[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Wireless WarDrive: Wee Bit of Fun
From:       InfoSec News <isn () c4i ! org>
Date:       2002-10-30 6:57:16
[Download RAW message or body]

http://www.wired.com/news/wireless/0,1382,56062,00.html

By Michelle Delio 
Oct. 29, 2002

NEW YORK -- Finding a public restroom in Manhattan was the biggest
challenge on Day 1 of the WorldWide WarDrive.

Within a 40-block radius, the WarDrivers identified dozens of
wide-open wireless networks. Among the spotted "private" business and
home networks were those appearing to belong to a bank, a police
station, several law firms and department stores, and a financial
services firm.

All of these networks appeared to be unprotected by even rudimentary
security systems. Anyone with no ethics and just a bit of technical
savvy could have logged in and accessed, at the very least, any of the
information being transmitted across the network.

The networks weren't hard to locate -- they broadcasted their presence
loudly and clearly. But a bathroom for that wiggly WarDriver in the
back seat? Impossible to find.

"There's something just plain wrong about a city where you can find
100 open wireless networks in a half hour and not one public
bathroom," grumbled Ken Fandello, New York network consultant,
occasional WarDriver, and owner of a set of weak kidneys.

Fandello is an unregistered participant in the second WorldWide
WarDrive (WWWD). Several dozen registered teams and unknown numbers of
independent drivers in seven countries are hitting the road this week
to spot unsecured wireless networks used to connect computers to each
other and the Internet.

WarDriving is not a mobile hack attack. The drivers don't connect to
the networks they locate, and most WarDriving equipment is carefully
configured so that it can't even accidentally access an open network.

"I have no interest in reading people's e-mail, I have plenty of my
own to keep me busy," said Christopher Blume, organizer of WWWD
Manhattan. "But most people have absolutely no idea that their network
is broadcasting their e-mails and instant messages out into the air."

"The FBI clearly identified the line of legality back before the
Defcon WarDrive contest, and the WarDriving community is very cautious
to not cross it in any way," Maine WWWD organizer "c0nv3r9"  
(pronounced "converge") added. "We're not out to access the networks,
just gather statistics about the state of wireless as it is used and
implemented."

Statistics from participants are uploaded to various WWWD websites.  
Specific information about particular networks will not be publicly
released, but general data about spotted systems will be viewable
after the drive is completed.

Also available: documentation advising users how to make their
wireless networks more secure.

c0nv3r9 said gathering the stats and turning them into viable
information is important to him, but he also likes the social aspect
of driving.

"I went into it as a great avenue for me to meet others with similar
interests in the New England area," c0nv3r9 said. "It's also a
different twist on exploring the state around you. I can hop in my car
with a purpose and be motivated to drive in areas that I may never
visit on a regular basis if at all. Oddities in maps just add more
depth to the adventure."

Most WarDrivers use a laptop loaded with network-sensing applications
like NetStumbler, plugged into a small, omni-directional antenna.

"On my first drive, I had a single directional antenna, a cheap old
lucent wireless card and a windows laptop running NetStumbler,"  
C0nv3r9 said. "I didn't have anything to mount the antenna while I
drove, so I concocted a stand from my laptop case, a sport drink
bottle and the seatbelt of the passenger side."

But even a setup as rudimentary as c0nv3r9's isn't necessary.  
WarDriving is equally successful sans any special equipment, according
to networking consultant Mike Sweeney. All a user really needs is a
computer with wireless capabilities.

"An external antenna does help, but it is not required," Sweeney said.  
"Someone could be scanning for networks with their PDA in a backpack
while reading a book on the steps and nobody would be the wiser."

On Sweeney's first WarDrive, he was surprised at the number of
unsecured wireless networks he spotted.

"Private homes, medical centers, a few banks and a warehouse store.  
All were sensed from the street driving by at 20-40 miles per hour.  
Out of these, 80 percent were open or, in other words, no encryption
had been enabled and the default identifier (SSID) was used. This
implies that any administrative password was probably still configured
with the default information."

"In midtown Manhattan, you can find thousands of business-owned
wireless networks, and only approximately 25 percent have any sort of
security measures enabled to protect the data that is flying across
the air," Blume added.

WorldWide WarDrive continues through Nov. 2.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]