Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Encryption Security

Drive-By Hacking in London 213

delibes writes "The BBC News website carries this story about hacking wireless networks in London's financial centre. " There isn't really much in the way of details, just saying that many businesses don't encrypt their networks. They talk about finding 12 networks while driving 1km... 8 of which had no encryption.
This discussion has been archived. No new comments can be posted.

Drive-By Hacking in London

Comments Filter:
  • Trend? (Score:3, Funny)

    by Tregod ( 441880 ) on Tuesday November 06, 2001 @11:24AM (#2527639)
    Hacking (er cracking) seems to get more and more low-tech, it's now been reduced to actually leaving your house. What is the world coming to?
  • Ha..... (Score:1, Funny)

    by Anonymous Coward
    All your Pounds are belong to us
  • They were doing this at the 2600 meeting here in Utah in October [2600slc.org]. I didn't make it, but it appears they had some success.
  • ...but in the meantime, your mugshot has been captured by zillions of cameras... Y'a know, that's Britain after all, the land of Her Majesty's Subjects.
    • Its lucky that nothing [citypaper.net] like [nyu.edu] that [sfbg.com] would ever happen in the land of the free. [wired.com]

      ps. I hate responding to so called trolls, but this one has been modded up twice
    • by pubjames ( 468013 ) on Tuesday November 06, 2001 @12:03PM (#2527837)
      I used to live in Brixton in South London. At first, I was against the cameras, but then I saw how they had a positive effect on reducing crime.

      I now live in central Barcelona, where the pickpocketing and bag snatching is terrible. Frankly I wish they would install those cameras here.

      And having walked around the streets of New York and San Francisco at night, I think they wouldn't go amiss there either.

      It's not the cameras that you need to be afraid of, it's how they are used. As far as I can see they have had a good effect on reducing crime in many UK crimespots, without any infringements on anyones personal freedom (unless you're completely paranoid, in which case you'd better stay indoors with the lights out and your lead helmet on).
      • by Anonymous Coward
        It's amazing how Americans complain about the cameras in the UK, they entrust their officers with guns which could lead you being shot dead either intentionally or otherwise, now that is potentially a pretty big infringement of your liberties (right to life), yet when people talk about cameras and the worse case senario it doesn't even come close to killing people.

        British police don't have guns yet have access to cameras, US police could kill you in the spot yet don't have access to cameras. By having a polcie force you inevitably give up some of your liberties and expose yourself potential abuses of those rights, which has more potential for abuse... side arms or cameras?

        This is why when people start bleating on about the cameras here, the contradictions really make me laugh, oh the hypocrisy.
      • And having walked around the streets of New York and San Francisco at night, I think [cameras] wouldn't go amiss there either.

        The Mob would never stand for it.

        Although it's quite off-topic, I had a really interesting experience one night while walking around the streets of NY. On my way back to the hotel I noticed that the street I was on was rather deserted and although I was a little uncomfortable about that I didn't know which streets might be better (or worse!), so I forged on.

        At one intersection a man intercepted me. He was well-dressed, expensive coat over an expensive suit, nice shoes, perfect hair, etc. He very politely asked me where I was going and if he could help me find my way. I told him which hotel I was going to and he gave me precise and easy to follow directions.

        I noticed, however, that his directions seemed to take me a couple of blocks out of my way, and that it would be shorter if I just continued the direction I was going. When I mentioned that it seemed better to go straight he politely but very firmly told me that it would be better to follow his directions, because this wasn't a good street to be on late at night.

        At that point (I'm a little slow) I put things together and decided that if a very nicely dressed man of Italian ethnicity, standing all alone in the shadows on a dark and empty NY street late at night, tells me that particular street is a bad place for me to be, I should listen!

    • by Rogerborg ( 306625 ) on Tuesday November 06, 2001 @12:09PM (#2527862) Homepage

      The thing that you have to understand about the UK is that there really is a history of these things been put in place and then not used, through apathy, budget constraints, or good old fashioned incompetence.

      The omnipresent cameras are useless for identifying individuals; all they are used for is to grab grainy, wobbly pictures of suspects that identify height, clothing (maybe) and gender (if you're lucky) which are then splashed all over tabloids and the TV as part of appeals for actual eye witnesses to come forward.

      A few more examples. The UK has had a DMCA since 1988, but few people know about it, because it's never been used. The RIP act, that mandates prison sentences if you fail to hand over encryption keys, is again a paper tiger because the Home Office doesn't have the budget to train anyone in its use. In fact, the police already suffer from having a surfeit of powers.

      There was a case last year of a young student who went missing, sparking a nationwide hunt for her. She (or someone purporting to be her) sent an email from an internet cafe claiming that she was all right. The police eventually found her not by tracking back the message through the headers to find the cafe (a 30 second process), or through cameras, or through any technological procedure. Instead, they guessed where she was by looking at her past history, then blanketed the area with police handing out leaflets to cybercafes, until they got a response from an owner, then they staked it out until she turned up again.

      So, sure, the UK has Draconian laws (but I'm sure the US will catch up), and sure, open networks and all that, but on the other hand, blurgh, it's a typical wet and windy British night tonight, and the Evil Things will be tucked up all warm and cosy in bed, not prowling the land looking for innocents to molest. ;-)


      • You paint a quite sad picture of the UK - in fact it is funny to compare how negative UK citizens are about their country compaired to a typical American's blind patriotism for his!

        One thing that I think makes the UK a great place is the very high level of integrity of its people. Generally speaking, the Brits are a very decent lot who usually "do the right thing". Even those in positions of power, which believe me is not true in many countries. This might explain
        why Brits feel safe with government controlled cameras in the streets, but many Americans would be unhappy with the situation.
          • You paint a quite sad picture of the UK

          I want to move: I thought Canada, but they're backing their ass up for the US too much for my liking, so now I'm thinking New Zealand. But it might be too late for me; I think the national apathy has soaked through to the bone. :-(

          • One thing that I think makes the UK a great place is the very high level of integrity of its people

          Of the people, yes, but we're (in general) as badly informed and easily manipulated as the rest of the world. I actually think that the US people are the best and greatest in the world. You still have recent memories of your reach exceeding your grasp ("We choose to go to the moon [..] not because it is easy, but because it is hard."). Unfortunately, we have both relapsed into having governments composed of a professional political class (an hereditary one at the executive level in both cases) who are alike in tolerating among their ranks liars, cheats, frauds, and manipulative and hypocrital mass murdering bastards of the highest calibre. I look at what we (Britain) are contributing to in Afghanistan and elsewhere, and I think "My god, viewed from their point of view, with their professional liars spinning it the other way, how can they not hate us?", and I want to get out, and soon.

          On the bright side, as I said, at least the British government are largely too apathetic to abuse their powers, unless there's a media circus to play to. Hey ho, small blessings.

          (Moderators: this is like 4 levels down. I know it's off topic, but there are better areas to vent your ire.)

      • I have a real problem with laws that are never enforced.

        They lead to a situation where anybody that the government is particuarly irritated by can be locked up easily because they are bound to be breaking a few laws. Lots of other people may be breaking those laws too, but since they're not doing anything that irritates those in power, they are ignored.

        This is not a theoretical problem, it happens all the time. For instance, there is very selective prosecution of people breaking the official secrets act. AFAICT, the law is - if you say something that causes embarresment to active politicians or any senior member of the intelligence services, then you go to jail.

        In fact, if you think about it for a moment, you'll realise that this is the entire *point* of these laws. You'll be very comfortable as long as you keep to prescribed boundaries. Stray outside, and you'll see a different side to things.
    • Actually, there aren't any more cameras in Britain than there are in the US. The only real difference is that in the US there are a lot more malls, while in Britain most shopping happens on streets.
  • by bergeron76 ( 176351 ) on Tuesday November 06, 2001 @11:29AM (#2527671) Homepage
    I get ethernet connectivity once in a while in the Linux Car [dashpc.com]. There's some details in the news section of the page.

    Enjoy.

  • More info (Score:5, Informative)

    by Da J Rob ( 469571 ) on Tuesday November 06, 2001 @11:30AM (#2527675) Homepage
    For those who want to read more on this subject, check out this past slashdot article [slashdot.org]

    Or just go here. [extremetech.com]
  • Well, (Score:4, Interesting)

    by big_groo ( 237634 ) <groovis AT gmail DOT com> on Tuesday November 06, 2001 @11:30AM (#2527679) Homepage
    I have to believe that the network honchos at these companies are in the *testing* phase of their wireless implementation. I bet some of them just threw up the network, with some monitoring tools - just to see what would happen.

    That's what I'd do.
    • Re:Well, (Score:4, Informative)

      by friscolr ( 124774 ) on Tuesday November 06, 2001 @11:52AM (#2527793) Homepage
      If that was the case then it wouldn't be possible to so fully exploit these networks.

      walk around town with laptop in backpack then go somewhere to see what's been found - like an internet cafe, which is also useful for probing the network in question (like probing their network from the outside to find what router to spoof - determine this based off the ips in the tcpdumps from the walk) - here's what i've found [blackant.net]

      most of the unencrypted networks found will have nice tcpdumps chock full of arp requests, novell and nt broadcast messages. can tell you a lot about the network in question.

      if you can find a discrete location close to the building in question then you have your entry point. of course cops dont really know what you're doing anyways (though they give some real wierd stares at 3am) so you might be safe. spoofing the router is generally wasy, gaining external access should be fine, sometimes they're real kind and leave a dhcp server accessible for you. but either all these places have taken the time to setup some real nice honeypost or they're real.

      i'm giving a talk about this at rubi-con [rubi-con.org], plus my webstie has more info, not that i've done anything like this, of course.

  • Roger that, we have one network down on the corner of State and Madison!

    This is definitely proof that times are changing.
  • cool. I'm going to Comdex in Chicago in the next couple of weeks, and I think I'll spend some time walking around the TradeCenter with my laptop. Might be very interesting to see what I can pickup. What's that you say? It's illegal to do that? Not my problem, I liken this to a publicly accessable park.
    • It's illegal to do that? Not my problem, I liken this to a publicly accessable park.

      I'm wondering if its possible to track down people who are illegally gaining access down to their physical locations, such as through triangulations and such.

      • If the law is consistent with the FCC's law on radio transmissions, then it is perfectly legal to sniff these networks. The law, from fuzzy memory, simply states that it is legal to receive radiowaves, but can be illegal to transmit them without licenses. So you can sniff all you want, just don't try to hack in.
      • Presumably, but the idea isn't very threatening sounding.

        In the states, I believe the only law enforcement agency that would concern themselves with triangulating rogue radio transmissions is the FCC. They probably have better things to do than try and protect companies from their own negligent sysadmins.

        I suppose the companies could hire jack-booted thugs to hunt you down, but I'd think the cost effictive solution would really be to hire a competent sysadmin. Furthermore, rent-a-cops are rent-a-cops, and we never had any trouble running away from them when we got caught smoking in malls. I bet it's even easier to get away when you've got a bike or a car handy.

        Lastly, as the thread originator mentioned, it might not even be illegal. If you don't want someone accessing your data, I think a good start would be to not broadcast it on unprotected airwaves. I suspect it is illegal, though - it just seems likely to me that the laws that made radio scanners have protections against reading cell phone freqs. would have been wide enough to cover non-verbal communications, too.
  • IEEE 802.11b Working Group [ieee.org]

    In geek speak, the IEEE 802.11b standard is the family of specifications created by the Institute of Electrical and Electronics Engineers Inc. for wireless, Ethernet local area networks in 2.4 gigahertz bandwidth space. The rest of us English-language users should think of IEEE 802.11b as a way to connect our computers and other gadgets to each other and to the Internet at very high speed without any cumbersome wiring--or a significant price tag. Providing as much wireless speed as it does at its modest price promises to have profound implications for a world bent of anytime/anywhere communication.


    Without any cumbersome wiring, yeah, or pesky security or annoying encryption. What about the profounf implications of that. You really have to wonder what they were thinking.
    • Oh, like Ethernet is any more secure. The only difference between 802.11 and Ethernet is the difficulty in getting to the wiring. Once you're on the LAN, you can use all sorts of nasty tricks to do Bad Things to other hosts. If you are super paranoid, you're going to be doing application- (e.g. SSL) and network-layer (e.g. IPSEC) encryption anyway, so there's not much utility in link-layer security. And anyway, WEP is at best a network access control. It cannot secure host-to-host communications.

      • Yes, but I think that the difficulty in getting to the wiring is actually pretty important here. 802.11 is being sold as a panacaea for cheap start-up networking as much as for huge financial institutions. Cheap start-ups are not likely to have the expertise to implement IPSEC internally even if they've heard of it.
    • Having someone else pay the bill is really good for the price tag :-)
  • by Andy_R ( 114137 ) on Tuesday November 06, 2001 @11:32AM (#2527693) Homepage Journal
    from the article:

    "From an attackers point of view you want back roads because there is less road traffic," said Codex, "and you might be able to park when you find a network."

    Are they seriously suggesting that you can find a parking space in central London during office hours?
    • Even funnier is how they mention "war walking", and then they mention that Strand was their target road. I think anybody crazy enough to walk down Strand with a laptop open and operating in front of them could easily have any of the following problems:

      a) trip and fall
      b) be trampled on
      c) have their laptop destroyed by (a) and/or (b)

      Just walking down Strand is an adrenaline rush, weaving in and out of the other pedestrians.. I don't possibly see how anybody could walk with a laptop in front of them there!
  • interesting... (Score:3, Insightful)

    by siphoncolder ( 533004 ) on Tuesday November 06, 2001 @11:32AM (#2527696) Homepage
    this is very interesting to me in particular - i've been considering a system for establishments that would in part run on a wireless scheme (ease of installation, basically), and encryption was honestly one thing i hadn't thought of.

    this alerts us to something else, too: wireless networks, encrypted or not, can be sniffed easier than regular wire networks, since you don't have to be physically connected to the internet to be sniffed.

    now, as we all know, encryption isn't the one-stop shop in terms of securing data. in a wireless environment where intruders can get at you with relative ease, what other forms of protection are there against having data stolen?
    • Re:interesting... (Score:5, Informative)

      by swillden ( 191260 ) <shawn-ds@willden.org> on Tuesday November 06, 2001 @12:55PM (#2528253) Journal

      now, as we all know, encryption isn't the one-stop shop in terms of securing data. in a wireless environment where intruders can get at you with relative ease, what other forms of protection are there against having data stolen?

      In a wireless network encryption is your only defense. Remember, though, that the encryption built into 802.11b cards and access points is lousy and trivially easy to break, even with the larger key size.

      If security matters to you, you need to:

      • Put a VPN-equipped firewall between your wireless access point and the rest of your network. Configure the firewall so that it only allows VPN connections, rejecting everything else.
      • Run VPN client software and firewalls on all of the machines you connect to the wireless network. Make sure the firewalls are configured to reject all incoming connections and permit only VPN outgoing connections.
      • It's probably also a good idea to install intrusion detection systems on the wirelessly connected hosts. Whether you take that step or not, it's important to maintain those hosts carefully, keeping up to date on all security patches (particularly the patches for the firewall and VPN software). Other actions may be a good idea as well, just remeber that every one of those wirelessly connected machines has to be able to withstand hacking on its own; there are no firewalls or barriers between those machines and the world, they are truly "bastion" hosts.
      • Put a "honeypot" wireless host or two out. Run a DHCP server on and put some other interesting stuff up (SMB is juicy). If it sees DHCP requests or other traffic, inform security and have them watch anyone who might be hanging around in publicly accessible halls or outside. If possible track down and silence the offending machine. A laptop equipped with a directional antenna and some 802.11b sniffing software that can be configured to look for a particular MAC address might be helpful.
      • Run your honeypots on the "default" 802.11b channel (6?), and run the real stuff on other channels. This isn't a barrier at all, but it does make naive attackers more likely to get caught by the honeypot.

      If all of that is too much effort, and security is important to you, then don't do wireless. When the built-in encryption is fixed you can look at wireless again; it still won't be quite the same as wired but the effort required to secure it will be lower and more related to how you manage your keys.

      • Can you suggest a VPN server for Linux?
        • I have to admit that I haven't actually used it (yet), but I hear good things about Free S/WAN [freeswan.org]. It's an implementation of IPSEC, which is a solid, public protocol. Free S/WAN is actually the only free VPN project for any platform that I'm aware of. Generally, this stuff is commercial, and not cheap. Usually, the least expensive way to build VPNs is actually to buy routers with the capability built in (nearly all commercial-level Cisco equipment has it, for example), but that doesn't really help the wireless hosts.

          There are some projects I've heard of to make PCMCIA 802.11b cards with IPSEC built into them, and, ultimately, that will be our best solution, I think. I hope someone sees a need for similarly-capable PCI and USB wireless adapters.

  • by joebp ( 528430 ) on Tuesday November 06, 2001 @11:34AM (#2527705) Homepage
    Umm, so lets look at some facts...
    • 801.1 outdoor range: approximately 100 to 300 metres.
    • 12 open networks found within 1Km.
    • In the financial district of London.
    Is this industrial-espionage-by-numbers?
  • Well, isn't it a very old story? I remember seeing it on /. quite a while ago.
  • how many clueless people are running corporate networks. It's the same with mail server worms etc etc. Patches never get applied and security features are not even switched on. Not that WEP is secure, but if the corp nets are advanced enough to be running wireless kit, they should be using an O/S that supports proper encryption and IPSec. And ALL wireless, remote and dial-up access should be regulated by an independant firewall, possibly with one-time authentication tokens such as RSA SecurID etc etc (insert favourite auth here...).
  • by Anonymous Coward on Tuesday November 06, 2001 @11:37AM (#2527716)
    There was a talk on this at Defcon this year. Pete Shipley was having success rates of 80 networks per hour in San Francisco.
    See: http://www.sans.org/infosecFAQ/wireless/war.htm and http://www.theregister.co.uk/content/8/18285.html
  • The problem seems to me to be one of inertia. Everyone with at least a vague knowledge of the facts is well aware that, whilst WEP is a small hurdle, it's really no obstacle to anyone who's vaguely determined to get in.

    On the other hand, it's some hassle to set up a firewall before plugging your access point in. Especially for development work, when you're not setting out to install a "proper" network, it's all too easy to just plug it in for a short period and hope, on the grounds that it'll somehow all be OK. Especially when deadlines are tight, setting up all the security properly is always going to be seen as too time-consuming.

    What's fairly inevitable is that there will come off the shelf access points with real security built in. Let's just hope it's not each manufacturer having their own proprietary standard, so there's no interoperability...
  • The way I read it... (Score:2, Interesting)

    by maniac11 ( 88495 )
    Already websites exist which list the wireless networks in major cities. Many of those listed are doing nothing to stop people using them.

    I read this as saying that the network owners are leaving their networks open on purpose. And really, why not? This is the way I have mine configured... Wireless Freenets anyone? If my machines are secure, why shouldn't I let the neighbor piggyback?
    • I read this as saying that the network owners are leaving their networks open on purpose. And really, why not? This is the way I have mine configured... Wireless Freenets anyone? If my machines are secure, why shouldn't I let the neighbor piggyback?

      Well, do you want a cracker using your network to launch attacks, and then just driving away? And anyhow, even if you decided you wanted to do that, you're an indivdual...I think the idea of letting anyone piggyback on their network would be less appealing to businesses.

  • by dave-fu ( 86011 ) on Tuesday November 06, 2001 @11:39AM (#2527727) Homepage Journal
    Not to be all "been there, done that", but I know guys who were doing it in downtown NYC a year and a half ago. Amazing how many Wall Street corporations can be so freaking clueless about segmenting off the generically insecure portions of their network.
    Sad to think that we'll have an entire generation of hackers growing up who have no idea what Tone Loc [packetstormsecurity.org] is just because wireless networks are so much of a sexier, easier target than open modem banks, isn't it?
    • I remember wardialing, back in the days of 'CALLPAK' and unlimited local calling.

      Now every local call costs a minimum of 3.5 cents, which isn't bad for the average user, but makes war dialing an expensive proposition.

      IIRC, the whole scene died out back around 1990, partly due to the rate changes, and partly due to increased telco monitoring of 'unusual activity' with rumors of improved computerized event correlation and visits from telco security really putting a damper on things.

  • by Anonymous Coward
    Check out BBC TV Center with a scanner... you can really fuck about with their radio mic's, of the fun.
  • by Angry Black Man ( 533969 ) <vverysmartman@@@hotmail...com> on Tuesday November 06, 2001 @11:41AM (#2527742) Homepage
    Could the next great bank robbery movie's big scene be some guy driving by the bank in an old Cadillac with a laptop and 802.11b in his lap while hacking money into his account?

    • Could the next great bank robbery movie's big scene be some guy driving by the bank in an old Cadillac with a laptop and 802.11b in his lap while hacking money into his account?

      Not in London. There are no streets wide enough to get a Cadillac into!

      Try a BMW or Honda.

    • Our hero theif will have to bungie from a helicopter in to the office building's atrium, then hang from his feet while he "hacks the network" because "sideband rf degradation" will prevent access from the street.

      The laptop may or may not feature transparent windows and Blue Steel decorations. But it will have an obvious Apple logo.
  • What is the point of a wireless network in these cases? do people really need to access their files from the bog? i think not. What if i drove around with a reasonably powerful transmitter and jammed the frequency? would every company in the city be screwed? Also, how do people who are imcompetant get good jobs? i would be interested to know, as i feel that i am a tiny bit less incompetant than most and would like to be in a high position (i can write in joined-up and make coffee on my own!!!).
  • by billmaly ( 212308 ) <bill,maly&mcleodusa,net> on Tuesday November 06, 2001 @11:42AM (#2527751)
    1. Individual companies knowingly installed these networks, and failed to encrypt and secure the access to them.

    2. "Hackers" used their own legally obtained hardware and software to identify these networks.

    3. They identified these networks while traveling on a public right of way.

    From where I sit, the people who do this are not doing anything wrong UNTIL they begin to wreak havoc on the network(s), and start causing problems for the companies. The onus is on the people setting up the wireless nets to secure them. If individuals can ID these networks, use them, and not cause damage, more power to them.

    If the network admins are dumb enough to setup these nets and NOT block unauthorized users, they deserve all the problems that they will inherit.

    Finally, why does a brick and mortar office NEED wireless? Isn't cat5 already available to every desktop? Wired nets are invulnerable to wireless hacks, hence, 100% secure against wireless hackers. Well, unless the wireless hackers find a vulnerable wireless net, hack onto your network throught that one.......yadda. :-)

    • From where I sit, the people who do this are not doing anything wrong UNTIL they begin to wreak havoc on the network(s), and start causing problems for the companies.

      Not in the UK mate
      The Computer Misuse Act 1990 makes it an offence to read a computer file that you do not have authorisation to read. (As well as other 'cracker' type offences)

      Basicly this also means that if I look over your shoulder in the office and read what is on your monitor I have commited a crimminal offence punishable by 5 years in prison! (last I looked)

      If the network admins are dumb enough to setup these nets and NOT block unauthorized users, they deserve all the problems that they will inherit.

      Aggreed. But remember that is isn't just sysadmins that suffer, but maybe some poor sod on 4quid an hour just trying to do their boring desk job. Also no matter what we know is right as geeks dosn't mean the legal world agrees with us (DMCA, micro$oft etc etc etc)

      • > The Computer Misuse Act 1990 makes it an offence to read a computer file that you do not have authorisation to read.

        slightly, (but crucially) wrong.

        It is an offence to make unauthorised access to a computer sniffing the data out of the ether without actually accessing a computer would seem to be legal loop hole.
    • One common application is wireless barcode scanners and warehouse management devices.
    • I don't know about the UK, but in the US, any sort of unauthorized access to a computer network is a crime - regardless of how easy it was to gain said access.

    • For myself, the answer is simply easy and unllimited access to the network without lugging that damn cable (that's never quite long enough) around everywhere you go.

      When I need to do an impromptu presentation of something on the net anywhere in the building, it becomes really easy and convienent. Or even more recently, when I've got three laptops to be used simultaneously and only one LAN drop... wireless comes to the rescue.

      Not to mention that our IS team seems to be very strict on lending out cat5 cables ;)

      • ...that I agree with your point about it not being unethical/illegal until something "bad" is done. Of course, "bad" is left to wild interpretation.

        IMHO, if you're simply using the open-access wireless to access the net for non-malicious means (surf, check your personal e-mail), then more power to you.

        If I wasn't worried about my cable access being cut off for sharing my connection, I'd love leave it open for passerbys -- I admit that the utopian idea of being able to access the net from anywhere anytime over a wide wireless LAN (WWLAN?) without paying intrigues me ;)
    • I'm not saying its not the responsibility of the admins to secure their network and machines. Bad adminstration can probably be linked to more than half of the hacks that go on (I cannot confirm that number).

      But, at the same time, if I leave the door to my house unlocked, and someone identifies that the door is unlocked, yeah, I'm dumb for leaving it unlocked, but they have no right to go into my house and read my private documents (take money, kick the dog, steal underwear, etc whatever they do).

    • by Nonesuch ( 90847 ) on Tuesday November 06, 2001 @12:15PM (#2527884) Homepage Journal
      In general, 'wardriving' aka Netstumbling [netstumbler.com], refers to the basic act of wandering around and logging the GPS coordinates and response of 802.11b wireless networks to broadcast 'beacon' requests.

      IANAL. I have been consulting with laywers, and this is a paraphrase of what they say (in the state of Illinois):

      The basic act of identifying a wireless network while on the 'public way' is ethical, and usually legal. The moment you connect to a network and begin to access their machines or use their resources, you are on very shaky ground ethically, and, while unlikely to be prosecuted, are committing a criminal act.

      Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!

    • The way I see it, it's pretty much like saying "Hey, did you know that at [Office building] there's a person who goes outside at 10:00 every day for a smoke break and they prop the door open with a brick so they can get back in" the information isn't illegal, but you could use it for illegal purposes.
    • Maybe ethical, depending on what you do. If you work next door, and are in the parking lot, thinking you are connected to your companies AP, but accually connecting to the neighbors, big deal. (Of cousre there may be a security problem, but that is a different issue)

      Likewise if you are working someplace and need access, and are not undermining the company it is ethical, assuming you are not using much bandwidth.

      I would recomend that munincapalities encourage buisness to leave their networks outside the firewall (you should use VPN to get in anyway), but firewalled to only have access to the company's website, city hall's VPN server, and any other services companys don't mind having unrestriced access to. City hall could give small tax breaks because they are using the system. Local goverments tend to have a lot of mobel units that need occosional access to city hall, but generally don't send a lot of data so they can connect to whatever network is nearby, and send their data.

      I don't care if my neighbors go into my garrage to borrow a shovel to do some gardening. I mind if they borrow my shovel every day, when I need it myself, or if they break it. But when I'm at work I don't care. Unfportunatly there are enough dishonest people that will take all my tools and never return them.

    • why does a brick and mortar office NEED wireless?

      You'll find a lot of the buildings in th UK can be as old as 500 years, but mostly the office's in traditional buildings were built in and around the 1800's. This means that there is a whole lot of stone to drill though, or large sections of floor that need to be ripped up to run cables, and in some buildings this is just plain impossible.

      So when an office in a building has say 24 points, and requires more (due to expansion, extra network printers, whatever), they sometimes need to obtain planning permission to put holes in walls, floors, etc. which can be a hassle if you're in a listed building. (You see the heritage people don't like anyone messing up old stuff).

      Therefore it can be just as easy to run a wireless net for a few PC's and save on the expensive and more cumbersome task of running a few more Cat V lines. Also, the cost of labour in London is hideously expensive so wireless net's are sometimes a cheaper alternative to a new hub/switch and Cat V cabling.

      OTOH there are some IT staff that just like playing with new stuff and can easily convince the people who sign the cheques that a wireless net it what the company needs, just 'cos they want to play with one.

      Either way, wireless nets are a lot less hassle to implement, even if security could be compromised. Really is a sackable offense in my opinion to allow this to happen, but hey, so is using the 'net for 'non-business use'.

      Dan.
  • by Chairboy ( 88841 ) on Tuesday November 06, 2001 @11:44AM (#2527755) Homepage
    At my company, we use WEP, but complete the connection you must log in using a VPN. We'll probably just switch to VPN only, but this makes me wonder how many of those networks simply did not have WEP enabled but DID require some other authorization to access network resources?

    Just because it does not have WEP does not mean it is secure.
    • It's generally safe to assume that an administrator who doesn't take the minimal first step of turning on WEP and 'require WEP', is an admin who isn't security-savvy enough to take the much bigger step of forcing all packets through an authenticating VPN gateway.

      Suggesting that a site might be secure and yet not have WEP is akin to suggesting that a host might be secure and yet not have enabled shadow passwords. Yes, it is possible, but it is higly unlikely.

      Actually, your last line almost says something very important, just change a couple of words:

      Just because a WLAN has WEP does not mean it is secure.

      Remember, "Security is a process, not a product"

      • I thought WEP had been proven insecure. Why would a competent admin turn it on if it wastes bandwidth without providing real security. I would think a competent admin would run a WLAN with WEP disabled. Of course the only thing on the WLAN segment would be a VPN concentrator and maybe a gateway to the Internet. And the gateway to the Internet would probably be monitored.

        Convenience and security. You can have both, so why wouldn't you. People are hyping wireless freenets. Is it surprising that a competent admin would provide a freenet as long as it isn't abused?
  • As you will get your IP form DHCP. You don't have an internet proveder or phone line to go through. Neat.
  • "Uh, breaker one-nine, you got a copy on that tasty feed?"

    "Yeah, ten-roger, the data 's thicker 'n bugs on a bumper tonight! For shore!"

    "Copy that, good buddy. Guess they'll never know why their stock price keeps droppin'!"

    "A firm a tiv, pard. Just keep your ears on, and never tell 'em yer' 20!"

    "Roger that. We gone, bye-bye."

    -- With apologies to C.W. McCall

  • Yeah, it's an old story for those of us here. I mean, shit, there was that story about the guys in silly valley (sorry, I don't have a link) what a year ago? Parked in Sun / Cisco / Oracle's parking lots and reading their email?

    Point of my post, maybe when a couple financial firms get cracked via this method it will be the necessary wake up call to some folks that information security is not a tack on service.

    - Cheers,
    - RLJ

  • Shielding (Score:3, Informative)

    by Anonymous Coward on Tuesday November 06, 2001 @11:54AM (#2527804)
    Actually, the biggest problem concerning wireless networks ist the sniffing. Using a Intersil Prism II - card in promiscuous mode, together with an USV in your car, you can even crack an 128 Bit - WEP - encrypted net in approx. 5 hours to 14 days. Thats why some firms went to shielding the buildings to keep the signal from reaching the street. Thats what a friend of mine and me found out asking some tech guys from alcatel at this year's systems in munich.
    If you're interested you might also check out the radio show with two guys from the CCC(www.ccc.de). They talk - among other things - about how they got IBM WEP-keys through social engineering at a systems some while ago.

    • Thats why some firms went to shielding the buildings to keep the signal from reaching the street.

      Meep!
      Surely it would be easier and cheaper just to install a conventional network!
      The world is mad!

  • Since there isn't currently a widely-supported and secure wireless protocol, they say that you should put your wireless network behind a firewall and treat it as an untrusted link. But they didn't actually do anything to see if the networks they were finding were firewalled off that way. So the article doesn't really say anything about deployed security. Of course, their correspondants probably actually know that the security sucks, but didn't want to demonstrate that.

    It does make an interesting example of how you can confuse people, though: they actually wrote an article in which they say they went looking for networks, found them, looked for security, didn't find it, and learned that the only good security wouldn't have shown up, and they didn't come to the conclusion that they weren't looking for the right things.

    Presumably these companies have insecure internet connections, but nobody would write an article about it without finding out if they have firewalls on them.
  • Um, Even guys like Peter Shipley (who thinks he's a vampire) know how to do this stuff, and that was reported about a year ago. Maybe we can post a story after Xmas about the world trade center?
  • by innate ( 472375 ) on Tuesday November 06, 2001 @12:14PM (#2527880)

    Since 802.11b uses a flawed encryption scheme [sourceforge.net] there is no way to make the over-the-air protocol truy secure.

    This does not mean that the networks are compromised. One way to set this up would be to leave the 802.11b interface wide open (thus making it easier for laptop-users to roam onto the network), but to place the wireless access point outside the firewall. Legitimate users VPN into the network (with VPN encryption of course). The exposure is no worse than any other point at which a private network is exposed to the public internet through a firewall.

    One problem is that "anyone" can set up a wireless access point for their personal use -- without realizing that they are exposing their company's LAN (Apple Airport anyone). A contributing factor is a false sense of security because most notebook 802.11b cards have a far shorter range than the access point broadcasts. Your notebook may not be able to pick up the signal outside the office but someone with an external antenna can pick it up at much greater range.

  • 1. Take a wireless Xcam and plug it in, in the same general vacinity as 802.11X network.

    2. Plug in the camera part

    3. Tune until wireless network no longer works.


    Cost of camera: $35.00
    Cost of electricity to operate said camera: $.02
    Cost of your favorite wireless internal LAN being completely shut down until you unplug your 'thingy': priceless.
  • Fluff (Score:4, Insightful)

    by Apotsy ( 84148 ) on Tuesday November 06, 2001 @12:15PM (#2527886)
    What a stupid article.

    It's hardly a secret that your laptop will see something when you're standing out in the parking lot near any company with an 802.11 network. That doesn't mean it's insecure. A company with even a smidgen of security sense will put the wireless network outside their firewall, and require employees to use VPN to access internal stuff. People on the outside may be able to get a little free internet access, but that's it.

    The article is very light on details, gives no information as to what "wide open" means (just because you can see the network, that does not mean it is insecure). There is only one mention of the word "firewall" in the whole thing, and even then it's very vague.

    I think this reporter has been duped by a couple of script kiddies. The supposed terms "war driving", "war pedalling", and "war walking" sound like something the kiddies made up on the spot, and later snickered at the reporter for believing.

    • Read the article (Score:5, Insightful)

      by strags ( 209606 ) on Tuesday November 06, 2001 @01:16PM (#2528454)
      I'll concede it's a little light on the technical details, but don't forget that this article is targetted at Joe Public.

      I think you missed the most revealing fact in the article: 8 out of 12 networks detected were not even using 802.11 encryption at all. Yes, we all know that 802.11 encryption is not secure, but the fact that people are broadcasting unencrypted packets does mean that the networks are incredibly insecure. I'm thinking of SMB, POP3, TELNET, FTP, or any other number of services that transmit either plaintext or weakly encrypted passwords.

      Yes, people should use VPNs, but the point of the article was that they're not.

      Also, "war driving" and "war pedalling" are actual, legitimate terms - I've seen them used on many occasions before, as would you, had you researched this at all before spouting off.

    • Re:Fluff (Score:3, Informative)

      by Old Wolf ( 56093 )
      My flatmate works for a wireless company here (not in America).

      You can walk down a main street here and plug into dozens of wireless networks who haven't enabled their security (it's disabled by default -- or enabled with a default password), and just get free 12Mbit internet to your laptop, as well as full access to the company's PCs (none of them do this VPN thing that some of you have mentioned).
  • duh! (Score:3, Funny)

    by sehryan ( 412731 ) on Tuesday November 06, 2001 @12:16PM (#2527891)
    you guys are so slow. everyone knows that for that last few years, to break into any major computer system, you just hold down control and double click on the pi sign on the bottom right hand corner of your screen.
  • by fleabag ( 445654 ) on Tuesday November 06, 2001 @12:18PM (#2527901)
    Where I work, we have a network segement that requires no log in. Assuming you have a laptop, you can connect and get internet access - you need no special software on your machine. You are firewalled (properly) from everything else. Activity is monitored by the IP address you are assigned: if you are doing something silly, you would be booted off. ( I think the monitoring is automatic, and based on bandwidth consumed - not sure)

    The whole point of this is that when people come in to do a presentation, they can get internet access without bothering the support team. Mucking around with VPN software etc on someone elses laptop always ends in tears.

    How many of these wireless networks are the same sort of thing? If people started to leech in earnest then more security would be applied.
    • Every time the issue of insecure wireless networks come up there's always a slew of posts talking about the proper way to deploy wireless. Quite often it has to do with the wireless access point's relation to a firewall. VPNs and other similar technologies quickly follow. Good stuff. But there's one issue that seems to be missed all the time. Rogue access points.


      Setting up a rogue access point in your office is simple and cheap. It will cost about $200 and setting it up is as easy as plugging it in to a spare network drop. Click. You no longer have to fight for a port on the conference room's hub. Of course, these access points tend to default in a highly functional but minimally secure configuration. So anyone within range of that access point doesn't have to fight for a port on the hub, or any physical connection, for access to the internal network either.


      One has to wonder how many of these discovered networks are found via rogue access points.


      This presents a serious problem for any company's network security. Rogue AP's can spring up like mushrooms. They're difficult to detect. And even if you do find one, its a game of whack-a-mole as you disable one while others pop up.


      So what to do? First thing to do is remove the motivation behind rogue access points. Make the darned things available. IT should be considering an appropriate roll-out of this technology now. If the demand isn't there yet, it will be later. And if you don't provide it, your end users will provide it themselves.


      Still need to hunt down rogue access points? Kirby Kuehl has a neat little project called aptools [sourceforge.net] to help.

  • by Anonymous Coward
    our leased line was performing badly at certain times of the day. Turns out some University CS students were using our connection to play Quake 3 from the students union.


    Not wanting to spoil all their fun, I allocated them some bandwidth :-)

  • It wasn't actually that long ago that me and a few mates were contemplating jumping in the car and driving down to the city armed with a few laptops with wireless nic's, set to DHCP AUTO mode!

    Seems a few people are doing this already and could be extremely dangerous. I wonder when the new 'hacking' or 'anti-terrorist' acts will come into place to stop you 'snooping public airspace for network availability' - it's bound to happen.

    I suppose that if you stand outside of a companys building, obtain an IP address on their wireless network and are able to browse parts of their internal LAN, you have gained illegal access. Or would the case be that the company has given public access to their network because it's not encrypted or protected enough? Fun debate.

    # bring back VHF scanners.. echo delta charlie..
  • I was surprised to find 802.11 access points not at one, but TWO neighboring car dealerships. The range was poor, but it made me ponder why they'd even have 802.11 in the first place.
  • I've been thinking about getting a 802.11b network going on my lan, and thinking about how to make it somewhat secure.

    My idea is to add a third NIC to my firewall/masq/server machine, which the wireless hub hanging exclusively off this NIC. That way I could add some ipchains rules that only apply to the wireless network.

    The question is, what sort of ipchains rules? One idea I had was to only allow the MAC address of known/authorized cards (this would require iptables/kernel 2.4 -- ipchains doesn't look at MAC AFAIK). Even though MAC address could be spoofed, it would probably be enough for my home lan.

    Is this similar to what other people have tried? What do other people do for this?

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (3) Ha, ha, I can't believe they're actually going to adopt this sucker.

Working...