http://www.wired.com/news/wireless/0,1382,59460,00.html By Xeni Jardin July 02, 2003 Mike Outmesguine leans against a Chevy Suburban packed with Wi-Fi, GPS and ham radio gadgets, gazing out at the necklace of hilltop radio towers that surround Los Angeles' Chinatown. "The cool thing about war driving is that it makes what's invisible -- the wireless Internet -- visible," the Southern California Wireless Users Group co-founder says, grinning. "I worked on radio frequency jamming systems in the U.S. Air Force, and when I got out I remember returning home and suddenly being aware of wireless waves everywhere." Outmesguine, a Gulf War veteran and Los Angeles-based wireless technology consultant, isn't alone in that fascination. During the third WorldWide WarDrive taking place now through July 5, participants in dozens of U.S. cities roam around with Wi-Fi-sniffing gear, logging access points that will then be collected, shared and analyzed. Organized by a loose-knit group of security professionals and wireless enthusiasts, planners say the WWWD serves to raise awareness of the need for home and corporate users to secure wireless networks from unwanted access or snooping. The first drive, held in 2002, logged 10,000 access points. A second drive held six weeks later documented 25,000. This year, exponentially higher figures are expected due to Wi-Fi's growing popularity. The group hopes to broaden awareness of the need to lock down wireless LANs with WEP (wired equivalent privacy) or other encryption tools. Organizers gather data from the weeklong WWWD to create a statistical analysis of access points. Results will be presented by founder and lead organizer Chris Hurley, aka Roamer, in a presentation at this year's DefCon 11, a hacker convention. While Wi-Fi fans around the country prepared for the WWWD, Wired News joined SoCalWUG co-founders Outmesguine and Frank Keeney for a war driving excursion from Los Angeles' Chinatown through the city's financial core. In just 40 minutes, we logged nearly 400 access points, and many were unsecured. Software on Keeney's laptop allowed us to view some of the actual contents of network traffic, revealing detail as precise as file names and user names. Both Outmesguine and Keeney drive antenna-spiked SUVs equipped with amateur radio equipment, GPS units and multiple PDAs and laptops running applications such as Netstumbler and Kismet. Netstumbler detects networks that reveal their SSIDs (short for Service Set Identifier), which are typically broadcast under the default setting for wireless routers, while Kismet "listens" for radio signals in the air. GPS units connected to laptops by serial cables allow network locations to be charted on digital maps. One of Keeney's laptops runs a shareware application called APRS that displays the location of fellow war drivers and ham radio buddies on city streets. Using two-way radio or a text chat application, he communicates with them as he drives. "Now, more than ever, the number of networks is exploding," Keeney said. "When you do this over time, you're struck with just how quickly wireless growth doubled, then tripled." The Northern California WWWD organizer, who goes by CK3K, likens war drivers to contemporary cartographers. "We're interested in how the technology works and in raising security awareness by showing how many unsecured access points are out there. We don't gain access to the networks we find; we just log and move on," CK3K said. "Wireless network security is just as important as on wired networks, but we see so many (access points) out there that have clearly just been taken out of the box, turned on and left alone." Awareness appears to be growing. A 2003 Jupiter Research report states that nine out of 10 U.S. executives surveyed named security as the top issue shaping wireless network deployment decisions. Still, only about half of companies in the survey implement wireless security precautions, and of those, many rely on measures such as "off-the-shelf" WEP -- considered by many security experts to be inadequate for corporate security needs. Corporate systems administrator and Silicon Valley WWWD organizer Chris K., aka Vtocsearch, has been war driving since 2001. "Then, about 90 percent had wide-open networks, and that includes big Fortune 500 companies," he said. "Network admins also need to scan for rogue wireless access points within their company and wireless access cards with default settings, which, in my opinion, are just as dangerous." When asked what one piece of advice he'd give to would-be Wi-Fi users, WWWD founder Hurley recommends beginning with the basics. "Use the built-in features of your access point," Hurley said. "Implementation is easy and information on how to (use them) is readily available, including at the WWWD website." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jul 03 2003 - 03:41:13 PDT