Actually, in some states, such as Florida, capturing ("sniffing") packets is
illegal based on its *intent*; the intent, unless you are performing this on
your own wireless network, is to either illegally connect, or utilize any
captured information in a subversive manner. This was pointed out to me at a
cybercrime conference last year by an FDLE officer (Florida Status 815.06 under
the Florida Computer Crime Act of 1988). I was demonstrating that the hotel
had several networks that were wide open (not initially realizing that he was a
police officer), demonstrating that both businesses and individuals alike, were
overly-trusting about their computer networks. Nonetheless, it was an
interesting conference.
So although -- at a federal level (within the United States) -- it may not be
illegal to perform packet capturing on wireless networks, it *may* be at local
or states (provincial) levels, such as the case with the State of Florida
(http://www.clas.ufl.edu/docs/flcrimes/section2_1_1.html). I believe that
there are several other states which have similar laws, which -- if caught --
carry a stiff penalty. California is one of 'em (see also:
http://www.securityfocus.com/columnists/412).
Hope this helps...
-rad
DISCLAIMER: I am NOT an attorney at law, nor do I represent any such
organizations providing any legal advise; if you are unsure of your actions,
please contact your local law enforcement office, regional FBI office, or an
attorney.
----- Original Message -----
From: Morning Wood [mailto:se_cur_ity@hotmail.com]
To: pen-test@securityfocus.com
Subject: Re: Legality of WEP Cracking
> > The UK law is clear, I quote from the UK Computer Misuse Act 1990
> > (http://www.opsi.gov.uk/ACTS/acts1990/Ukpga_19900018_en_2.htm):
> >
>
> from what I understand here in the US...
>
> "sniffing the air" is legal
> "connecting to an AP you do not have explicit permission" is illegal
> "possession of an access restriction device" eg: WEP key
> that you are not explicitly allowed permission is
> illegal
>
> capturing airborne packets "may" be legal, but the moment you begin to
> "try" to "crack" a WEP key, you would be entering access restriction device
> realm instantly. ( do not pass GO! ) , as well, simply connecting to your
> target AP is illegal from the get-go ( gimme your dice! )
>
> but my understanding is only a perspective, which may or not be completely
> askew...
>
> M.W
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
|