I know its illegal to connect to any givin network without proper consent but im wondering about this scenario.
Say someone is just sitting monitoring a network and there using wep or wpa. They monitor it long enough to either gain enough IV's or capture the handshake making sure not to transmit anything.
Does it become illegal if they break the wep key or brutforce the password and if so at what point, only after they have found the key or as there attempting to get it?
in switzerland in principal yes it is illegal. Because you break something that has been secured, so it's not meant to break :D. only collection without breaking (war driving) is legal. But it's something that isn't very clear till now so lawyers will earn a lot of money with that...
Legal questions are always difficult because the answer depends on jurisdiction - different laws apply in different places. Generally speaking though, the laws that would likely apply in a scenario like this would involve interception of communications and authorised access to a computing system.
The particulars of exactly when something would become illegal then come down to what particular laws apply in the jurisdiction you are physically sitting in when you do this, the jurisdiction that the computer systems you may be accessing are in, the jurisdiction that other parties who my be sending traffic over that network are in, the jurisdiction of the areas that the traffic you may send will travel over AND how all of those laws have been interpreted in the past (case law). (And those can all be different jurisdictions by the way.) Yes its all pretty confusing, and its exactly why you generally want to talk to a lawyer when you want legal advice - and Im not a lawyer so take this advice with a grain of salt.:D
Well look at it that way: is it illegal to pick a lock of a house or is it just illegal if you succeed to do that?
love this opinion :D
Originally Posted by KMDave
Just imagine the WPA network is yours, and you're transmitting your financial data over it.
Now, imagine someone is sitting out your window, capturing the packets of your WPA network. Would you consider it's ok to do that? Based on that, any judge will probably say it's illegal. Common sense.
but to equate picking a lock would be like attempting the attack.
Collecting information about the locks you may or may not pick in the future is a closer in resemblence to the collection of iv and handshake.
Where that in many places is not illegal, as there are many of books that read about picking various locks.
I am in agreeance with lupin to the degree that it depends where abouts is your location as this is a gray subject.
All in all, I think KMDave was trying to say, instead of is it illegal to try and pick it, or only if you succeed, but rather, if you are collecting enough information that you may successfully break it, then the intentions are given.
Like pre meditated murder. you know you are going to kill some one. just the intention and preperation is enough in many places to go to jail. I have knoweldge that this is on a different extreme, but at it base it is a very similar situation about pre thought and preparing to break it.
Sorry for bad english.
It's illegal under most jurisdictions.
If you want to test your attack skills on captured packets, you'd be much better off setting up an WLAN and asking a friend to set the encryption. You could even get someone who isn't that computer savvy to do it, if you just had them do the key entry, and you did the rest. Remember to have them write the key down, and stuff it in an envelope. Then generate some traffic over the WLAN by doing a download of some large files, or running wget fon a large site, while you monitor and grab the packets from your attack PC. Once you have enough packets, you can attempt to break the encryption to your hearts content, without fear of running afoul of any laws.
Collecting IV's with following up to try and crack it is like finding out which kind of lock is used (capturing IV's) and trying to crack it is like trying to pick the lock.
Plain IV capturing without doing anything else with the information is quite pointless.