Jewish World Review

JWR's Pundits
World Editorial
Cartoon Showcase

Mallard Fillmore

Michael Barone
Mona Charen
Linda Chavez
Greg Crosby
Larry Elder
Don Feder
Suzanne Fields
James Glassman
Paul Greenberg
Bob Greene
Betsy Hart
Nat Hentoff
David Horowitz
Marianne Jennings
Michael Kelly
Mort Kondracke
Ch. Krauthammer
Lawrence Kudlow
Dr. Laura
John Leo
David Limbaugh
Michelle Malkin
Jackie Mason
Chris Matthews
Michael Medved
MUGGER
Kathleen Parker
Wes Pruden
Sam Schulman
Amity Shlaes
Roger Simon
Tony Snow
Thomas Sowell
Cal Thomas
Jonathan S. Tobin
Ben Wattenberg
George Will
Bruce Williams
Walter Williams
Mort Zuckerman

Consumer Reports


'Wardrivers' prowl neighborhoods in search of free Internet

http://www.jewishworldreview.com | (KRT) TALLAHASSEE, Fla. The SUV rolled to a stop at the intersection, then turned and slowly headed east.

With one hand, the driver tapped keys on the laptop mounted next to him. The sound it made was rhythmic, pulsing, like a laser gun in slow motion.

"This sends out a ping to their network, like a submarine, and says, `Hey, anybody out there?' " he said. "We'll see if anyone answers."

The first computer responded almost immediately.

"BEEP!"

Two more quickly followed.

The driver slowed and made a left onto a residential street, a good hunting ground for home computers.

Six more beeps. The signals were coming from the houses. He pointed to a green dot on the screen.

"That means it's wide open," he said. "You'd be surprised at what you can do when they're open."

The man is what hackers call a "wardriver," a tech junkie who trolls the streets picking up stray signals from wireless computer systems, nicknamed "WiFi."

Donate to JWR

Last week - on the condition of anonymity - he agreed to show how it works.

There are hundreds, maybe thousands, of wireless-computer users in Tallahassee. The technology lets them remotely connect to the Internet with only a laptop. No cords, no plugging in - just convenience and mobility.

Risk, too, if they aren't careful.

Anytime one person sends information through the air, someone else can hijack it - and maybe ride those wireless waves straight into an unguarded computer.

Then? Possible access to Internet accounts, business files, personal information, even money.

It can be prevented with the right security. But more often than not - better than half the time by most estimates - wireless users don't bother.

The wardriver started with the east side, rolling slowly past homes and businesses while his computer scanned.

Each time he found a wireless network, the laptop beeped, logged its information and sent its exact location to a global positioning device.

"When I first started this, I might drive down Sixth Avenue and get one or two," he said. "Now, it's constant beeps from North Monroe to the hospital.

"If you go into an apartment complex, oh my gosh, they're all over the place," he said.

In more than two hours of cruising, he logged nearly 100 networks. Only about one-third of them were running security programs.

Each network showed as a line on the laptop: A dot - red, green or yellow for signal strength - followed by the names the owners had given them.

Just those names gave away tiny bits of personal information.

They scrolled down the screen as he neared Capital Circle Northeast: "Gerry's Office." "Matt&Jenn." "AV Tech."

"You wouldn't believe it," the man said. "Some people use their full names, their phone numbers, even their home addresses."

He made two quick turns and pulled to a stop in the parking lot of an office complex. One of the networks from a nearby business looked vulnerable.

It was time to try to get in.

"If you can get in, well, then, you would have access just like an employee," he said.

Wardrivers divide themselves into two groups: white hats and black hats, good guys and bad.

The difference lies in intention.

Technically, wardriving - simply detecting open networks - is not illegal. Not until you actually use the signal to get into someone else's computer.

White hats say they only look for the networks. The black hats are the "crackers," the ones who actually break in to computers.

"It doesn't take a ton of work to be sophisticated enough to be able to exploit these vulnerabilities," said Alec Yasinsac, an assistant professor at Florida State University and co-founder of the school's Security and Assurance in Information Technology lab.

Earlier this month, the FBI arrested two men in Southfield, Mich., a suburb of Detroit, for cracking the network of a home-improvement store chain. They'd gotten in through the wireless network of the Michigan store and followed an electronic trail all the way to the company's headquarters in North Carolina. There, they were able to snoop customer credit-card numbers, according to the FBI.

That's one of the dangers of networks with flimsy security.

But it's not just money - any information sent over an unencrypted network is vulnerable: medical records, legal documents, government files, everything.

Agents on a recent test drive from the Florida Department of Law Enforcement building on Phillips Road to the Capitol found 14 unsecured systems, including doctors' and lawyers' offices, according to Bob Breeden, supervisor of the Florida Computer Crime Center.

Undoubtedly, some had been cracked, but the owners likely didn't know it, he said.

Security experts figure it's a frequent occurrence.

"I can't imagine that people have not started using these access methods to get around the system in Tallahassee, especially with all the lawyers and political offices we have here," Yasinsac said.

And what about home users?

The chances are fairly low that a cracker with the skills to do serious harm would attack a home network, according to Yasinsac and other security experts.

However, there are some real dangers, mostly from "script kiddies" who download cracking programs from the Net.

They aren't sophisticated hackers, knowing just enough to use malicious software, but not enough to understand how it really works.

"So they're going to go after the low-hanging fruit," said Louis Brooks, a Florida State University grad student who works with Yasinsac in the security lab.

The "kiddies" can inject viruses into your network, snatch passwords and credit-card numbers, or, what's considered most likely, steal your Internet service.

There's room for only so many users on any home's Internet connection. If an intruder is online, or secretly changes your settings, you could be blocked out.

Worse, if one does something illegal over the Net, the trail will stop at your door.

Breeden said his agents investigated a case last year in which someone sent threatening e-mails to a public-school official.

They tracked the missives to a home in a northeast Tallahassee neighborhood, where a father, mother and son were using a wireless network.

Turned out the e-mails didn't come from them, but from someone who'd hijacked their signal, Breeden said.

The wardriver was on the prowl again, rolling through the Florida State University campus.

The last network he'd tried had defied him, so he was looking for an easier target. He passed by a sorority house.

"BEEP."

A green dot on the computer screen. No padlock icon - the sorority's network was broadcasting and not encrypted.

He went around the block, parked in a shadowed alley and put both hands on the keyboard.

"This is illegal," he said. "I'm just going to do this to show you how it's done."

First, a signal to get his laptop recognized by the network in the house, then another for electronic permission to come in.

Granted.

A few seconds later, the Democrat's Web site appeared.

"We're online!" he said. "Just like that."

He was logged on to the system. Now, time to see just how far he could get. He started a "port scan," searching for openings into the other computers on the network.

Code scrolled across the screen and the first results appeared, a list of all the computers in the sorority - Jen's, Erika's and others. More information, the brands of computers and types of software they were using.

Then a listing of each one's vulnerabilities.

"I'm surprised," he said. "Most of them seem pretty secure."

Until the last one.

It was running Kazaa, a program that allows users to share music files across the Internet. That meant at least part of the hard drive was open.

He'd gotten inside the network, all the way to the door of this computer. Just that much was against the law. Any further would be a serious intrusion.

But, if he wanted to, could he?

A grin.

"No problem."

Every weekday JewishWorldReview.com publishes what many in Washington and in the media consider "must reading." Sign up for the daily JWR update. It's free. Just click here.


Comment by clicking here.

Up

© 2003, Tallahassee Democrat Distributed by Knight Ridder/Tribune Information Services