[ISN] Wireless WarDrive: Wee Bit of Fun

From: InfoSec News (isnat_private)
Date: Tue Oct 29 2002 - 22:57:16 PST

  • Next message: InfoSec News: "[ISN] Wi-Fi eyes better wireless LAN security"

    By Michelle Delio 
    Oct. 29, 2002
    NEW YORK -- Finding a public restroom in Manhattan was the biggest
    challenge on Day 1 of the WorldWide WarDrive.
    Within a 40-block radius, the WarDrivers identified dozens of
    wide-open wireless networks. Among the spotted "private" business and
    home networks were those appearing to belong to a bank, a police
    station, several law firms and department stores, and a financial
    services firm.
    All of these networks appeared to be unprotected by even rudimentary
    security systems. Anyone with no ethics and just a bit of technical
    savvy could have logged in and accessed, at the very least, any of the
    information being transmitted across the network.
    The networks weren't hard to locate -- they broadcasted their presence
    loudly and clearly. But a bathroom for that wiggly WarDriver in the
    back seat? Impossible to find.
    "There's something just plain wrong about a city where you can find
    100 open wireless networks in a half hour and not one public
    bathroom," grumbled Ken Fandello, New York network consultant,
    occasional WarDriver, and owner of a set of weak kidneys.
    Fandello is an unregistered participant in the second WorldWide
    WarDrive (WWWD). Several dozen registered teams and unknown numbers of
    independent drivers in seven countries are hitting the road this week
    to spot unsecured wireless networks used to connect computers to each
    other and the Internet.
    WarDriving is not a mobile hack attack. The drivers don't connect to
    the networks they locate, and most WarDriving equipment is carefully
    configured so that it can't even accidentally access an open network.
    "I have no interest in reading people's e-mail, I have plenty of my
    own to keep me busy," said Christopher Blume, organizer of WWWD
    Manhattan. "But most people have absolutely no idea that their network
    is broadcasting their e-mails and instant messages out into the air."
    "The FBI clearly identified the line of legality back before the
    Defcon WarDrive contest, and the WarDriving community is very cautious
    to not cross it in any way," Maine WWWD organizer "c0nv3r9"  
    (pronounced "converge") added. "We're not out to access the networks,
    just gather statistics about the state of wireless as it is used and
    Statistics from participants are uploaded to various WWWD websites.  
    Specific information about particular networks will not be publicly
    released, but general data about spotted systems will be viewable
    after the drive is completed.
    Also available: documentation advising users how to make their
    wireless networks more secure.
    c0nv3r9 said gathering the stats and turning them into viable
    information is important to him, but he also likes the social aspect
    of driving.
    "I went into it as a great avenue for me to meet others with similar
    interests in the New England area," c0nv3r9 said. "It's also a
    different twist on exploring the state around you. I can hop in my car
    with a purpose and be motivated to drive in areas that I may never
    visit on a regular basis if at all. Oddities in maps just add more
    depth to the adventure."
    Most WarDrivers use a laptop loaded with network-sensing applications
    like NetStumbler, plugged into a small, omni-directional antenna.
    "On my first drive, I had a single directional antenna, a cheap old
    lucent wireless card and a windows laptop running NetStumbler,"  
    C0nv3r9 said. "I didn't have anything to mount the antenna while I
    drove, so I concocted a stand from my laptop case, a sport drink
    bottle and the seatbelt of the passenger side."
    But even a setup as rudimentary as c0nv3r9's isn't necessary.  
    WarDriving is equally successful sans any special equipment, according
    to networking consultant Mike Sweeney. All a user really needs is a
    computer with wireless capabilities.
    "An external antenna does help, but it is not required," Sweeney said.  
    "Someone could be scanning for networks with their PDA in a backpack
    while reading a book on the steps and nobody would be the wiser."
    On Sweeney's first WarDrive, he was surprised at the number of
    unsecured wireless networks he spotted.
    "Private homes, medical centers, a few banks and a warehouse store.  
    All were sensed from the street driving by at 20-40 miles per hour.  
    Out of these, 80 percent were open or, in other words, no encryption
    had been enabled and the default identifier (SSID) was used. This
    implies that any administrative password was probably still configured
    with the default information."
    "In midtown Manhattan, you can find thousands of business-owned
    wireless networks, and only approximately 25 percent have any sort of
    security measures enabled to protect the data that is flying across
    the air," Blume added.
    WorldWide WarDrive continues through Nov. 2.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Oct 30 2002 - 01:40:44 PST