[ISN] High-tech hobby falls under CSIS suspicion

From: InfoSec News (isnat_private)
Date: Tue Feb 25 2003 - 05:02:37 PST

  • Next message: InfoSec News: "[ISN] To Trap a Superworm"

    http://www.canada.com/search/story.aspx?id=25c5ce8f-6388-46ea-9741-65a7f3593c47
    
    Jim Bronskill   
    The Ottawa Citizen  
    February 13, 2003 
    
    Two Alberta men with a passion for locating and mapping wireless 
    computer networks have come under the scrutiny of Canada's spy agency.
    
    Newly obtained documents show the Canadian Security Intelligence 
    Service took careful note last summer as computer hobbyists Jason 
    Kaczor and Brad Haines invited participants to help find access points 
    to wireless networks in Red Deer, Alta.
    
    The high-tech phenomenon, known as war driving or net stumbling, 
    involves cruising around a neighbourhood in search of networks in a 
    car equipped with a laptop, wireless networking gear and a global 
    positioning unit.
    
    In a confidential intelligence report, CSIS painted the activity as a 
    threat to the security of sensitive information.
    
    Many organizations in the retail, health care, education and financial 
    services sectors have adopted the use of wireless networks due to 
    their ease of installation, low cost and portability, CSIS noted in 
    the August report.
    
    "Hackers can break into wireless computer networks in homes, 
    businesses and government offices using a laptop or portable PC, an 
    antenna, a wireless access card and wireless-sensing software," the 
    report said. 
    
    "Wireless technology makes it easier for system intruders to search 
    for data and invade the privacy of network users, since computer 
    networks have no physical barriers."
    
    A declassified version of the report was released to the Citizen under 
    the Access to Information Act. Such CSIS briefs are distributed to key 
    federal departments, selected police services and other intelligence 
    agencies.
    
    The report said a number of cities in British Columbia, Alberta, 
    Saskatchewan, Ontario and Nova Scotia had already been the focus of 
    war-driving activity and the results were presented on Web sites.
    
    CSIS singled out "a computer enthusiast from Edmonton" -- a reference 
    to Mr. Haines, who goes by the nickname Render -- as preparing an Aug. 
    21 press release about the Red Deer event, adding he "stated that 
    wireless networks in Calgary, Edmonton and other communities in 
    Alberta had been mapped but that no one had done a significant scan of 
    Red Deer."
    
    Mr. Kaczor and Mr. Haines insist the Aug. 31 Red Deer initiative, part 
    of the first international war driving day, was intended to raise 
    awareness about the potential security pitfalls of wireless networks 
    -- not to breach systems or exploit confidential information.
    
    Mr. Kaczor, a Calgary computer consultant, is offended by the CSIS 
    report's tone, considering he has invested time, money and his 
    professional reputation in what he deems a rather thankless task.
    
    He compares war driving to birdwatching, whereas breaking into a 
    wireless network would be analogous to duck hunting. CSIS has blurred 
    the line between the two activities, Mr. Kaczor said in an interview. 
    "I'm upset that they don't make that distinction between detection and 
    access."
    
    The press release, which also included Mr. Kaczor's name and contact 
    information, featured the tongue-in-cheek headline "Wireless hackers 
    invade Red Deer!"
    
    But it also stressed the usefulness of the exercise. "While there are 
    no prizes, no rules and definitely no glamour, this activity is 
    constructive in that it raises awareness with regards to: privacy, 
    security (or alternatively a complete lack of security), and the 
    growing number of wireless networks sending information over, around 
    and through an area."
    
    Mr. Haines sees war driving as beneficial to CSIS because it points 
    out network vulnerabilities.
    
    "We're actually out to help them in their job, because we've already 
    done a lot of the legwork for them," he said. "It's perfectly 
    legitimate, it's fun. Nobody's being hurt by it, in fact they're 
    gaining knowledge from it."
    
    He was particularly surprised at the attention from the spy agency in 
    light of an encounter at a computer hackers convention in Las Vegas 
    last summer. Mr. Haines met a woman he believes was a Canadian 
    intelligence officer doing research on wireless security tools.
    
    "Her job was to test out hardware and software for their use."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Feb 25 2003 - 08:32:56 PST