Dynamic spectrum access is a powerful approach to taking advantage of opportunities in spectrum to communicate. Access to these spectral opportunities should be regulated and monitored to prevent unapproved theft of spectral resources, which ultimately belong to a primary user. Unfortunately, most of the literature devoted to spectrum scanning does not consider the over-arching application that a spectrum thief might try to run. In this paper, we show that the thief's application (specifically, its QoS requirements), plays a critical role in how the thief should attempt to sneak spectrum and, consequently, a critical role in how the spectrum monitoring infrastructure should scan spectrum to detect thievery of spectral resources. We study the difference in the thief's behavior when considering bandwidth and delay as the two primary QoS parameters he is concerned with. Loosely speaking, this corresponds to sneaking for file-download versus streaming video, and the ultimate lesson learned is that the detection p