Am I breaking the law ?

Discussion in 'Gaming and Software' started by Pocoyo, Aug 20, 2007.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. I've been back in my flat for a few days after a nice couple of weeks at home. Since thursday last week I've been surfing away as per usual and it was only tonight that I noticed that my router isn't even plugged in!

    I'd unplugged everything before going away and forgot to switch it back on. I use a Mac and it just logged on to the nearest available open wireless connection without any questions or prompts to me.

    it's sorted now but while looking around I now know that I can connect to at least 6 different wireless networks.

    Does anyone know if I've technically been breaking the law by accident ?

    If so I might just have to hand myself in, or maybe at least let the gang of youths near Spar know so that I can gain some "kudos"
  2. Its not against the law its up to who ever ownes the wireless network to secure it. possible a private law suit but thats about it i think
    In fact the person who network it is may/could be booted by there ISP for allowing open and free net access. plus if some one surfs porn i.e. kiddy stuff you try proving it wasnt you the network router owner as the ISP will track it to that persons router
  3. So, if your router isn't secure, you have a potential alibi? It wasn't me, guv, somebody's been invading my router.

  4. Em i think they will give your collar a good yank 1st lol (pardon the pun)
  5. Technically, yes you are breaking the law.

    In reality, there would be little chance I would think of being reported by whoever has the open access, and I would imaging that your unintended use would go in your favour. But there are people who cruze around in cars with the express intention of trying to use other other peoples connections. I myself have reported someone to the police who was parked outside my house for several days and seemed to have a laptop on his knee. The police informed me it was nothing suspicious, but the vehicle never came back after the police spoke to him, so who knows.

    edited to add.

    "Communications Act 2003, section 125

    Dishonestly obtaining electronic communications services

    (1) A person who-

    (a) dishonestly obtains an electronic communications service, and
    (b) does so with intent to avoid payment of a charge applicable to the provision of that service,

    is guilty of an offence."
  6. Sadly to a certain degree.... yes. As (almost) always the burden of proof lies with the police. If the police have proof of an illegal download by a certain IP and that IP is your router, by it being open you could deny any wrong doing. But then of course would you be happy with losing your PC equipment for 6 months or more while it is taken to pieces :D
    Of course you could protect your pc by various means to either securely wipe info or encryp data, but that then raises 2 questions.. why has someone with the IT knowledge to encrypt data or secure wipe it, not secured their wireless connection? And more importantly, the law has now changed (and this is why i used the word "almost" above) If you encrypt data and refuse to give up the encryption key, and a simple "I forgot it" doesnt wash, then you are presumed guilty. Sadly at this moment in time the maximum term for refusing to give up your encryption key is only 2 years, far less than you could get if you were caught hiding kiddy porn. So sadly this is one route potential pedo's can minimise their risks :cry:
  7. IT GEEK spot on I was looking for that act to quote from...

    While the chances of getting caught are slim please remember that if the router owner knows what they are doing they have a good enough router they can log mac addresses also beware of Honeypot's and rouge access points.
    Honeypots are set up to catch those who are attempting to or are accidentally using others wireless access in an attempt to catch them. Usually done by law enforcement agencies.

    Rouge access points are usually set up on the back of existing WLAN's in an attempt to captue security information being transmitted from the client to the access point and there by gain access to the real WLAN. This can also be done to capture packets of data and retreive info from them think CC and bank details.

    Even WEP encrypted WLAN's are not really secure. While carrying out a network penetration test for a client I sat outside in the car park for 30 mins with a laptop and some freely available software took me 20 mins to gather enough packets then 7 seconds to crack the WEP key..
  8. I am not that much of an expert in this area (more jack of all trades master of none :D ) Just out of intrest what was the encryption method you cracked in that time? I was under the impression that WPA/PK was fairly good, is this the case?
  9. Good point but under the law the police still need to prove your guilt. They can presume all they bloody well like but they still need to prove it to a jury of your peers should you so decide.
  10. Unfortunately... no. Which is why a few organisations in the know tried very hard to stop the RIPA Act (Regulation of Investigatory Powers Act)
    "What happens if I refuse to give you the key?"
    Failure to comply with a disclosure requirement or a secrecy requirement is a criminal offence. Where a person given a section 49 notice knowingly fails to make the disclosure required they commit an offence. If the disclosure required is necessary in the interests of national security they may be convicted on indictment to a maximum of 5 years imprisonment or in any other case 2 years. On summary conviction they may be liable to a maximum six-month term of imprisonment or a fine not exceeding the statutory maximum or both."

    With regards to the "I forgot" the burden of proof lies with the individual!!! Hence this is the first tiem (that I am aware) that you are presumed guilty unless you can prove that you (a) never had the key or (b) really have forgotten it.

    How do you prove you have forgotten something?

    heres another disturbing link and her's a clip from it

    "Do you still have every key, password, PIN number, cash card you have ever owned? Do you ever lose computer files by mistake? Under RIP, if you don't have your decryption key any more, you're liable to two years in jail unless you can prove to a court, on balance of probability, that the key was lost or destroyed."
  11. My bold. They can legislate all they damn well like but you are still entitled to a trial by jury and it would not be difficult to argue your case on that last point. The establishment doesn't own you, we own it!!
  12. we shall have to agree to disagree on that one, but my original point still stands, with this law, the burden of proof has now shifted to YOU.
  13. WPA is good. I've not found any tools to crack that yet......
    Here is why WEP can be cracked

    WEP is a really crappy and old encryption techinque to secure a wireless connection. A 3-byte vector, called an Initalization Vector or IV, is prepended onto packets and its based on a pre-shared key that all the authenticated clients know... think of it as the network key you need to authenticate.

    Well if its on (almost) every packet generated by the client or AP, then if we collect enough of them, like a few hundred thousand, we should be able to dramatically reduce the keyspace to check and brute force becomes a realistic proposition.

    I used sniffer software to gather about 750,000 packets with IV's it then took the decoding software 7 seconds to come back with the WEP 64 key. tried it again with 128 bit key and gathered just under 1,500,000 packets and it took only slightly longer (16 seconds) to crack that one.

    If you use WPA then you are safer. I dont know how to crack except brute force, but that doesnt mean there are not people much better at it than I am who can do it...
  14. A finnish company director once 'hacked' his own company through a unsecure wireless AP in the next town as an insurance scam.
    The cops collected the client MAC's from the wireless router and compared them with the director's laptop MAC and guess what: he's in jail.

    WPA can be cracked. If the PSK is weak it's quicker to do than WEP:
    Because you can sniff a WPA network at layer 2 you can learn the MAC's of the client's. With this info you use packet replay software to broadcast deauthentication frames with the (spoofed) client MAC. The client gets bumped off for a few seconds and reconnects. Using a packet sniffer you then capture the 4-way authentication Handshake. Using cowpatty you can then brute-force the handshake data to reveal the PSK.
    With a rainbow-table the whole process can take < 5 mins.

    Good news is if you've a V.long PSK you're pretty safe.