Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security

FBI Warns Companies About Wireless Warchalking 188

Posted by timothy
from the in-their-off-hours-i-hope dept.
nobilid writes: "Well-meaning wireless activists have caught the attention of the U.S. Federal Bureau of Investigation. One of its agents has issued a warning about the popular practice of using chalk marks to show the location of wireless networks."
This discussion has been archived. No new comments can be posted.

FBI Warns Companies About Wireless Warchalking

Comments Filter:
  • misleading (Score:5, Funny)

    by Bilestoad (60385) on Saturday August 17, 2002 @03:09PM (#4089952)
    Hey, great way to distort the truth and make "wireless activists" sound important! From the headline you would think "wireless activists" had themselves drawn the scrutiny of the FBI.

    But all they said was that if you notice a chalk mark advertising your wireless network you should think about securing it. Well duh!

    And "wireless activists"? More like geeks with toys. I wonder how long the novelty lasts for the average "activist". It's a network. But without wires! WOW!
    • I would be far more concerned if the headline read "FBI Warns Activists About Wireless Warchalking."
    • Re:misleading (Score:2, Informative)

      by Sauron23 (52474)
      I'd have to say people like Adam Shand, Nigel Ballard and the other core members at PTP have stayed fairly involved. Involved enough to be filing for non-profit status for PTP [personaltelco.net]. With a fair chunk of the Portland metro are covered, for free. Portland's Pioneer Courthouse Square (city center) is covered, for free.
      essid: www.personaltelco.net

      At the same time the Starbucks in the same block is charging $$ for wireless access.
    • by skroz (7870)
      Exactly three days. The novelty lasts exactly three days. Fortunately, that's short enough that we don't need any survivor's groups and supoprt sponsors.
    • No big deal... just post guys in the windows with binoculars and tell them to call if they see guys with chalk or crayons. Maybe there should be a "fake" sign... That could be fun. Of course, no one pays any attention to security guys, whether they're from the government or private industry. Which makes it even more fun... if they're ignorant, they don't know if they plugged all the holes or not, do they?
  • So? (Score:4, Insightful)

    by leviramsey (248057) on Saturday August 17, 2002 @03:09PM (#4089953) Journal

    The FBI is not saying that setting up free wireless networks is a bad thing. They're warning companies that run WLANs to check for warchalking around their buildings and check their LANs for security. This is what they should be doing, but considering how many idiot admins there are out there, they need the FBI to give them security advice.

    Typical.

    • idiot admins there are out there, they need the FBI to give them security advice.

      It's like leaving your front door unlocked, letting people notice, and needing the FBI to step in and letting you know (although the article said that it's not an 'official' warning, just the passing on of helpful info).

    • Yeah, they should, but they don't. In most cases, security is in at least third place.... somewhere behind "does it work" and "can my secretary figure it out". Companies like to buy things, not do things. They buy a firewall, then leave it. Hotfixes? Have to hire someone, so it never happens. Oh yeah, and who's busy checking the logs from that software? After the first week, nobody. Oh well, they can always whine to the feds when they get rooted by a teenager in Pakistan.
  • At least the FBI are warning the companies and not arresting the warchalkers.
    • They can't... (Score:4, Insightful)

      by kyletinsley (575229) on Saturday August 17, 2002 @03:49PM (#4090042) Homepage

      At least the FBI are warning the companies and not arresting the warchalkers.

      Well maybe that's because warchalking isn't ILLEGAL... All they're doing is walking around with a laptop and noting when someone else is broadcasting networking signals in an area. It's against federal law to attack the computers on that network, or misuse their bandwidth to mess with other people's computers, but putting a chalk mark on a wall to signify that the schmucks inside need to tighten their security is probably the least destructive thing they could do to them. It's like publicly announcing a security hole in a Microsoft product, except they do so by taping a notice to the door of Microsoft's front lobby. Sure, it's public so anyone can read it, but the number of people who pass by it is very small (compared to putting this info on a web page like another poster mentioned), and most of those people are are very likely to be the Microsoft employees themselves...

      • Re:They can't... (Score:2, Informative)

        by Sheetrock (152993)
        I wouldn't make a blanket statement like this right now unless you have done some conclusive research into federal, state, and local laws or have some knowledge the rest of us aren't privy to. It strikes me as being very plausible that the laws on the books could be interpreted as making something as simple as turning on a laptop running Windows with a wireless LAN card in the area of somebody else's wireless network a crime, particularly if it is argued that warchalkers are doing this with the specific purpose of determining whether or not it is possible to use a network that doesn't belong to them. Just as, say, buying pills from the suspicious man on the corner to turn over to the authorities as proof of drug dealing or randomly turning handles on doors in a neighborhood to determine whether or not they're locked might be misinterpreted, warchalking too is something that people shouldn't bother with unless they're fully cognizant of how bad it's going to look if they get caught.

        Personally, I'd say screw it; security consultants get paid better than warchalkers, they're better appreciated, and they don't do jail time. There are plenty of better ways to be a good samaritan without having to second-guess the law.

        • It strikes me as being very plausible that the laws on the books could be interpreted as making something as simple as turning on a laptop running Windows with a wireless LAN card in the area of somebody else's wireless network a crime, particularly if it is argued that warchalkers are doing this with the specific purpose of determining whether or not it is possible to use a network that doesn't belong to them.

          That is indeed one possible interpretation. And the FBI hints that they think it might be interpreted that way in their letter on the subject.

          But there is another interpretation possible.

          For decades - essentially since permission systems came into being - many computer users have treated file and account permissions not just as technological means of protection (like locking a door), but as expressions of intent (like latching a screen door to indicate that permission to enter is required).

          Even before there were laws and court decisions on the subject there were often company policies. And in the absense of company policies there was courteousy and custom. Oversimplified: If a file was read-any it was OK for anybody to look at it, without prior permission and without notice afterward. If it was read-user-only, even a system administrator would normally ask before "breaking the lock" and examining the contents.

          Now with the WEP encryption scheme totally cracked, its usefulness as a technological means of protecting data is over. (That will have to be done with firewall configurations.) But its usefulness as an EXPRESSION OF INTENT is unimpaired.

          And many owners of wireless gateways - commercial or otherwise - may wish to allow them to be used as a convenience by users in the area. Some reasons a business might do this are:

          - To allow visitors (business partners, salesmen, job applicants, etc.) to use their laptops. (Use an encrypted tunnel from the laptop to the home office for business, surf the web or check mail while waiting, etc.) This is in the same category as providing a phone in the waiting room, a drinking fountain, an outlet for laptop power, and not charging a fare to use the elevator.

          - To provide internet access to passers by in the hope that others will do the same, thus making it available to THEIR employees in the field.

          - To attract customers (i.e. coffee shops).

          - To "be a good neighbor" or "make a statement" about internet freedom, by letting nearby residents and passers-by access the net through their link. (There are a number of companies who do this.)

          So it's not unreasonable to assume that an open wireless LAN might be deliberate.

          A reasonable interpretation of 802.11 and firewall configurations as expressions of intent might be:

          - WEP enabled: Ask for permission.

          - WEP disabled, DHCP enabled, packets routed to/from the internet: It's OK for anyone to use this port as a convenience. (The sysadmin has INSTRUCTED the system to ACTIVELY ASSIST anyone trying to connect - or has at least not turned it off if it came out-of-the-box that way.) Please don't abuse our hospitality by cracking our machines, soaking up enough bandwidth to impair the business functions (like streaming video during business hours) or getting the company in legal trouble (like launching DoS attacks, cracking .mil sites, or downloading MP3s).

          Now if it's "WEP disabled, no firewall between the port and the LAN machines" the message is "clueless system administrator" - a professional behaving in an unprofessional manner. (The implied intent would be "our business is wide open for you to review" - and that's not a reasonable expectation.)
          • I prefer your interpretation, of course, as I think it's closer to common sense than the direction we've been taking with laws regarding both computer security and usage of the airwaves. I'm just urging prudence to the one or two people potentially present that'll run off and try warchalking in their town because someone has said it's perfectly legal in this forum. There's enough legal haziness around this issue to make it a risk even if logic would dictate otherwise,
      • Re:They can't... (Score:2, Insightful)

        by undeg chwech (589211)
        I didn't say it was illegal ... but would you have been surprised if the headline was "FBI arrests warchalkers" ?
      • Well maybe that's because warchalking isn't ILLEGAL

        I get what you're saying here, and for the most part I agree. But technically, unless you own the building you're chalking, you could get arrested for graffiti, vandalism, or some such.
  • by Lawmeister (201552) on Saturday August 17, 2002 @03:09PM (#4089957) Homepage
    to install M$ patches for well known exploits, what are the chances that they'll take the additional effort to lockdown their wireless networks, then modify all their client PC's?

    They will only do this after they've been 0wN3d. As per usual.
  • Kinda Misleading (Score:4, Interesting)

    by mo (2873) on Saturday August 17, 2002 @03:09PM (#4089958)
    Wow, reading the header I though that the FBI is going after people who create the warchalk marks. But, if you RTA it's a lot less interesting. Basically, the FBI is saying that companies should be clued in if they get a warchalk marking an open WLAN next to their office. Duh. Dunno why I need the FBI to tell me that.
    • Re:Kinda Misleading (Score:3, Informative)

      by Myco (473173)
      I don't see what you're talking about. The headline starts "FBI Warns Companies." It states clearly what they're doing. It doesn't say "FBI Goes after Warchalk[ers,ing]" or anything like that.
    • by garcia (6573) on Saturday August 17, 2002 @03:23PM (#4089991)
      you don't, but the companies do.

      Most would probably think that those marks were either a) gang related or b) random garbage.
  • and i just they were just innocent kids doddling on the sidewalk
  • Warchalk sightings (Score:5, Interesting)

    by raju1kabir (251972) on Saturday August 17, 2002 @03:13PM (#4089969) Homepage

    Has anyone actually come across any examples of warchalking in real life? (it doesn't count if you did it yourself, or if you found out about it from a news article and went to go see it).

    I walk and bike around DC more or less constantly and I've never seen one despite keeping my eyes peeled. And I know there's no shortage of WLAN networks here (netstumbled the 20-minute walk home from work and got about 40).

  • actual letter (Score:5, Informative)

    by martissimo (515886) on Saturday August 17, 2002 @03:13PM (#4089971)
    link to the actual Pittshburgh FBI email [politechbot.com]

    better read than the linked article which is kinda light on detail. interesting to note that the FBI states in it that using a 802.11 access point without "explicit authorization" may be a federal crime
    • Re:actual letter (Score:3, Informative)

      by mgkimsal2 (200677)

      "Identifying the presence of a wireless network may not be a
      criminal violation, however, there may be criminal violations if the
      network is actually accessed including theft of services, interception
      of communications, misuse of computing resources, up to and including
      violations of the Federal Computer Fraud and Abuse Statute, Theft of
      Trade Secrets, and other federal violations."


      If they wanted to press harder, essentially anyone who even 'wardrives' (what a stupid term!) looking around for open networks could be violating some federal law. You wouldn't be able to know if a network is open or not until you tried to access it, and you're attempt doesn't have explicit authorization. It'd be like tuning into a radio station (which plays just fine on your radio) that you didn't have authorization to listen to. You would be breaking the law just by checking if you get the station, because that's 'accessing' it.

      It's a bit of a stretch, I know, but damn it, this kind of stuff just gets my goat. With all the money people spend on wireless networks and subsequent 'consultants' why the hell can't they lock these things down too? Is it because the bulk of these people really shouldn't be adminning or setting up any sort of network in the first place? Probably.
    • Re:actual letter (Score:2, Insightful)

      by autarkeia (152712)
      To clarify: it does not mean operating an open 802.11 access point is a crime, but instead that using someone else's 802.11 access point without their permission is a crime. That's a good point, and should be used as the basis to prosecute spam and DOS attacks.
  • Signs (Score:5, Funny)

    by Tablizer (95088) on Saturday August 17, 2002 @03:14PM (#4089973) Journal
    Someone disguised as a kid made a hop-scotch pattern next my driveway with chalk. They are out to get me. My foil hat is not working anymore! Help!
  • by evilviper (135110) on Saturday August 17, 2002 @03:20PM (#4089985) Journal
    In related news, this same FBI agent has filed another warning. This time, the warning talks about the dangers of writing down your passwords on post-it notes, and leaving ot near your computer.

    Oh, what a crazy new world we live in.
  • Thank god that an FBI member told us this info. I would've never checked to make sure my wlan was secure if it weren't for them advising me to do so. I was always under the assumption that my network was suppose to be insecure. Phew, excuse me while I drown in a pool of my own sarcasm. <BR> <BR>
  • by Heem (448667) on Saturday August 17, 2002 @03:23PM (#4089992) Homepage Journal
    "The FBI is now telling companies that, if they see the chalk marks outside their offices, they should check the security of wireless networks and ensure they remain closed to outsiders. "

    Hey, how about you do this even if you DONT see chalk marks?


  • is making up these damn terms!
  • by 10 Speed (519184) on Saturday August 17, 2002 @03:33PM (#4090006)
    Warchalking PDF [blackbeltjones.com]

    A handy businesscard sized description of the marks and thier uses...

  • Well-meaning wireless activists have caught the attention of the U.S. Federal Bureau of Investigation. One of its agents has issued a warning about the popular practice of using chalk marks to show the location of wireless networks."

    And in other news...

    Careless FBI agents have caught the attention of well-meaning wireless activsts. One of its members has issued a warning about the frequent practice of losing laptop computers, not to mention weapons. As reported by CNN on July 19, 2001, "The FBI reported Tuesday it had tentatively determined that more than 400 firearms and another 184 laptop computers -- including one that contained classified information -- are unaccounted for."

  • Warn? (Score:5, Funny)

    by jmd! (111669) <.moc.xobop. .ta. .dmj.> on Saturday August 17, 2002 @03:39PM (#4090018) Homepage
    > One of its agents has issued a warning about the popular practice of using chalk marks

    Warn? WARN?! Why warn when you can just outlaw chalk! It's this kind of thinking that's getting government computers hacked and innocent civilians killed.
    • Why warn when you can just outlaw chalk!

      Really, we should have a branch of military that shoots on sight people found holding chalk. We could have them patrol schools since thats where drugs and gangs are.
  • by jukal (523582) on Saturday August 17, 2002 @03:40PM (#4090019) Journal
    ...why is it that only nerds come up with good things. Why don't everyone start chalking, when there's some good resource to steal...erm... use. Like, we could chalk the neighbour's wifes excellent pizza, another neighbour's apples, that lady who is always ready, local tobacco shop which sells marijuana as well. The list could go on and on! We could also invent a fancy name for it, though "war" is cool already :)
    • We could also invent a fancy name for it, though "war" is cool already :)

      War on Payment!

      • Ahem... (Score:2, Offtopic)

        by Art Tatum (6890)
        Democrats announce new "War on Payment"
        Roberta Norris -- AP

        The Democrats in Congress today announced a new "War on Payment," joining the "War on Terror," "War on Drugs," "War on Poverty," "War on War," and the lesser known "War on A-Bunch-Of-Other-Stuff-That-Makes-A-Complete-Mocke ry-Of-The-Horror-That-War-Really-Is." Democrat leaders say that Payment is a looming threat to American peace and prosperity and that we must all work together to eliminate it before everyone runs out of money with which to pay for things.

        President Bush has embraced the War on Payment, hoping to capitalize on its rising popularity. Some of the more conservative members of the Republican party, however, are worried that the President has again forgotten which party he is in. One party official, who has requested anonymity, has stated: "What does that idiot think he's doing? This War on Payment is nothing more than Marxism! I'm going to vote for Gore in the next election--at least I know what side he's on!"

        Some Democrats have admitted to confusion over the President's emphatic support but are happy with it, however confusing it may be. Senator Ted Kennedy (D-MA) said, "I'm very pleased with the President's selling out, I mean, cooperation on this issue as I was pleased with the work we did together on the education bill last year. The President really is quite a fine turncoat! I mean, uh, visionary. Yeah! that's it! Visionary!"

    • (* Why don't everyone start chalking, when there's some good resource to steal...erm... use. Like, we could chalk the neighbour's wifes excellent pizza, another neighbour's apples...*)

      My wife was wondering what that dusty mark was on her ass.
  • by wo1verin3 (473094)
    Have they banned chalk yet? Soon the chalk companies will be in same kind of trouble the Sharpee people are!
  • by dmarx (528279)
    The FBI is telling companies, "If you see this symbol outside your building, it probably means that your network is accessable from the outside. Make sure this is what you want." What's so wrong with that?
  • well meaning?? (Score:4, Interesting)

    by blaine (16929) on Saturday August 17, 2002 @03:45PM (#4090032)
    OK, these "wireless activists" go around searching for insecure wireless networks, and when they find them, instead of telling the owners of said networks about the problem, they covertly mark the information down so that others can use that network illegally.

    How the hell is this in any way "well meaning"?!

    I swear, only on slashdot ...
    • instead of telling the owners of said networks about the problem, they covertly mark the information down so that others can use that network illegally.

      This is the first time I've heard people were doing this covertly.

      Also an open wireless network is an open wireless network, they should like close it or something if they don't want people who have the signal being beamed through their skull using it.

      If people hop up and down going "WIRELESS, COOL! WIRELESS, COOL!" and then get posed with a question to which they respond "Security? Huh?" then they're hidelously unqualified and should be fired and blacklisted for compromising the business.

      You don't walk around holding your wallet open and point it at people and mutely follow them around within a certain area and expect some people aren't going to look and maybe even take. You shouldn't be surprised when it happens.
      • Bad analogy. A better one is as follows:

        You're a locksmith, and you're out doing some shopping. While stopping in a cafe, you happen to notice that the lock on their front door is a model of lock that you know from experience is easy to jimmy. However, instead of telling the owner, you go outside, step into an alley, and pull out some chalk. You then proceed to write out some marks on the wall that inform others who are knowledgeable about the marks exactly how to break into this cafe.

        Tell me again how this sort of activity is "well meaning"? Oh, that's right, it's the cafe owner's fault for not realizing the lock could be a problem. You're not doing anything wrong at all by intentionally telling only those with an interest in abusing this information about it, really.
        • bad example - anyone else could see the lock on the front door too, any could bring to bear their knowledge of locks on that with or without your symbols. It's much harder to 'see' invisible bandwidth availability that it is to see the type of lock on a door.

          The store owner probably wouldn't press charges against a locksmith who happened to walk by the store, stick his head through the open door and say 'hey, I see this lock here is insecure - you should get it replaced with a better lock'. Random Joe walking in off the street to company X saying 'hey, your wireless network is insecure - trust me' is not going to get the same respect. There aren't federal laws about looking at someone's lock on a front door. There ARE federal laws against 'looking' at someone's network (you have to interact with it at some level to gain ANY knowledge about it at all).
    • Re:well meaning?? (Score:5, Insightful)

      by BenHmm (90784) <ben@@@benhammersley...com> on Saturday August 17, 2002 @04:02PM (#4090072) Homepage
      Because this isn't the point of warchalking. Most warchalkers - and I made the first ever warchalking mark - use them to mark out their own open nodes, for the sake of others using them. I've seen many many warchalking marks around London, and none of them is for an unintentionally available network.

      The FBI's whole premise is bollocks, and you shouldn't assume that because it's possible to mark up a wlan that isn't yours that people actually do.
      • Re:well meaning?? (Score:3, Insightful)

        by blaine (16929)
        Maybe I'm crazy, but every single article I've ever read about warchalking has implied to me that the purpose of warchalking was to break into networks not owned by you. This includes articles both by people for and by people against the practice. I have never heard of using warchalking in order to tell people about an intentionally accessible network.

        In fact, to me, that makes absolutely no sense. Why not just put up a flyer? Why use obscure chalk marks on the wall that can wash away? The only benefit that warchalking marks have over a flyer is that most people won't recognize them. The only reason that you wouldn't want people to recognize the marks is if you don't want the people running the network to realize that it is open.

        Might I also add that if you did "invent" warchalking, you chose just about the worst name possible. Every technical person I know who has heard that word immediately associates it with the term "wardialing". Wardialing is not a benevolent act, and in fact, is about as rude and hostile as possible. Perhaps you need to think a little more about these things next time around, and perhaps you need to talk to the people out there warchalking, because I've never been given any impression by their words and actions excepting that all they want is a free ride on a network that isn't theirs to play with.
        • Re:well meaning?? (Score:4, Informative)

          by BenHmm (90784) <ben@@@benhammersley...com> on Saturday August 17, 2002 @04:40PM (#4090175) Homepage
          You may have been reading articles written by the clue-lacking. The NYT piece is good [nytimes.com]. BusinessWeek [businessweek.com] isn't bad either.

          Meanwhile, I totally agree about the name. It is misleading: but it, and the use of chalk for that matter, were just chosen because, well, they sound cool.

          As for why an icon and not a flyer - well, because iconography is inherently more understandable. Why have roadsigns that are symbols and not words? Because they're easy to understand, and to see.

          Have a look at Warchalking.org [warchalking.org] - Matt Jone's site, for better examples.
          • Iconography is not inherently more understandable. It is more understandable when the icons used are well known and useful. Warchalking marks fall into neither of these. They are not (and most likely never will be) well known, and for most people, they are of no use.

            I mean, I'm the kind of person who could benefit from an intentionally open network, but you know what? I'm never going to take the time to learn yet another "standard" written by someone who felt the need to make things much more complex than is necessary. However, if I was in the city, and I saw a sign that said "If you'd like to use my wireless node, the info is: blah blah blah", that'd be easy to use, obvious, and useful to even those who aren't inherently technical people.

            To me, warchalking is just another geek attempt at being "cool" and "elite", as if knowing what chalk marks on the wall mean somehow makes someone a better person. That might not be the intent, but it's how it comes off to most people who aren't into it. It's an unnecessarily complex method of conveying information when there are already good methods of doing conveying such information.
            • It's not complex - because you don't need to know the SSID to access an open node - you just need to know it's there in the first place. The additional information in a warchalking mark is totally superfluous.

              But fine, if you don't want to know that a big curly X on a wall means "Wireless bandwidth here" then go without. nerr nerrrdy nerrr nerrr.


            • Iconography is not inherently more understandable. It is more understandable when the icons used are well known and useful. Warchalking marks fall into neither of these. They are not (and most likely never will be) well known, and for most people, they are of no use.


              One is not going to immediately understand all symbology one encounters. But ignorance of a symbol system does not immediately negate that system's value or usefulness. How much of the public understands HAZMAT placards [trainweb.org] (including the NFPA Diamond [okstate.edu]) that they see on trucks and cargo transportation systems around them on a regular basis? Yet this is a very useful system that is, by Federal regulation, widely used.

              Fine, fine. But as you pointed out - what good are these Warchalking symbols if nobody understands them? You will find that as a meme, Warchalking has already made pretty good headway. It has gone from an odd, and somewhat obscure idea on a website to being referrenced to in numerous world-class publications and at least one public statement from a US Federal agency. The meme is being spread - whether it takes hold and survives will probably depend on how useful people find it.


              I mean, I'm the kind of person who could benefit from an intentionally open network, but you know what? I'm never going to take the time to learn yet another "standard" written by someone who felt the need to make things much more complex than is necessary. However, if I was in the city, and I saw a sign that said "If you'd like to use my wireless node, the info is: blah blah blah", that'd be easy to use, obvious, and useful to even those who aren't inherently technical people.


              This leads in to our next point - how useful is the Warchalking symbol system? Sure - one can advertise one's node via the various websites out there and posting a sign on a physical public bulletin board. But that would assume that those who could use your node already know about the website and had the forethought to jot down the information in advance. And public bulletinboards are rare enough in their own right. You might attract the ire of the local city if you stuck pieces of paper to the sides of buildings. You could write out "If you'd like to use my wireless node..." in chalk but that requires a LOT more effort to write and is not as easy to understand quickly if somebody is walking by.

              A chalk symbol is a non-damaging way of marking information that is both easy to mark and quick to understand if the individual has taken the time to learn the basic symbology.

              One final observation - I find it odd that you refuse to learn something that you claim you could benefit from. And then you claim the system is complex. I would suggest you actually take a look at the system you are criticizing. You may find it a lot less complex than you imagine. But be careful, you may loose the ignorance you seem place so much pride in.
    • by mgkimsal2 (200677) on Saturday August 17, 2002 @04:04PM (#4090076) Homepage
      Have you ever TRIED telling someone that you're not employed by that they have security issues? (If you're an employee, it's still a hard enough issue sometimes, depending on politics).

      I had a friend who had a friend who ran a webshop, with everything running NT. We benignly poked around for all of about 90 seconds probing for 2 known NT holes (had been known about for over a year at that point) and found the entire database for a local HR company completely exposed via the web (SQL Server 7 I believe it was). Repeated phone calls and emails to that shop went unnoticed. Notifying the HR company that their data was exposed and that they should notify their webshop resulted in threats of lawsuits and other less legal retaliatory measures for 'hacking', 'breaking in', etc.

      Walking in to someone's house through their open front door is seen as bad, even if you're simply trying to tell them that their door is open and they should close/lock it because of burglars. Hell, you might even be a master locksmith, but they'll probably still call the police.

      It's just not that easy to tell the network owners they are vulnerable. You may very well face 'hacking' charges.
      • by blaine (16929) on Saturday August 17, 2002 @04:28PM (#4090133)
        So you're saying that, because it's too hard to tell someone about the problem, it's better to share that information covertly to others who will abuse it?

        This isn't like revealing security problems in software publicly for all to see. Warchalking is in no way going to help the problem, because the covert nature of it pretty much precludes any possibility of the owner of the network finding out about the problem. It'd be one thing to send a letter to them, or, alternately, try to publicize the problem somewhere. However, warchalking does not take a public approach. All it does is make the problem worse, by inviting unscrupulous people to come in and abuse the network.
        • I don't subscribe to the idea that these people are doing something 'covertly'. If it was 'covert' they wouldn't put it out in public, for starters. It'd be on a password-protected website or something else harders to get to.

          Also, as many others have pointed out, some people chalk themselves to let people know that they can use the wireless access.

          Your point was that people should tell the network point owner about the 'openness'. I say no - let people find out for themselves. Unless a company has some sort of 'contact us' form for technical people to submit real technical issues (website problems, security issues, etc) that will in fact be addressed by technical people who won't respond with lawsuits, I'm not bothering to do their work for them for free.

          try to publicize the problem somewhere
          Putting chalk marks outside a building seems pretty public to me. I guess they could make the chalk marks larger, but then you'd be in trouble for graffitti (IBM/Linux chalkings). Warchalking IS a public approach, but it's not necessarily signifying a 'problem' - it's just pointing out a circumstance. The label of 'problem' is for the network owner to decide.

          • Warchalk marks are not public because the people who would benefit from the information (ie. the network owners) most likely aren't going to know what the hell the information means. The may be in public places, but nobody (aside from a few geeks) is going to know what they say.

            I mean, this is like saying "Of course I told the network owner about the problem! I wrote out the pertinent information very clearly on the wall, in sanskrit!"
      • by bokmann (323771) on Saturday August 17, 2002 @04:52PM (#4090216) Homepage
        A guy I know had a wireless network appear in his building one day... and it wasn't his... it belonged to another company in the same building.

        He periodically sent pages to their printer that said in big letters, "The wireless network is insecure! Please secure your wireless network!"

        After a couple of weeks, it went away.
        • by Tablizer (95088) on Saturday August 17, 2002 @07:51PM (#4090718) Journal
          (* He periodically sent pages to their printer that said in big letters, "The wireless network is insecure! Please secure your wireless network!" After a couple of weeks, it went away. *)

          The printer went away?

          You're right, they *do* have security problems :-P
        • A guy I know had a wireless network appear in his building one day... and it wasn't his... it belonged to another company in the same building.

          He periodically sent pages to their printer that said in big letters, "The wireless network is insecure! Please secure your wireless network!"


          I think that is funny.

          I think that this might be the best way to warn of security issues. Certainly not contact them directly, if you don't identify yourself, they don't believe your credibility, if you do ID yourself, you open yourself up to liability, and any traceable method of contacting them is bad.

          They still won't be happy, but happiness is rarely a response you get from anyone whose ignorance is blown.
    • Re:well meaning?? (Score:3, Informative)

      by Pfhor (40220)
      If you take a look at the war chalking card [blackbeltjones.com], which includes the 3 different symbols used. One of which is a Wep Node , where you can list the SSID and the contact email address of the person running the node (to ask for permission to get on).

      So war chalking is again a tool used to identify wireless access points. ones that are open, closed, and ones that require permission to access. How people use this tool is up to them.
      • These symbols assume everyone is still using 802.11b, not the new 5GHz "a" frequency. Google returns nothing. Perhaps "a)(" would be a good symbol for this juicy new band?
    • Re:well meaning?? (Score:5, Insightful)

      by dgp (11045) on Saturday August 17, 2002 @06:39PM (#4090497) Journal
      No no no. you've got it all wrong. The reason people should be warchalking is to mark OPEN nodes. Nodes that belong to groups like Personal Telco Project [personaltelco.net] in Portland, OR, or Seattle Wireless, or Austin Wireless. These nodes are MEANT to be used for FREE by the PUBLIC. Thats why people should warchalk. Thats why there are two separate symbols, a closed circle for closed networks (meaning stay away) and an 'open circle' for open networks, saying go ahead and use it.
    • 1) If you are a network admin, and you are an admin of a wireless network. And you are not up to date enough to at least have heard of warchalking and have some inkling as to what the odd markings outside your office meant, then you really deserve what's comming to you.

      2) If these people just walked into the main lobby and said "Your network is insecure" they would be escorted out the door. If they said "I just hacked your network" they would be arrested and thrown in jail. So how do you propose to inform the business without getting a kick in the ass or thrown in jail?

      3) What covert? It's friggen plain as day, you just have to be up to date. Which YOU SHOULD BE if you are an admin.
      • when they find them, instead of telling the owners of said networks about the problem, they covertly mark the information down so that others can use that network illegally.

      Nice troll. There's nothing "covert" about it. That's the whole point. You are informing the network owner the same way that you are informing everybody else. If they choose to ignore your chalk, or they're too clueless to know what it means, then they weren't going to pay any attention to your attempts to tell them directly that they've got a problem.

      And that's not from speculation, that's from experience. My own employer's IT department wouldn't even listen to me (trusted peon) when I told them directly that their network was insecure. "What's the big deal?" was the gist of their response. So I warchalked it, and when management started asking what the "big butterfly thing" was outside the building, the network (as if by magic) got locked down.

      Warchalking - like any tool - can be used for good and bad purposes. But don't blame the tool, and don't make assumptions about the intentions of the toolmaker.

  • The FBI agent in question issued the warning for
    Pittsburgh, home of Carnegie Mellon University (so what?) Well CMU has one of the most elaborate wireless networks in the country, and a whole bunch of guys who are experts at using it (and probably are responsible for many of the chalkings).
    Also, I have an access point I was using at my old school in Indiana where very few other people
    had wireless setups (Purdue only had it in 2 buildings, but that has expanded since I left). Anyway, my point is that from my room in a Pittsburgh townhouse, Kismet [kismetwireless.net] found 2 other access points, and I'm sure that would only grow if I went war-walking with my laptop. I'm no longer using the access point, because even though it might sound cool to share your connection, if you can't control who is using it, you run all kinds of risk for legal liability. If someone were to use an access point I owned to trigger DDOS attacks, I would be the one to get screwed, and wireless just makes doing that a little too easy.

  • ...watches "Click Online" on the BBC. That will shut up a lot of people who say they are completely clueless. :-)

    RMN
    ~~~
  • Protect yourself (Score:5, Informative)

    by wazzzup (172351) <astromac@@@fastmail...fm> on Saturday August 17, 2002 @04:26PM (#4090127)

    There's a great article at Extreme Tech [extremetech.com] that discusses 802.11b insecurity and what you can do to make it secure enough to make it uninteresting to the casual bandwidth thief - particularly if there are enough wide open networks in the vicinity.

    In a nutshell:

    1. Enable WEP. Yes it can be hacked but it does add a barrier to entry that the casual wardriver won't bother with if there are other wide open networks around.

    2. Change the default SSID. Don't change it to your company's name or your street address as it makes it easier to zero in on your location.

    3. Disable "broadcast SSID" if your access point allows it. That way the SSID of the client must match the SSID of the access point. Having it enabled allows any SSID to be accepted.

    4. Change the default password of your access point. Programs like NetStumbler display your access point MAC address which can then be used to determine what make and model your access point is. Once it's known what you've got, the default password may be easily known.

    5. Control access via MAC addresses. Yes, MAC addresses can be spoofed but it requires an extra level of sophistication for the would-be bandwidth thief to get in.

    6. Disable DHCP in your wireless router. Allow access via static IP's from your NIC's MAC addresses. Yes, IP addresses can be sniffed out but it's another barrier put up for the casual "drive by".

    7. Change your IP subnet. If you're using a wireless router and you've disabled DHCP, change the default subnet addresses as well, otherwise it's easy to guess a valid IP address.

    8. Move your access point away from windows. Move it to the center of your building to make the signal to the street that much weaker.

    9. Buy access points with flashable firmware. Helps you keep up with changing security protocols rather than being stuck with the ones that came with the access point.

    10. Some access point manufacturer's have non-standard security features. Orinoco access points are able to "close" thier networks by not broadcasting thier SSID. They also have additional (not 802.11b standard) authentication features such as RADIUS servers.

    11. Use VPN. Virtual Private Networks add a level of encrytion and authentication to your network

    Yes, these methods can all be easily circumvented to somebody that really wants to get in. As long as you try to make it a pain in the arse to get in, then the crushing masses of 802.11b networks out there that have zero barriers to entry make your little bubble a waste of time.

    • Know Your Enemy (Score:4, Informative)

      by Anonymous Coward on Saturday August 17, 2002 @05:22PM (#4090298)
      Yes, these methods can all be easily circumvented to somebody that really wants to get in.

      1. Enable WEP...and enjoy the 20% bandwidth loss. Airsnort [shmoo.com].

      2. Change the default SSID. SSIDs are not needed to zero down on the AP. Triangulation and GPS are effective enough.

      3. Disable "broadcast SSID". The beacon frames can easily be captured otherwise. Attack by enabling your cards monitor mode [shmoo.com] (not to be confused with promiscious mode which only captures packets on the current network), sniffing all air traffic.

      4. Change the default password of your access point. However, I'd like to point out even changing ones password can be insecure. My access point, and I'm sure others as well, send the admin password in a urlencoded form, unencrypted, in plaintext for anyone with a monitor-mode NIC to sniff.

      5. Control access via MAC addresses. Spoofing as trivial as ifconfig eth0 down; ifconfig eth0 hw ether 00:00:00:00:00:01; ifconfig eth0 up. On OpenBSD use sea.c [freezope.org]. Use arping [freshmeat.net] to sniff MACs.

      6. Disable DHCP in your wireless router. Static IP addressing, subnet range determined from arping [freshmeat.net]. Private addressing:

      • 10.0.0.0 - 10.255.255.255 (10/8 prefix)
      • 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
      • 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

      7. Change your IP subnet. See above.

      8. Move your access point away from windows. No match for high-gain antennae.

      Hope this helps an aspiring black hat! Remember, no network is completely secure. WaReZ anyone?

      • Remember, no network is completely secure

        You definitely have a point, but for areas where there are a lot of wireless networks, implementing many of the suggestions make it annoying enough for the typical hacker where it is easier to move on to the next target.
        • Sound like the looney toons school of security...

          Hacker J Fudd: Be werry werry qwiet. I'm hacking wabbitco.
          Rabbitco: You can't hack Rabbitco. It's DUCK season!
          Rabbitco points to hastily painted sign saying "Duck season".
          Rabbitco: Let me help you... there's Duck Inc. right there!
          Duck Inc.: Rabbit season!
          Rabbitco: Duck season!
          Duck Inc.: Rabbit season!
          Rabbitco: Duck season!

          -
      • ET tested six access points [extremetech.com] and concluded:

        "... On average, enabling 64-bit WEP encryption extracts an approximate 5% performance penalty. Depending on your need for security versus speed, that penalty may be a little or a lot. The same average 5% penalty applies when WEP is enabled in high speed mode."

  • by LupusUF (512364) on Saturday August 17, 2002 @04:52PM (#4090218)
    Notice,
    If you are in a business that leaves it's doors unlocked at night, and you notice that someone writes "DUL" (which is engineer speak for doors unlocked) in chalk outside of your office building you might think about locking your doors at night.

    When installing doors many people forget to lock them, and malicious users can check your doors and gain access to your company's building.
  • Just Curious.... (Score:5, Interesting)

    by cyberon22 (456844) on Saturday August 17, 2002 @05:05PM (#4090257)
    Realistically, why bother?

    If the FBI is concerned with the unauthorized use of wireless networks, they'd be better off cracking down on Starbucks, airport coffee bars, or even Bryant Park, NY. [nycwireless.net]

    Frankly, I'm surprised people still bother to hack from home. If I was looking to break into a guarded system, the FIRST thing I'd do would be to on a casual jaunt for a warhacking hotspot. The explosion of public 802.11 spaces opens up completely unprecedented possibilities for physical and network anonymity. The REAL question becomes what happens when someone actually uses this type of vulnerability to cause real and substantive damage to someone. Is Starbucks criminally negligant when one of their network users DOSes the DOD?

    If the FBI wants to get companies to lock-down 802.11 services, all they need to do is remind firms of their legal liability for "unauthorized" uses of unguarded 802.11 networks.
  • Warchalkers have questioned the scare stories surrounding the phenomena, saying that anyone with malicious intent is unlikely to publicly mark their target.

    It's not the warchalkers themselves that are the great security risk, it's the people who are going to use the open WLANs for malicious purposes who otherwise wouldn't have done the legwork to go out and find the open holes.

  • Oh, come on. Let's call it like it is, shall we? It's not "well meaning wireless activists," it's "cheapskate freeloaders on the lookout for free bandwidth."
  • The phrases "wardriving" and "warchalking" derive from the early days of computer hacking when curious users programmed their computers to search for all phone lines that returned data tones. The exhaustive searching was known as "wardialling". ... which is derived from the name of the popular '80s movie "war games" (starring matthew broderick) where the prototypical "hacker" hero uses an automated modem-dialing program to test all possible phone numbers for accessible modem-connected computers. The movie brought into the public eye such programs, which were traded among early "hackers" on BBS and other systems and called "War Dialers."

    sorry. i think part of the article was cut off there at the end...
  • FBI Honeypots (Score:2, Interesting)

    by octalgirl (580949)
    The FBI is taking a serious notice on Wardriving. Here's a SecurityFocus article on how they are setting up Honeypots [securityfocus.com], FBI stings to catch warchalkers, although it claims they are just trying to get a feel for whats really out there.
  • National Chalk Association. Chalk doesn't kill people, guns kill people.
  • Loan Officer : We are gonna have to take your house if you don't pay your mortgage. Homer : I'll take the numbers off my house. Loan Officer : We'll look for the house with no numbers. Homer : I'll take the numbers off my neighbor's house. Loan Officer : We'll look for the house next to the one with no numbers. Homer : D'oh!
  • hrmmmm... (Score:2, Funny)

    by jglow (525234)
    "If you notice these symbols at your place of business, it is likely your network has been identified publicly," warns the guidance from the FBI.

    The FBI are obviously masters of the obvious here...
  • This problem keeps coming up; well meaning individuals that find a problem are then punished for their attempt at a good deed.

    Without some protection for these individuals, no one will report problems for fear of legal entanglement. This obviously leaves the establishement exposed to those that do have less altruistic motives.

    It sounds like something that Homeland Security should be taking on, that would actually have a benefit to our country's security.
  • My worry is not so much about businesses (who presumably have security personnel and at least a few people who are with it enough to recognize warchalking marks) but the fact that these same wireless devices are being pushed like crazy to home users because they supposedly are so easy to set up.

    Such users are much closer to the street and have less blocking mass between the transmitter and the street compared to a business user. These users are far less likely to change default security settings and passwords. Yet as a source of freeloading bandwidth or disguizing an attack they are very fruitfull. It is like those X10 cameras that they push to consumers, most of which someone with a few dollars of parts picked up at an electronics store can see the signal from your cameras from the street. But this is not a fact at all warned against by the hucksters pushing these devices everywhere you look.

  • Activist? I don't know if you'd use that term for anybody just going around marking the locations of wireless networks. You're encompassing an awful lot of everyday "normal" people if you use those weak standards as your activist baseline.

    Then there's this bit about the curious hacker...
    "Before now many curious hackers have gone on "wardriving" expeditions which involve them driving around an area logging the location of the wireless networks. Many companies using wireless do not do enough to make them secure and stop people outside the organisation using them."

    I guess we know the author is obviously slanted with the "Hacker's Manifesto" side of the issue as these "curious" hackers are trespassing on pivate property; And you simply can't make the argument that since the door was open, they have a right to be there. Yep, they're curious and gee, we just happened to gloss over the fact they're breaking and entering, volating the law, etc, thus the FBI "trival" interest, right?

    Even if I agreed with the philosophy, this is simply a badly written story. Yeck.

Dead? No excuse for laying off work.

Working...