be legal, but the moment you begin to
"try" to "crack" a WEP key, you would be entering access restriction device
realm instantly. ( do not pass GO! ) , as well, simply connecting to your
target AP is illegal from the get-go ( gimme your dice! )

but my understanding is only a perspective, which may or not be completely
askew...

M.W 


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]