Cracking others wep

[PeppersGhost]

Quote:
Unauthorised access to computer material

(1) A person is guilty of an offence if—

(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;

(b) the access he intends to secure is unauthorised; and

(c) he knows at the time when he causes the computer to perform the function that that is the case.

(2) The intent a person has to have to commit an offence under this section need not be directed at—

(a) any particular program or data;

(b) a program or data of any particular kind; or

(c) a program or data held in any particular computer.

(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
edit:
I'd say it's covered by the first part:
In this case the data being the "key" WPA as an example by de-authenticating the AP and target it causes the target to send out the data which would be 1a.

I dont see the source of you're legal quote s1lang. It would seem the main word in it is "intent". If my name is Goggle and I want to ping sweep the internet for weeks on end, then its ok. If this is the actual law then its full of holes. And just opens more debate. Also begs the question of systems that are wide open. If I don't have to do anything to "secure access" because access is open for the world, then what law was broken. Now for open wifi, the owners of the equipment should be charged for running an open wifi. That has been covered before. Cite you're source please.

[Barry]

Well that didn't last long.

ARIZONA REVISED STATUTES ANNOTATED
TITLE 13. CRIMINAL CODE
CHAPTER 23. ORGANIZED CRIME AND FRAUD

s 13-2316. COMPUTER fraud; classification

A. A person commits COMPUTER fraud in the first degree by accessing, altering,
damaging or destroying without authorization any COMPUTER, COMPUTER system,
COMPUTER network, or any part of such COMPUTER, system or network, with the
intent to devise or execute any scheme or artifice to defraud or deceive, or
control property or services by means of false or fraudulent pretenses,
representations or promises.
B. A person commits COMPUTER fraud in the second degree by intentionally and
without authorization accessing, altering, damaging or destroying any COMPUTER,
COMPUTER system or COMPUTER network or any COMPUTER software, program or data
contained in such COMPUTER, COMPUTER system or COMPUTER network.
C. COMPUTER fraud in the first degree is a class 3 felony. COMPUTER fraud in
the second degree is a class 6 felony.

[Thorn]

If I don't have to do anything to "secure access" because access is open for the world, then what law was broken.

"Secure" usually has little or nothing to do with it under most laws.. Most laws cover intent, as you say, (but not always), however they usually distinctly cover "authority", "authorized access", or similar phrasing that talk about those who do not have permission to be accessing the network. You want citations? Vermont's criminal laws are those that I have dealt with directly; Title 13 VSA § 4101 through § 4107 are the criminal laws that cover computers and networks. http://www.leg.state.vt.us/statutes/...13&Chapter=087

One argument that often comes up is that the 'the law covers only wired networks' or words to that effect. However, if you read any of these laws, you will notice the absence of the mention of any medium. They only mention 'networks', and not whether the data is transmitted over wires, wireless, fiber optic, or string. The medium does not matter. Accessing the data network without authorization is what matters.

Other state laws are covered here, although some laws may be covered in more or less detail: http://www.ists.dartmouth.edu/TAG/aj...states-uuc.htm

US Federal laws are cited here:
http://www.law.cornell.edu/uscode/18/1030.html

Now for open wifi, the owners of the equipment should be charged for running an open wifi.

This is the same logic that blames a rape victim for wearing a short skirt. Blaming the victim for conducting themselves legally is always idiotic, and leads to accepting and absolving the criminal of their behavior.

Let's be clear on this: running an open access point is not illegal. It may not be smart, but it is not illegal. Accessing a network that you do no the authority or permission is be on is illegal in the US under both state and federal laws.

[Re@lity]

Surely, in this context, "to secure access" is a "cover all" term (even if it is a wide open AP) as I would have thought that "securing" is simply the act of "obtaining" a connection, in this context. It is not necessarily anything to do with "securing" via any means of restrictive "security" process that has been alleviated or bypassed.
If you connect to a wide open AP you have still "secured" a connection.
If you call someone on a telephone you have "secured" a connection.
It's unfortunate that they have used a word that has more than one meaning.

Thorn: as for maintaining a wide open AP, I seem to recall reading something a while back about 1 or 2 US states or cities wanting to make it a legal requirement to use a means of private encryption/authentication on a wireless AP?
I don't recall the details now....I'll have to look it up again......but maybe someone here recalls such news?

[Thorn]

Thorn: as for maintaining a wide open AP, I seem to recall reading something a while back about 1 or 2 US states or cities wanting to make it a legal requirement to use a means of private encryption/authentication on a wireless AP?
I don't recall the details now....I'll have to look it up again......but maybe someone here recalls such news?

You may be thinking of the Westchester County, New York law (passed 2006) that requires "minimum security measures" for any "commercial business" that "offers Internet access to the general public". The minimum security measures that are required are "a) installing a network firewall; (b) changing the system’s default SSID (network name); or (c) disabling SSID broadcasting." Signs with a particular wording are also required to be posting in businesses offering Internet access.

In casting a critical eye toward this particular legislation, and knowing a bit of how law works in general, plus knowing a bit of wireless and Internet security, this law has some very apparent weaknesses. I can see several problems with it that any good attorney could drive a truck through. The intent was good, but a lot of what they put in law is useless.

http://www.westchestergov.com/idtheft/wifilaw.htm

[halgorithm]

This is the same logic that blames a rape victim for wearing a short skirt. Blaming the victim for conducting themselves legally is always idiotic, and leads to accepting and absolving the criminal of their behavior.

Then would it be considered entrapment by running a WAP with shortest skirt around?

[thorin]

http://irongeek.com/i.php?page=compu...e-hacking-laws
http://forums.remote-exploit.org/sho...3&postcount=12

[PeppersGhost]

This is the same logic that blames a rape victim for wearing a short skirt. Blaming the victim for conducting themselves legally is always idiotic, and leads to accepting and absolving the criminal of their behavior.

Let's be clear on this: running an open access point is not illegal. It may not be smart, but it is not illegal. Accessing a network that you do no the authority or permission is be on is illegal in the US under both state and federal laws.

Of course, there was that girl who got kicked off the plane for a short skirt. Maybe they should have taken her in the back room and "raped" her. Not because she had a short skirt, but because she broke some vague law. Anyway, nice citation. However, my point was this, if you run open wifi and get pinched for warez don't start crying about it. If you sit on a street corner in NYC with you're mouth wide open, whats going to happen? You had an open system and got used. Maybe the judge will be sympathetic to idiots and go easy on you. And, if all you do is ping or cause the system to return valid responses then you have done nothing to cause the system to act abnormal. And to Re@lity's point if I call a phone and get a busy then that is a valid response. Was the busy a connection? More like a RST. An answer to a question, "Are you home, and the system said no, try again later". Is this a valid IP, yes. As is an ACK. I agree that the new laws are vague.

[streaker69]

Of course, there was that girl who got kicked off the plane for a short skirt. Maybe they should have taken her in the back room and "raped" her. Not because she had a short skirt, but because she broke some vague law. Anyway, nice citation. However, my point was this, if you run open wifi and get pinched for warez don't start crying about it. If you sit on a street corner in NYC with you're mouth wide open, whats going to happen? You had an open system and got used. Maybe the judge will be sympathetic to idiots and go easy on you. And, if all you do is ping or cause the system to return valid responses then you have done nothing to cause the system to act abnormal. And to Re@lity's point if I call a phone and get a busy then that is a valid response. Was the busy a connection? More like a RST. An answer to a question, "Are you home, and the system said no, try again later". Is this a valid IP, yes. As is an ACK. I agree that the new laws are vague.

So you're following the contention that if your computer asks for an IP address and the AP gives one, that's considered implicit consent to connect?

[purehate]

And your also following the contention that if I leave the front door to my house open I deserve for people to come in and do as they please or if I leave my car running with the keys in it that you should feel free to take my car for a spin.