Wardriving

Bill Nash plug-discuss@lists.plug.phoenix.az.us
Thu, 7 Nov 2002 13:07:12 +0000 (UTC) 

On Thu, 7 Nov 2002, Matt Alexander wrote:

> Well, there was this case:
> http://www.theregister.co.uk/content/55/26397.html

	In which the defendant identified AND demonstrated access to a
wireless network he was not authorized to use. Personally, I think that
whole case was a travesty of justice, considering that he was doing them a
favor.

> If you simply identify an access point, then there's nothing wrong with
> that.  If you go further and access any services, then you could be
> charged with trespassing, theft of services, etc.

	What do you think wardriving is? Trolling for places to get porn
when you're out of the house? You have to consider the audience, here.
The bulk of us are IT professionals of some stripe, and everyone else is a
new user lurking on the list to learn more. Wardriving, in and of itself,
is not a crime, nor is it a past time that could be considered wholly
'black hat'. There are many beneficial things to be learned from
activities like this. A few:
	Understanding signal propagation - how far that little linksys can
go under differing conditions, and how far your signal gets without your
knowledge.
	How the bad guys think - When WEP encryption isn't enough to deter
the casual packet junkie.
	How to manage 802.11b in a saturated area - Central and Thomas.
Enough said.

> Here's an interesting post on the 'net I found:
> (http://legalminds.lp.findlaw.com/list/cyberia-l/msg41515.html)
>
> there is an FCC rule that, except for broadcast transmissions, a
> third-party eavesdropper cannot divulge the CONTENT of an intercepted
> radio transmission.  Some of the information included in a chalk-mark
> arguably discloses content.

	Whew! Good thing this conversation wasn't about warchalking,
right?

> So what could possibly be wrong with war chalking? The EPCA states that,
> "intentionally disclos[ing], or endeavor[ing] to disclose, to any other
> person the contents of any wire, oral, or electronic communication,
> knowing or having reason to know that the information was obtained through
> the interception of a wire, oral, or electronic communication in violation
> of this subsection" is subject to fine and imprisonment of up to 5-years.
>
> If similar verbiage were adapted to cover 802.11 transmissions then merely
> marking an 'X' where wireless traffic has been observed would doubtfully
> violate the law. But, war chalkers use many more symbols. Simply
> disclosing whether or not WEP was enabled could possibly be a violation.

	'Doubtfully violate?' Regardless, 802.11 *are* a form of
electronic communication, so I would interpret that to mean what it says.
However, I do think a contest of that particular (statute?) verbage would
wind up having 'oral' stricken from it. Otherwise, any reporter who picks
up a story simply by overhearing a conversation would be in jail.

> And apparently the FBI doesn't look too highly on WarDriving:
> http://www.politechbot.com/p-03884.html
>
> My thought would be that if a company learned of someone listening on
> their network, no matter how insecure the network might be, the company
> could probably get the person charged with "hacking."

	Hey, I don't look too highly on the French, personally, but that
doesn't make them illegal. All in all, there isn't much you've supplied
here that backs up your original claim that announcing a desire to go war
driving is an incriminating act. Personally, I think of it as a public
service, considering the amount of interference that takes place within
the 2.4ghz spectrum. Have a conversation with a HAM operator about who's
responsible for correcting RFI, and then think about how most access
points are used.

Take a read through:
http://www.arrl.org/tis/info/part15.html

- billn