December 14th, 2002, 09:00 PM
Secret service +anti wardriving?
this morning i was watching techtv and it was talking about the secret service going and helping companys test their Wi-Fi networks,BUT the secret service isnt willing to give info on what they are doing when they wardrive, i dont mean their methods, but what they are actually doing after they test their networks. the secret service claims that they arent trying to take away buisness from the companies, but what are they up to? Im looking forward to ur comments on this issue! here is the only actual documentation i could find on it other than the show http://www.techtv.com/news/print/0,2...410202,00.html again im looking forward to ur comments!
December 14th, 2002, 09:10 PM
but what they are actually doing after they test their networks
Full article: http://www.computerworld.com/mobilet...,74806,00.html
When the agents from the Secret Service Electronic Crimes Task Force detect an unsecure WLAN, they contact the enterprise operating the system, identify themselves and inform the business of any vulnerabilities they have detected. Marr described this as a “community outreach program,” in the same spirit as local police officers going door to door in a neighborhood to talk to residents about physical vulnerabilities.
another here: http://online.securityfocus.com/news/899
If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.
December 14th, 2002, 09:19 PM
well why isnt that illegal then? if i did that i would get arrested! thats what alot of hackers do and they still get busted! because in order to find a vulnerability u have to look for it, and thats illegal!!!!!!!!!!!!!!!!!!!!!
December 15th, 2002, 02:32 AM
Im not sure if its illegal of not since most of the time you can get a connection in a public place. If they have permission then its most definetly legal. The funny thing is alot of these wireless networks don't bother getting firewalls and its not like these guys are doing attacks. And besides.... wardailing is used to dail random numbers intil a modem picks up. Basicly 80% of what they are doing is walking around and sniffing. However if you go beyond that and get admin rights then start fooling around with things then I think its illegal.
February 8th, 2003, 05:54 PM
Over here in the UK there are arguements going on about the legallities of network sniffing. At the moment, it appears that you can escape the justice system if you were not given a warning [gloworange]before you hack in[/gloworange] that such an intrusion of a specific system would be illegal! Also, if you hack in, poke around but don't change, delete or steal anything, you have technically not broken any laws!
I'm convinced that corporations are blissfully unaware of this these facts.
However, by reading something and remembering the information, are you stealing it?
February 8th, 2003, 11:42 PM
Won't comment on the ethics of govt intrusion (it's way too late and you'd all fall asleep). But....Gixer's right, sort of, when he says (sic) 'if you read information and remember it you are stealing it.' Firstly, changing the nature of data is illegal as its interfering with property. But someone would have to make a complaint to have the case considered.
You may also be technically reducing the novel value of the information - so if we take the example of breaking into the M&A dept and reading information about who is going to take over whom, well that may compromise the value of the deal because these things rely on limiting info. I could think of better examples if it wasn't so late. The funny thing about this is, you don't have to be able to prove intent to use or disclose the information for this to be applicable. There are some *interestingly worded* bits of legislation in the UK (it's one of my hobbies to watch HMSO).
If a company invited network intrusion though, well it's an interesting question, you'd have to have an iron-clad contract specifying indemnity against accidental damage (if I prod your server and it later develops a bruise you can't sue me). I have little experience on tech pen testing, but I'm sure there are people here who know (and who might tell!)
I don't think you'd be able to claim, as a defence "they put up wireless access then didn't protect it so I had no idea I shouldn't have been there" because it's kind of like the "I found the diamonds just lying around in the vault, I thought they would get stolen so I picked them up."
In the US, the FBI say:
"Identifying the presence of a wireless network may not be a criminal violation, however, there may be criminal violations if the network is actually accessed including theft of services, interception of communications, misuse of computing resources, up to and including violations of the Federal Computer Fraud and Abuse Statute, Theft of Trade Secrets, and other federal violations."
668 - the neighbor of the beast