[ISN] Drive-by hackers hunt free, easy Web access

From: InfoSec News (isnat_private)
Date: Tue Mar 26 2002 - 00:35:24 PST

  • Next message: InfoSec News: "[ISN] Lieberman Quizzes Ridge On Federal IT Security"

    By Reid Kanaley
    Inquirer Staff Writer
    Mar. 24, 2002
    Russell Handorf was in a no-parking zone, but so what? His laptop
    computer, propped against the steering wheel, had his full attention.
    Handorf was probing the wireless-computer networks humming around
    Center City, trying to sneak his way online.
    "I'm on the Internet," he finally proclaimed on this recent afternoon.  
    "Whaddya know. . . . This is a fast connection, too."
    Utilizing the credit-card-size wireless adapter plugged into the side
    of his laptop, Handorf, 22, of the city's Queen Village section, had
    gotten onto the Net by tapping into the computer system of an
    unsuspecting business among the nearby office towers.
    It is something anyone with the right equipment and some high-tech
    smarts can do - all it takes is a laptop computer, a $100 adapter
    card, and a free piece of software that sniffs out the wireless
    Internet connections leaking out of many office buildings.
    Thusly equipped, a would-be Internet surfer can sit on a park bench or
    in a coffee shop next door to an office building and go online - on
    some nearby company's dime.
    It sure beats paying $45 a month for cable-modem service, though the
    legality of the practice is untested.
    Part hacker, part evangelist for high-speed wireless Internet access,
    Handorf is one of a growing number of computer enthusiasts touting the
    problems and promises of wireless networking.
    One of the problems is the new sport Handorf was demonstrating.  
    Variously called war driving, net stumbling, LAN jacking and drive-by
    hacking, it is focused on breaking into the so-called Wi-Fi networks
    that are popping up in more and more offices and homes.
    Wi-Fi networks have become do-it-yourself simple to install, and they
    eliminate the need for cables when connecting computers together in a
    network to share files, printers and Internet connections.
    The wireless hardware typically comes with security features -
    password protection and encryption - that can prevent intrusions. The
    trouble is, at least 60 percent of those who set up the
    fast-proliferating systems never bother to turn the security features
    on, leaving their networks open to use by almost anyone within range,
    according to John Pescatore, network-security analyst at the research
    firm Gartner Inc.
    So someone within a few hundred feet of an unprotected Wi-Fi network
    can use it to surf the Net - often undetected by the home or office
    whose network was borrowed.
    War driving is "very common. Anyone who is a tech-savvy geek with a
    laptop and a wireless NIC [network interface card] is capable of doing
    it," said Handorf, a Memphis, Tenn., native with eyeglasses and
    close-cropped blond hair, who is studying business at Peirce College.  
    He said he would not mind landing a job in computer security.
    A few resourceful practitioners have reported using Pringles
    potato-chip cans as makeshift antennas to zero in on the small Wi-Fi
    A Web site, NetStumbler.com, whose users log their discoveries of
    wireless networks, has mapped the locations of 15,000 Wi-Fi access
    points around the United States, and 85 percent of them are open, said
    Wayne Slavin, the site's Webmaster. About 100,000 people have
    downloaded the site's free software for detecting Wi-Fi signals, he
    Generally, computer-network intrusion is illegal under federal
    computer-crime statutes, but no cases involving hacking of wireless
    systems have been prosecuted, Department of Justice spokeswoman Casey
    Stavropoulos said last week.
    Curbside at 16th and Market Streets, Handorf checked his newly
    borrowed Internet connection by clicking open the America Online
    instant-messaging program.
    Immediately he was hailed with online greetings from his girlfriend,
    who was sitting across town at her home computer.
    "Where are you?" she wanted to know.
    "Somewhere on Market St.," he typed in.
    "Showing off," the girlfriend chided.
    Managers of two networks that played unwitting hosts to Handorf said
    last week that they were beefing up security on their systems after
    learning of his demonstration for this article.
    Both insisted that intrusion-blocking hardware and software, or
    firewalls, were active on their systems and would have prevented
    Handorf from breaking into the sensitive parts of their computer
    networks. One said his company had set up the wireless network four
    months ago so that workers could get laptop access from coffee shops
    in the firm's South Street neighborhood.
    Though wireless surfing on the sly remains primarily a diversion for
    computer enthusiasts, grassroots groups in New York City, San
    Francisco and other cities, spurred by the notion of democratizing
    high-speed Net access, are encouraging wireless owners to leave their
    Wi-Fi systems open for use by neighbors and laptop-toting passersby.
    The prospect for such service is "ridiculously exciting," said Drew
    Celley, an unemployed systems administrator who is trying to organize
    free wireless access in Pittsburgh.
    Gartner's Pescatore said the rationale for voluntary free wireless
    access is analogous to saying: "If everybody left their porch lights
    on, we wouldn't need street lights."
    By cruising through Philadelphia with his computer, a
    global-positioning-system device, and the network-sniffing software
    from NetStumbler, Handorf said, he has logged the locations of
    hundreds of wireless-access points in the region.
    "Who would have thought?" he asked.
    And while he has used some of those networks for Web surfing, it is
    "out of respect" that he does not attempt to invade his hosts'
    computer files.
    After this recent tour of the city to listen for "heartbeats," as
    Handorf called the identifying signals sent out by the Wi-Fi systems,
    he studied the Web site of one of the companies whose network he had
    "I wonder if they have any job openings," he said.
    Contact Reid Kanaley at 215-854-5026 or rkanaleyat_private
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 26 2002 - 04:10:15 PST