War Driving Illegal?

He wasn't arrested for War Driving. He was arrested for breaking into their network and causing damage. You noitce the war drive took place "earlier that month." He was arrested for going back and accessing the network later, and being stupid enough to do it in front of them and a reporter.

All reports that I've seen on this are pretty vague. But chances are pretty darn slim anyone would have had a clue if he was just wardriving. The key phrases to look for in the articles include "use network, access the system, showed..how easy". This is not done by half-intelligent beings that wish to stay out of prison... let alone to a COUNTY COURT!!!

WarDriving is not illegal to my knowledge, no more so than pinging a random IP address.

http://www.wardriving.com/doc/Wardriving-HOWTO.txt

I had a customer of mine call me for some problem with his network. I got there and find a brand new Linksys WAP there. I grabbed my laptop and showed him that I was able to access his network, all of the machines, printers, network shares and what have you. The first words out of his mouth were: "How did you hack into my network from out here?" I may be wrong, but the vibe I got was that this guy showed a county official that he could get onto the courthouse network from the parking lot and the guy figured that the dood must have somehow hacked into the network. When i look at $5000, the number quoted for "damage down to the network" the first thing I think of is consultant fees. That is probably what the consultant charged to the county to come over and figure out how to either secure the wi-fi or to come to the conclusion to just get rid of it. More-over, if it was decided that it should be removed I would place money on that $5000 figure including the cost to run wires to previously wireless devices in the building. I have reservations about the idea that this guy actually trashed their network.

I don't disagree with a lot of your points. In fact, I would say you are pretty close. But the difference between a penetration test and an unauthorized access is simply a piece of paper. I do pen tests. I always make sure I have my get out of jail free card in place before I TOUCH their networks.

My guess is all he did was use their wireless to surf the net. Maybe check his own email. I would say the $5000 is the cost of the wireless equipment they disconnected.

My point is, yeah this dude got the shaft, but face facts...the article is not headlined correctly. It isn't wardriving. Also, if you are dumb enough to walk into a COURTHOUSE and say "I am going to hax0r you. Look how easy it is" you deserve a taxpayer paid vacation at a correctional facility of the state's choice.

Hmmm... when you put it that way... I am thinking that this guy was not too bright in his approach to notifying them. Maybe he wanted to attempt to land the courthouse as a client for his security analyst services. I don't know. I notified someone once about a flaw in their website and I did so through a fresh hotmail account accessed from a public computer at school. The same way somebody did for my network when one of my coworkers put up an NT machine with IIS and didn't patch it. IMO, it is just pretty sad that what this guy did is fairly tantamount to a favor and they have spat on him.

Well...we don't know the whole story. For instance, we do know that this guy was a former employee. I find it unlikely that he wanted to "do them a favor."

Whether you quit or got fired, most people don't do their former employers favors out of the goodness of their heart. Also, as a former employee, a favor would have been to call the admin and say "Hey buddy, did you know you have a config problem with your wireless LAN?"

Not call a reporter and say.."Hey look how fucked up these guys are."

Those are the kind of favors that typically piss people off.

Well Blackwave and I found two open connections at Dave & Buster's, guess we better not fire up our laptops there.

# $DateGMT: 2002-07-26
( orange ) BBS ( 00:05:5d:da:27:3c ) 22:31:49 (GMT) [ 13 70 57 ]
( orange ) BBS ( 00:05:5d:da:2d:e7 ) 22:31:49 (GMT) [ 12 69 57 ]

Yeah they were running two D-Links in Infrastructure mode, dhcp enabled, and running Exchange Server in the clear... of course since the signal was marginal, I am assuming that these APs cover the entire block. We didn't walk around with the "tricorder" to narrow down on the signal... Of course the setup was purely promiscuous, so no actual interaction was being made... ;)


disclaimer: for educational and informational purposes only. The events mention never took place.

Well... the story goes like this.

I was sitting outside in my car a t the local grocery store this morning, waiting for a friend to show up to goo out and play paintball. The only things in the car were me and my paintball gear (all packed up in the back seat).

I can only guess that some dateline/60minutes/2020 save the consumer type show has aired recently. My car was parked facing the street, so that I could see my friend drive up. There was a drivethrough ATM directly across the street from me... (with the empty wall side facing me, for that matter) In the half hour I waited for them, someone had called the cops on me, saying that I was looking at the ATM/people making transactions with binoculars.

Luckily the cops were nice, nothing was made of it, and the cops just took my name and dob for measure. I can only imagine what would have happened had the wardriving gear been present in my passenger seat.