Girl Geekette

Although many want to believe that Wardriving is illegal, the truth of the matter is that in a document released by the FBI, it states that Wardriving itself is legal. In the document FBI releases advisory about 802.11-spotting "wardriving" it states:

"Identifying the presence of a wireless network may not be a criminal violation, however, there may be criminal violations if the network is actually accessed including theft of services, interception of communications, misuse of computing resources, up to and including violations of the Federal Computer Fraud and Abuse Statute, Theft of Trade Secrets, and other federal violations."

So, in essence, Wardriving itself is not illegal. But, any activity using or compromising the services itself without authorization and/or permission is considered illegal. So, although it is not illegal to Wardrive, the lines are crossed, and it becomes illegal if you connect to the network and use the open Wireless Access Point for anything other than identifying that there is an open WAP.

A few days ago, I found a great article on Techdirt that I really loved. "You’re Not As Secure As You Think… Except Maybe On Wireless Networks " does a great job of showing an example of how most people believe that wireless networks are insecure by nature, therefore, if the general population believes that, then they are in essence as secure as they believe they are. From all the work with wireless that I have done, I can fully agree with the way this article is presented.

Out of the box, wireless networks are extremely vulnerable and insecure. Through recent studies I have done, I can conclude that over 50% of Wireless Access Points (WAPs) are left with no security enabled – not even MAC address filtering or any type of encryption – WEP or WPA. WEP has been crackable now for a few years using programs like WEPcrack. MAC address spoofing is also easily done by using ifconfig in *nix and a simple registry change in Windows XP. Even WPA PSK has been cracked (WPA itself has not been cracked, but the PSK – private shared keys – is susceptible to brute force and has been cracked). So, when I read the article on Techdirt, I had to completely agree.