I’ve been learning about some security issues these days, and actually one of the most important facts about this matter is not technical knowledge itself but how far should we put it.
In the 90′s there was a witch-haunt related to hacking, cracking and phreaking. Until that, laws about computer crime was actually so undefined people went crazy when teens started messing up their computers. In response they developed an intense new law against this, and well, now it’s supposed to be more adapted but…
What is the reality?
There are several laws, trying to put a limit in our liberty, which is frankly nice. I always thought our own liberty ends when the other’s start, but let’s say, in case of computers and the internet, is far away from be that simple.
If you sneak into a company data, depending on the company itself, can be a disaster for them. You can sell important information, or use it against them, so if it means a money loose for them, (I think it was from 5000$ in advance) then you can be sued and be imprisoned without fine. In any case, it seems reasonable. (talking about the US here)
Depending in the state, only the sniffing action, even if you are just a dick who want to test if you can get in, but don-t even touch of pay attention to the data, IT CAN BE ALSO A CRIME, which translates into 10 YEARS IN F*CK*NG PRISON and a 10000 $ fine.
Let me repeat it, 10 YEARS. 10 years is the minimum they can charge you for second degree murder.
Apart from this, if you are from outside the US don’t think you are out of this, and I’m not talking about the internet law wherever you live, but I’m still referring to the US. If any of your internet acts, can be considered a threat to the US, they are IN THEIR LEGAL RIGHT to go and catch you. Yes that’s it, it’s the tiny little part in the 18 USC Sections 1030 of the Computer Fraud and Abuse Act.
Do you like tiny little parts on law? great, because in the 18 USC Section 2510, et.Seq., and 2701, et.Seq., of the Electronic Communications Privacy act, there’s a funny part that says that if the government wants to listen in on phone calls, Internet communications, email and network traffic, or coughing idk, they totally have the right if hat implies national security. This might make everyone feel safer, I mean, what the hell, I don’t say anything crucial for the humanity on whatsapp, and on the contrary terrorist might.
Well you are right, but there are thrills in letting your privacy fly away like that, and it’s difficult to notice it they are either using terror to actually the public privacy or defending the people from the bad guys. Not like the public can do a thing, tho.
Funny facts! aren’t they.
Okay fine, that all it’s wonderful buuut what the hell is sniffing and spoofing and all of that.
Spoofing allows you to impersonate another system which will let you sniffing (looking at other’s data and credentials). More exactly, ARP spoofing impersonates the network gateway, that is what will allow an attacker look at that. I’m not posting the procedure whatsoever, but let’s just say it’s easy.
Fortunately for us, a modern router will prob crash when it identifies a spoofing in the network. But there are seconds, even minutes (depending on the router) free for the attacker to see the credentials of the people around. This technique is also called The Man in the Middle (MITM) you can guess why by looking at the figure.