http://www.wired.com/news/wireless/0,1382,56062,00.html By Michelle Delio Oct. 29, 2002 NEW YORK -- Finding a public restroom in Manhattan was the biggest challenge on Day 1 of the WorldWide WarDrive. Within a 40-block radius, the WarDrivers identified dozens of wide-open wireless networks. Among the spotted "private" business and home networks were those appearing to belong to a bank, a police station, several law firms and department stores, and a financial services firm. All of these networks appeared to be unprotected by even rudimentary security systems. Anyone with no ethics and just a bit of technical savvy could have logged in and accessed, at the very least, any of the information being transmitted across the network. The networks weren't hard to locate -- they broadcasted their presence loudly and clearly. But a bathroom for that wiggly WarDriver in the back seat? Impossible to find. "There's something just plain wrong about a city where you can find 100 open wireless networks in a half hour and not one public bathroom," grumbled Ken Fandello, New York network consultant, occasional WarDriver, and owner of a set of weak kidneys. Fandello is an unregistered participant in the second WorldWide WarDrive (WWWD). Several dozen registered teams and unknown numbers of independent drivers in seven countries are hitting the road this week to spot unsecured wireless networks used to connect computers to each other and the Internet. WarDriving is not a mobile hack attack. The drivers don't connect to the networks they locate, and most WarDriving equipment is carefully configured so that it can't even accidentally access an open network. "I have no interest in reading people's e-mail, I have plenty of my own to keep me busy," said Christopher Blume, organizer of WWWD Manhattan. "But most people have absolutely no idea that their network is broadcasting their e-mails and instant messages out into the air." "The FBI clearly identified the line of legality back before the Defcon WarDrive contest, and the WarDriving community is very cautious to not cross it in any way," Maine WWWD organizer "c0nv3r9" (pronounced "converge") added. "We're not out to access the networks, just gather statistics about the state of wireless as it is used and implemented." Statistics from participants are uploaded to various WWWD websites. Specific information about particular networks will not be publicly released, but general data about spotted systems will be viewable after the drive is completed. Also available: documentation advising users how to make their wireless networks more secure. c0nv3r9 said gathering the stats and turning them into viable information is important to him, but he also likes the social aspect of driving. "I went into it as a great avenue for me to meet others with similar interests in the New England area," c0nv3r9 said. "It's also a different twist on exploring the state around you. I can hop in my car with a purpose and be motivated to drive in areas that I may never visit on a regular basis if at all. Oddities in maps just add more depth to the adventure." Most WarDrivers use a laptop loaded with network-sensing applications like NetStumbler, plugged into a small, omni-directional antenna. "On my first drive, I had a single directional antenna, a cheap old lucent wireless card and a windows laptop running NetStumbler," C0nv3r9 said. "I didn't have anything to mount the antenna while I drove, so I concocted a stand from my laptop case, a sport drink bottle and the seatbelt of the passenger side." But even a setup as rudimentary as c0nv3r9's isn't necessary. WarDriving is equally successful sans any special equipment, according to networking consultant Mike Sweeney. All a user really needs is a computer with wireless capabilities. "An external antenna does help, but it is not required," Sweeney said. "Someone could be scanning for networks with their PDA in a backpack while reading a book on the steps and nobody would be the wiser." On Sweeney's first WarDrive, he was surprised at the number of unsecured wireless networks he spotted. "Private homes, medical centers, a few banks and a warehouse store. All were sensed from the street driving by at 20-40 miles per hour. Out of these, 80 percent were open or, in other words, no encryption had been enabled and the default identifier (SSID) was used. This implies that any administrative password was probably still configured with the default information." "In midtown Manhattan, you can find thousands of business-owned wireless networks, and only approximately 25 percent have any sort of security measures enabled to protect the data that is flying across the air," Blume added. WorldWide WarDrive continues through Nov. 2. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 01:40:44 PST