Re: [fw-wiz] Interlopers on the WLAN

From: Dave Piscitello (
Date: 11/06/02

From: Dave Piscitello <>
Date: Wed Nov  6 13:30:02 2002

According to the FBI field agents who spoke at a seminar series I recently
participated in, if you "stumble upon" an ESSID, actively attempt to obtain
an address by scanning or using one helpfully provided via DHCP, you are
engaged in an unauthorized access and can be prosecuted under

USC TITLE 18 > PART I > CHAPTER 47 > Sec. 1030,
Fraud and related activity in connection with computers

One of several URLs:

If you're curious how it's being enforced w/r/t WLANs, contact the FBI
through your local Infragard chapter?

I don't think people will be able to make a case about "secured" or not.
I'm not an attorney, but I think the same logic that dictates that "I leave
my doors unlocked - it's my home and if you enter while I'm not there it's
unauthorized entry" applies here. My opinion as well is that once you
obtain or use an IP address/mask/gateway that you clearly know belongs to
someone else, you have attacked a network:

- unauthorized use of resources
- denial of service to others who might wish to use the address
- disruption of service of a host that is normally assigned the IP address used
- unauthorized receipt of transmissions over the WLAN
- etc.

It's not "clever" any more...
Considerably more clever people than those who are war-driving proved a
point, now it's cracker chic

At 12:23 AM 11/5/2002 -0800, Philip J Koenig wrote:
>Please forgive if this has been covered before, I'm not reading the
>group daily these days.
>Is it reasonable to assume that those who access WLANs without the
>permission of the owner are violating the same cybercrime laws that
>apply to any unauthorized access of a computer network?
>Some have recently argued this is not the case if someone doesn't
>"enable the security features", but personally I don't see the
>distinction between this kind of activity and anything normally
>prohibited by laws such as California Penal Code section 502a and
>various other cybercrime laws. It doesn't seem to me that the law
>makes a distinction about whether the network in question was secured
>or not. (what does 'secured' mean anyway?)
>Philip J. Koenig
>Electric Kahuna Systems -- Computers & Communications for the New
>firewall-wizards mailing list

David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926