[ISN] Wireless Hunters on the Prowl

From: InfoSec News (isnat_private)
Date: Thu Jul 03 2003 - 01:16:48 PDT

  • Next message: InfoSec News: "Re: [ISN] Expert slams outlandish hacker claims"

    http://www.wired.com/news/wireless/0,1382,59460,00.html
    
    By Xeni Jardin
    July 02, 2003
    
    Mike Outmesguine leans against a Chevy Suburban packed with Wi-Fi, GPS
    and ham radio gadgets, gazing out at the necklace of hilltop radio
    towers that surround Los Angeles' Chinatown.
    
    "The cool thing about war driving is that it makes what's invisible --
    the wireless Internet -- visible," the Southern California Wireless
    Users Group co-founder says, grinning. "I worked on radio frequency
    jamming systems in the U.S. Air Force, and when I got out I remember
    returning home and suddenly being aware of wireless waves everywhere."
    
    Outmesguine, a Gulf War veteran and Los Angeles-based wireless
    technology consultant, isn't alone in that fascination. During the
    third WorldWide WarDrive taking place now through July 5, participants
    in dozens of U.S. cities roam around with Wi-Fi-sniffing gear, logging
    access points that will then be collected, shared and analyzed.
    
    Organized by a loose-knit group of security professionals and wireless
    enthusiasts, planners say the WWWD serves to raise awareness of the
    need for home and corporate users to secure wireless networks from
    unwanted access or snooping.
    
    The first drive, held in 2002, logged 10,000 access points. A second
    drive held six weeks later documented 25,000. This year, exponentially
    higher figures are expected due to Wi-Fi's growing popularity. The
    group hopes to broaden awareness of the need to lock down wireless
    LANs with WEP (wired equivalent privacy) or other encryption tools.
    
    Organizers gather data from the weeklong WWWD to create a statistical
    analysis of access points. Results will be presented by founder and
    lead organizer Chris Hurley, aka Roamer, in a presentation at this
    year's DefCon 11, a hacker convention.
    
    While Wi-Fi fans around the country prepared for the WWWD, Wired News
    joined SoCalWUG co-founders Outmesguine and Frank Keeney for a war
    driving excursion from Los Angeles' Chinatown through the city's
    financial core. In just 40 minutes, we logged nearly 400 access
    points, and many were unsecured. Software on Keeney's laptop allowed
    us to view some of the actual contents of network traffic, revealing
    detail as precise as file names and user names.
    
    Both Outmesguine and Keeney drive antenna-spiked SUVs equipped with
    amateur radio equipment, GPS units and multiple PDAs and laptops
    running applications such as Netstumbler and Kismet.
    
    Netstumbler detects networks that reveal their SSIDs (short for
    Service Set Identifier), which are typically broadcast under the
    default setting for wireless routers, while Kismet "listens" for radio
    signals in the air. GPS units connected to laptops by serial cables
    allow network locations to be charted on digital maps.
    
    One of Keeney's laptops runs a shareware application called APRS that
    displays the location of fellow war drivers and ham radio buddies on
    city streets. Using two-way radio or a text chat application, he
    communicates with them as he drives.
    
    "Now, more than ever, the number of networks is exploding," Keeney
    said. "When you do this over time, you're struck with just how quickly
    wireless growth doubled, then tripled."
    
    The Northern California WWWD organizer, who goes by CK3K, likens war
    drivers to contemporary cartographers.
    
    "We're interested in how the technology works and in raising security
    awareness by showing how many unsecured access points are out there.  
    We don't gain access to the networks we find; we just log and move
    on," CK3K said. "Wireless network security is just as important as on
    wired networks, but we see so many (access points) out there that have
    clearly just been taken out of the box, turned on and left alone."
    
    Awareness appears to be growing. A 2003 Jupiter Research report states
    that nine out of 10 U.S. executives surveyed named security as the top
    issue shaping wireless network deployment decisions.
    
    Still, only about half of companies in the survey implement wireless
    security precautions, and of those, many rely on measures such as
    "off-the-shelf" WEP -- considered by many security experts to be
    inadequate for corporate security needs.
    
    Corporate systems administrator and Silicon Valley WWWD organizer
    Chris K., aka Vtocsearch, has been war driving since 2001.
    
    "Then, about 90 percent had wide-open networks, and that includes big
    Fortune 500 companies," he said. "Network admins also need to scan for
    rogue wireless access points within their company and wireless access
    cards with default settings, which, in my opinion, are just as
    dangerous."
    
    When asked what one piece of advice he'd give to would-be Wi-Fi users,
    WWWD founder Hurley recommends beginning with the basics.
    
    "Use the built-in features of your access point," Hurley said.  
    "Implementation is easy and information on how to (use them) is
    readily available, including at the WWWD website."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jul 03 2003 - 03:41:13 PDT