Just wanted to put my $0.02 in...
First off, this guy wasn't wardriving. Wardriving is the act of driving around and mapping out access points. Wardrivers normally don't access these networks, they just map out where they are and post them on the web. It comes from the word wardialing where computer's called huge lists of phone numbers looking for accessible computer systems and recorded those numbers. This guy wasn't wardriving, he was sitting in a parked car accessing this guy's wireless network for a long period of time - the guy kept looking out his window and saw this suspicious looking man in his car with a laptop. Now if I kept seeing a guy sitting outside my home, I would get a little pissed too. So, he did what anyone would do - call the cops. In the US, it is illegal to access ANY communication network without first getting permission. That's the law and that's exactly what he was doing. If they find spam sending software, viruses/worms/trojans, or kiddy porn on his system I think they should throw the book at him. If all he was doing was checking his email, then they can be a bit more lenient. However, if you ask me, sitting in a residential area was just asking for trouble. He should of just drove to a business district, or a coffee house, and avoid this situation all together.
On Mon, Jul 11, 2005 at 09:23:19AM -0500, Jeremy Fowler wrote:
In the US, it is illegal to access ANY communication network without first getting permission.
Fair enough.
That's the law and that's exactly what he was doing.
Really?
Come on, we know how these access points work: They ANNOUNCE their SSIDs and they GIVE OUT IP numbers via DHCP. They don't have to do this, and there are options to have them not do this. Your mileage clearly varies on this point, but I think a reasonable interpretation is that the machine was, indeed, configured to convey that permission.
This may be a case where the factory-installed defaults should be changed, just as when, back in the day, a default install of Redhat or whatever would have all these unnecessary and often vulnerable services running. Eventually, practices changed and the suppliers required explicit steps to turn on these features. This can't be that hard for companies like Cisco and Nortel and Linksys to do for their consumer-level stuff.
If you don't think broadcasting an SSID and offering DHCP leases (to say nothing of leaving off the encryption) constitutes permission, what form of permission would you require? And how would you contrast that form with the other types of announcements and invitations that have been mentioned in this thread already (eg, garage sale signs being a cover against trespassing charges, that sort of thing)?
If they find spam sending software, viruses/worms/trojans, or kiddy porn on his system I think they should throw the book at him. If all he was doing was checking his email, then they can be a bit more lenient.
Not sure how I feel about sitting in a car using a laptop as being probably cause for a search. Whether the guy looked "suspicious" or not is pretty subjective.
But yeah, that's bad stuff. Something tells me if he had any of that stuff, we'll hear about it, since it's the kind of salacious detail the news loves. That we haven't heard about it makes me think they looked and didn't find anything like that.
Also, if the guy had viruses/worms/trojans, they could be ones his system just happened to catch, like the zillion other vulverable machines running ${PROPRIETARY_OS}. He could be as much a "victim" of poorly-maintained systems as the person with the misconfigured AP.
However, if you ask me, sitting in a residential area was just asking for trouble.
<*shrug*> I <ahem> know of someone who was going to a meeting at a house in a residential neighborhood, and had forgotten to bring along the address or a map or something like that, and who did a short bit of wardriving, found an open access point, checked the online mailing list archive for the details, and then went to the meeting, which as it happens was about a block away.
He should of just drove to a business district, or a coffee house, and avoid this situation all together.
Yeah, probably.
On Monday 11 July 2005 10:46, D. Joe wrote:
That's the law and that's exactly what he was doing.
Really?
Come on, we know how these access points work: They ANNOUNCE their SSIDs and they GIVE OUT IP numbers via DHCP. They don't have to do this, and there are options to have them not do this. Your mileage clearly varies on this point, but I think a reasonable interpretation is that the machine was, indeed, configured to convey that permission.
You guys are leaving a very important part of the legal process out of your discussion: intent.
In many types of cases, the State must show -- no only that the act occurred but -- that there was deliberate intent to commit a crime.
-
D. Joe -
Jason Clinton -
Jeremy Fowler