Sunday, January 6, 2008

Chapter 1: Learning to WarDrive/Tools of the Trade or “What Do I Need?”

Tools of the Trade or “What Do I Need?”

This section will introduce you to all of the tools that are required in order to successfully WarDrive. There are several different configurations that can be effectively used for WarDriving, including:

  • Getting the hardware

  • Choosing a wireless network card

  • Deciding on an external antenna

  • Connecting your antenna to your wireless NIC

The following sections discuss potential equipment acquisitions and common configurations for each. 

Chapter 1: Learning to WarDrive/The Legality of WarDriving

The Legality of WarDriving

According to the FBI, it is not illegal to scan access points, but once a theft of service, denial of service, or theft of information occurs, then it becomes a federal violation through 18USC 1030 (www.usdoj.gov/criminal/cybercrime/_1030_new.html). While this is good, general information, any questions about the legality of a specific act in the United States should be posed directly to either the local FBI field office, a cyber crime attorney, or the U.S. Attorney’s office. This information only applies to the United States. WarDrivers are encouraged to investigate the local laws where they live to ensure that they aren’t inadvertently violating the law. Understanding the distinction between “scanning” or identifying wireless access points and actually using the access point is understanding the difference between WarDriving, a legal activity, and theft, an obviously illegal activity.

Chapter 1: Learning to WarDrive/The Truth about WarDriving

The Truth about WarDriving

The reality of WarDriving is simple. Computer security professionals, hobbyists, and others are generally interested in providing information to the public about security vulnerabilities that are present with “out of the box” configurations of wireless access points. Wireless access points that can be purchased at a local electronics or computer store are not geared toward security. They are designed so that a person with little or no understanding of networking can purchase a wireless access point, and with little or no outside help, set it up and begin using it.

Computers have become a staple of everyday life. Technology that makes using computers easier and more fun needs to be available to everyone. Companies such as Linksys and D-Link have been very successful at making these new technologies easy for end users to set up and begin using. To do otherwise would alienate a large part of their target market. In Chapter 10, a step-by-step guide to enabling the built-in security features of these access points is discussed.

Warchalking Is a Myth

In 2002, the news media latched onto something called warchalking. Warchalking is the act of making chalk marks on buildings or sidewalks to denote the presence and availability of wireless networks. Playing off of the practice of hobos during the Great Depression who would mark homes or areas to communicate information about the area to other hobos, warchalkers use a series of symbols to alert others as to what type of wireless network they will find in that area. Three primary symbols used by warchalkers are illustrated in the following figures. Figure 1.1 indicates an open node, or one in which WEP encryption is not utilized and individuals are encouraged to use. The Service Set Identifier (SSID) or network name is chalked above the symbol and the available bandwidth speed is chalked below the symbol.

Figure 1.2 indicates a closed node. One that is not open for public use. The SSID or network name is chalked above the symbol and nothing is chalked below the symbol.

The symbol in Figure 1.3 indicates a node with WEP encryption enabled. This should be viewed as an unequivocal stop sign. The SSID and contact information to arrange for authorized access are chalked above the symbol and the available bandwidth is chalked below the symbol. Aside from hot spots such as Starbucks, there have been very few actual sightings of warchalked wireless networks. Despite the media hype surrounding warchalking, it is generally viewed as a silly activity by WarDrivers. A recent poll on the NetStumbler forums (https://forums.netstumbler.com) was unable to find even one person that had actually chalked an access point. The results of the survey can be seen in Figure 1.4. More information on the NetStumbler Forums and other online WarDriving Communities is presented in Chapter 8 of this book.

Chapter 1: Learning to WarDrive/WarDriving Misconception

WarDriving Misconceptions

These days, you might hear people confuse the terminology WarDriver and Hacker. As you probably know, the term hacker was originally used to describe a person that was able to modify a computer (often in a way unintended by its manufacturer) to suit his or her own purposes. However, over time, owing to the confusion of the masses and consistent media abuse, the term hacker is now commonly used to describe a criminal; someone that accesses a computer or network without the authorization of the owner. The same situation can be applied to the term WarDriver. WarDriver has been misused to describe someone that accesses wireless networks without authorization from the owner. An individual that accesses a computer system, wired or wireless, without authorization is a criminal. Criminality has nothing to do with either hacking or WarDriving.

The news media, in an effort to generate ratings and increase viewership, has sensationalized WarDriving. Almost every local television news outlet has done a story on “wireless hackers armed with laptops” or “drive-by hackers” that are reading your e-mail or using your wireless network to surf the Web. These stories are geared to propagate Fear, Uncertainty, and Doubt (FUD). FUD stories usually take a small risk, and attempt to elevate the seriousness of the situation in the minds of their audience. Stories that prey on fear are good for ratings, but don’t always depict an activity accurately.

An unfortunate side effect of these stories has been that the reporters invariably ask the “WarDriver” to gather information that is being transmitted across a wireless network so that the “victim” can be shown their personal information that was collected. Again, this has nothing to do with WarDriving and while a case can be made that this activity (known as sniffing) in and of itself is not illegal, it is at a minimum unethical and is not a practice that WarDrivers engage in.

These stories also tend to focus on gimmicky aspects of WarDriving such as the directional antenna that can be made using a Pringles can. While a functional antenna can be made from Pringles cans, coffee cans, soup cans, or pretty much anything cylindrical and hollow, the reality is that very few (if any) WarDrivers actually use these for WarDriving. Many of them have made these antennas in an attempt to both verify the original concept and improve upon it in some instances.

Chapter 1: Learning to WarDrive/The Terminology History of WarDriving

The Terminology History of WarDriving

The term WarDriving comes from WarDialing, a term you may be familiar with being that it was introduced to the general public by Matthew Broderick’s character, David Lightman, in the 1983 movie, WarGames. WarDialing is the practice of using a modem attached to a computer to dial an entire exchange of telephone numbers (often sequentially—for example, 555-1111, 555-1112, and so forth) to locate any computers with modems attached to them.

Essentially, WarDriving employs the same concept, although it is updated to a more current technology: wireless networks. A WarDriver drives around an area, often after mapping a route out first, to determine all of the wireless access points in that area. Once these access points are discovered, a WarDriver uses a software program or Web site to map the results of his efforts. Based on these results, a statistical analysis is performed. This statistical analysis can be of one drive, one area, or a general overview of all wireless networks.

The concept of driving around discovering wireless networks probably began the day after the first wireless access point was deployed. However, WarDriving became more well-known when the process was automated by Peter Shipley, a computer security consultant in Berkeley, California. During the fall of 2000, Shipley conducted an 18-month survey of wireless networks in Berkeley, California and reported his results at the annual DefCon hacker conference in July of 2001. This presentation, designed to raise awareness of the insecurity of wireless networks that were deployed at that time, laid the groundwork for the “true” WarDriver.

Chapter 1: Learning to WarDrive/What’s in a Name?

What’s in a Name?

WarDriving is the act of moving around a specific area and mapping the population of wireless access points for statistical purposes. These statistics are then used to raise awareness of the security problems associated with these types of networks (typically wireless). The commonly accepted definition of WarDriving among those who are actually practitioners is that WarDriving is not exclusive of surveillance and research by automobile – WarDriving is accomplished by anyone moving around a certain area looking for data. This includes: walking, which is often referred to as WarWalking; flying, which is also referred to as WarFlying; bicycling, and so forth. WarDriving does NOT utilize the resources of any wireless access point or network that is discovered without prior authorization of the owner.