War Driving History and Culture

Document Sample
War Driving History and Culture Powered By Docstoc
					                      War Driving History and Culture
                                               Introduction
        The growth of computer networking has moved at a rapid pace of the last forty years. The
concept that would eventually become the World Wide Web began in the 1950’swhen scientists
realized the need to network computers throughout the U.S. This led to research on among other
things decentralized networks and packet switching. By 1968 had developed into ARPANET
(the Advanced Research Projects Network). Over the following decades it grew into what has
now become the Internet. As time progressed a number of technologies developed which are
prevalent today. The 1980’s saw the development of TCP/IP and the domain name system. By
the late nineties the internet had grown from an extremely small network of computers only three
decades earlier, into a massive global network with millions of systems connected. 1


        With the rapid expansion of the internet into households (what type of households) new
technologies were released. Foremost among these was broadband internet access and wireless
networking. The number of High speed internet connections grew rapidly (from 5 million
Americans in June of 2000 to 66 million Americans in May of 2005, according to a Pew poll
released in 2005) 2


        Wireless networking technologies are not incredibly new, the first true wireless computer
network was the ALOHANET network created in Hawaii in the 1970’s. Primitive next to today’s
standards it none the less allowed seven computers on four different Hawaiian Islands to
communicate without wires 3 . By the late nineties this technology was available for consumer
purchase and wireless networks began to proliferate.


        Two international bodies worked to create standards that would govern how the internet
worked. One of the organizations was the I.S.O. (International Organization for Standardization).



1
  History of the Internet - Wikipedia
2
  Broadband Adoption in the United States: Growing but Slowing, Pew Poll -
http://www.pewinternet.org/PPF/r/164/report_display.asp
3
  Matt, F. (n.d.). Wireless local area networking: an introduction. Retrieved Nov. 02, 2005, from Tom's Networking
Web site: http://www.tomsnetworking.com/network/20010822/index.html.
It spent a considerable amount of time developing the Open Systems Interconnect Standard, but
the project fell into problems in the mid nineties and was eventually scrapped. 4


        Another standards organization is the “The Institute of Electrical and Electronics
Engineers”; which is an organization that is dedicated to the advancement of technology related
to electricity. It has had many notable achievements since it was formed in 1963 by the merger of
the AIEE (American Institute of Electrical Engineers) and the IRO 5 (Institute of Radio
Engineers), including development of a floating point standard for computer chips and
development of the IEEE 802 standard which set a standard for Local Area Networks (LAN’s). 6


        The IEEE 802 standard has been modified over the years; and while wireless networking
existed in a variety of forms dating back to ALOHANET, it was the IEEE ratification of the
802.11 standard that truly brought wireless networking into the mainstream. The IEEE 802
standard is the standard that deals with networks carrying variable-size packets 7 . The 802.11
working group is devoted to issues dealing with Wireless LAN. Also referred to as “Wi-Fi” The
first 802.11 standard covered only infrared networks and was created in 1997; in 1999 the IEEE
ratified the 802.11b standard which truly revolutionized wireless networking. 802.11b has an 11
mbit/second data rate and operates in the 2.4 GHz. After its ratification adoption of wireless
networks grew rapidly. This was supplemented in 2003 when the 802.11g standard was ratified,
offering wireless connections of up to 54 mbit/second. 8


        With the expanded availability of wireless networks consumers began to purchase
wireless devices at a rapid rate. An example of this can be seen in the rapid growth of access
points around the world.


        Network security was an issue long before the advent of wireless networks. In the 1980’s
a technique known as war dialing (or demon dialing) was used to try to find open computers on

4
  http://en.wikipedia.org/wiki/Open_Systems_Interconnect
5
  http://en.wikipedia.org/wiki/IRE 11-6-05
6
  http://en.wikipedia.org/wiki/IEEE#History 11-6-05
7
  http://en.wikipedia.org/wiki/IEEE_802 11-6-05
8
  802.11. (n.d.). Retrieved Nov. 02, 2005, from Wikipedia Web site:
http://en.wikipedia.org/wiki/802.11#802.11_legacy.
the internet. One method of war dialing utilizing an automated program to dial a block of phone
numbers 9 ; Toneloc was one such program. Another method of war dialing involved repeatedly
calling a single phone number (often times that of a bulletin board or BBS) and attempting to
connect to the system when someone logged off the service. Yet this required a relative degree of
skill and technical knowledge to perform. With wireless networks security becomes a much
greater issue because a computer may be unknowingly broadcasting personal information to the
outside world. As many people have adopted wireless networks they have failed to realize and
implement the security precautions that are becoming more and more necessary in today’s digital
world.


         The number of wireless “hotspots” (connections) has risen dramatically over the last
decade. At current count the number of access points in the Phoenix, Arizona area alone
numbered over one-hundred thousand. Yet at last count, more than sixty percent of these access
points did not implement security 10 . Some individuals have picked up on these open connections
as a way of getting free anonymous internet access. Others, in an effort to combat these security
issues, have begun to “wardrive” in an attempt to raise awareness of the many problems facing
wireless networks.


                                            Wardriving
     In his book “War driving – Drive, Detect, Defend”, author Chris Hurley defines War Driving
as “the act of moving around a specific area and mapping the population of wireless access
points for statistical purposes.” 11 It is important to note that the definition of war driving is not
exclusive to driving around in a car, indeed Mr. Hurley goes onto explain that “wardriving can
be accomplished by anyone moving around a certain area looking for data.” People have “war
drived” simply by walking around a neighborhood with a PDA 12 , or using a laptop while taking
a taxi or the subway 13 . An article about “War Driving” on Wikipedia leads to a page topic
entitled “WarXing,” which shows that an extremely wide variety of methods have been used to


9
  WarDialing - http://en.wikipedia.org/wiki/Wardialing - 11-2-05
10
   UAT WarDriving Project Data
11
   WarDriving- Drive Detect, Defend, Chris Hurley, Pg 3
12
   http://web.archive.org/web/20040214003105/http://www.pocketpcmag.com/Nov02/e_warwalking.asp
13
   Wardriving: Taipei Style, http://www.tomsnetworking.com/Sections-article83.php
search for wireless access points. These include: using an airplane to fly over an area in search of
access points (also known as WarFlying or WarStorming) and biking through an area with a
laptop (WarBiking) 14


     Peter Shipley, a computer consultant in Berkley, California, is credited with developing the
first software to automatically detect wireless networks. With his software he then preceded to
war drive the San Francisco Bay Area in 1999 and again in 2000. His research shows that the
number of secured access points did increase over the course of that year. 15


     Chris Hurley is also an architect of the “WorldWide WarDrive” project. Though the project
has ended it did find a number of interesting facts. Over the course of three years (two weeks in
2002 and one week each in 2003 and 2004) the project surveyed access points around the world.
The projects findings were quite interesting. Over the four year study the number of access
points found exploded from 9,374 in 2002 (the first year of the project) to 228,537 in 2004. That
is a 2,337 percent increase in the number of access points in just 3 years. Additional findings
showed that the number of secured access points rose from 30.13 percent of access points in
2002 to 38.3 percent of access points in 2004. Unfortunately the study also found that the
number of access points with default settings rose over time (a disturbing trend) 16


     Mr. Hurley is also one of the creators of the annual DefCon Wardriving Contest. The contest
now occurs during the annual DefCon conference in Las Vegas, where thousands of people from
around the world congregate each year to discuss issues involving among other things wireless
security. The first DefCon wardrives occurred in 2002, and involved 21 teams comprising
roughly eighty contestants. The rules were quite simple; points were awarded based on several
different factors, listed below
     •   1 Point for every Access Point (A.P.)
     •   2 Additional Points for A.P.’s with default SSID and no WEP enabled
     •   5 Additional Points for A.P.’s that were found by only one team


14
   http://en.wikipedia.org/wiki/WarXing
15
   Peter Shipley - http://www.dis.org/shipley/
16
   WorldWide WarDrive Project- Stats - http://www.worldwidewardrive.org/wwwdstats.html 11-3-05
     All teams were limited to four team members, and given only two hours in which to drive.
The event was a success and is now performed every year. Among the awards given out to the
winning team is a black DefCon badge. Only contest winners receive badges and they have
become a cherished piece of DefCon memorabilia. 17


For an individual to wardrive today very little is needed in terms of equipment. All they must
have is a laptop with a wireless card (a computer for this purpose can be purchased very cheaply
now), software designed to log the networks, and a GPS unit. Software exists for a variety of
devices and operating systems; from Windows, to a palm pilot. 18


        While wardriving can be performed by a single individual, it is often done in groups. For
the Phoenix WarDriving Project run by the University of Advancing Technology (which is
writing this paper) all drives must have at least two members, one individual drives while the
second navigates and operated the equipment, this rule is primarily set for safety reasons (it is
never safe to operate a computer while driving a car), yet also serves to reinforce an important
aspect of wardriving culture; the desire to socialize with others. Wardriving in a group allows for
group members to work together towards a common interest and goal


        Along with wardriving, a new method of pointing out wireless access points was
purportedly designed in 2002. Known as warchalking it involved using chalk symbols on the
sidewalk to point out wireless networks. It was very similar to the method used by hobos. It was
first publicized by a many named Matt Jones and immediately became a major news topic 19 (it
was listed as one of the New York Times “Ideas of the Year” in 2002) 20 Yet despite its immense
popularity in the media the ideas does not seem to have caught on. In his book, Mr. Hurley
described “WarChalking” as a myth 21 ; while a number of other individuals in the technology
field have questioned the validity of the fad. One website which deals with wireless internet
technology has said of warchalking


17
   WarDriving: Drive, Detect, Defend – Peter Shipley – Pgs. 246-263
18
   WarDriving: Drive, Detect, Defend – Peter Shipley – Pgs. 7-24
19
   http://www.jiwire.com/warchalking-introduction.htm
20
   The Year in Ideas; War-Chalking, The New York Times, December 15, 2002
21
   WarDriving – Drive,Detect,Defend – Pg 5
         “Despite a rush of media attention in the early days of Wi-Fi, warchalking was and is
         more a mental exercise and Internet conversation topic rather than a real-world
         phenomenon.” 22
         Inside the United States warchalking does not seem to have caught on as an actual
method. Though as mentioned the media has made a great deal of it.


         Wireless networks have been a big story in the news in recent years. A number of articles
have been published that condemn both open (unsecured) wireless networks, as well as
wardriving. Take for instance an article published in the St. Petersburg Times in July of this year.
In the middle of the article it says “…But experts believe there are scores of incidents occurring
undetected, sometimes to frightening effect. People have used the cloak of wireless to traffic in
child pornography, steal credit card information and send death threats, according to
authorities…” 23
     The article goes on further to give examples of crimes that have been committed by
individuals who have logged on to another persons wireless access point. The crimes include
     •   Death threats sent to a Tallahassee school principal via a neighbors access point
     •   A Florida man who used Wi-Fi to illegally access bank information to pay for internet
         pornography (not child pornography, however).
     •   A Michigan case in which a man was convicted of using a unsecured Lowe’s Home
         Improvement access point to attempt to steal credit card numbers 24


     In another article, the Toronto Sun again mentions wardriving and points to the arrest of a
man who was discovered downloading child pornography over a pirated wireless connection. In
mentioning wardriving it says:


“Stealing internet signals, or war driving as it is sometimes called, is becoming more and more
common among perverts trying to avoid online detection.” 25


22
   Warchalking 101, Paul Boutin, http://www.jiwire.com/warchalking-introduction.htm
23
   Alex Leary, July 4 2005, St. Petersburg Times, Accessed 11-6-05,
http://www.sptimes.com/2005/07/04/State/Wi_Fi_cloaks_a_new_br.shtml
24
   AlexLEARY, July 4 2005, St. Petersburg Times, Accessed 11-6-05,
http://www.sptimes.com/2005/07/04/State/Wi_Fi_cloaks_a_new_br.shtml
Both of these articles mention child pornography as major issues in the wireless world, yet other
than the case in Canada which is mentioned in the second article no other examples can be found
of someone masking child porn access via wi-fi connection. The St. Petersburg Times seems to
be written with some degree of fairness as towards the end of the article is says “Not everyone
has sinister intentions. Many Wardrivers do it for sport, simply mapping the connections out
there. Others see it as part public service, part business opportunity. When they find an
unsecured network, they approach a homeowner and for a fee, offer to close the virtual door.”

        Another way in which wireless access points have been used illegally has been to send
unsolicited e-mail (commonly known as spam). 2004 saw the first conviction of an individual
under the CAN-SPAM Act of 2003. According to an article on Cnet.com the individual admitted
to wardriving to detect open wireless networks, which he then used to send unsolicited e-mails.
He faces up to 3 years in prison when he is sentenced. 26

        While exploring the legal issues of Wardriving it quickly becomes clear just how murky
the legal waters are when dealing with wireless internet. A search of Cnet.com finds an article
which attempts to answer some of the legal questions posed by wireless internet 27 . It points to
TITLE 18 PART I CHAPTER 47 § 1030 of the United States Penal Code (which covers: Fraud
and related activity in connection with computers) states that someone who “…intentionally accesses a
computer without authorization or exceeds authorized access, and thereby obtains… …information from any protected
computer if the conduct involved an interstate or foreign communication…”    is guilty of a crime. However
the law was written in 1986 and was primarily designed to fight computer hacking. There has yet
to a court case which sets precedent in whether this law applies to wireless access points. In the
wake of the September 11, 2001 terrorist attacks and the subsequent formation of the Department
of Homeland Security it seems likely that the issue may change. Among the agencies that make
up the department is the US-CERT (Computer Emergency Readiness Team) which is tasked
with protecting the infrastructure of networks in the United States. Given the potential risk that
“wi-fi” crimes could grow it seems likely that this law could soon be adapted to include “Wi-Fi”
in its definitions.

25
    DRIVE-BY NET USER TARGETS KID PORN;, Nov 22, 2003, Kim Bradley, The Toronto Sun, Lexis Nexis, 11-
22-2003
26
    http://news.com.com/Wardriving+conviction+is+first+under+Can-Spam/2100-7351_3-5390722.html?tag=nl
27
   http://news.com.com/FAQ+Wi-Fi+mooching+and+the+law/2100-7351_3-5778822.html
        Additional laws are being formulated, which would shift at least some of the legal burden
of wireless networks to their owners. In Westchester County New York a law is pending which
would require businesses which provide wireless internet connections to utilize encryption. The
law, which provides a warning for the first violation and then increasing fines, is intended to
protect consumers from identity theft; it is also the first such law in the United States. Says
Andrew Newman senior assistant to County Executive Andy Spano, of the law "We are taking a
more proactive approach by protecting the networks." 28

        In addition to a number of possibly illegal ways of accessing wireless networks, another
legal method is rapidly growing in popularity. A number of businesses now offer wireless access
to their customers. The range of businesses is wide, ranging from car dealerships, to a wide
variety of restaurants, coffee shops and hotels (most notably among restaurants is Starbucks and
McDonalds). Both restaurants have a considerable number of locations. Thousands of Starbucks
across the country have Wi-Fi points offered through T-Mobile. It should be noted that wireless
hotspots offered by T-Mobile are based on the 802.1x standard and offer support for WPA (Wi-
Fi Protected Access) 29 . It appears, however, that implementing these protections is still the
consumer’s responsibility.

        Another issue which must be addressed when dealing with wireless access points is
whether sharing the access with others (allowing neighbors to use share your broadband for
example) is allowed by the Internet Service provider (I.S.P.).The Cnet article mentions that a
number of broadband internet providers, including Time Warner, Verizon and Cox Internet
prohibit sharing of bandwidth in their acceptable use policies 30 . For example, Cox Internet
includes the following in its list of prohibited actives: … Resell or redistribute the Service to any
third party via any means including but not limited to wireless technology.” 31 The article quotes
a Verizon employee who claims that their have been few issues with broadband sharing. Yet not
all service providers object to sharing service via Wi-Fi. Speakeasy, a DSL provider speaks
directly of this in its policies; stating “Speakeasy believes that shared wireless networks are in

28
   Local New York Law Targets Open Wi-Fi Networks, 11-10-05, Jay Wrolstad, Accessed 11-16-05,
http://www.newsfactor.com/story.xhtml?story_id=39309
29
   Starbucks Hot Spot Info – 11-16-05 - http://www.starbucks.com/retail/wireless_security_statement.asp
30
   FAQ: Wi-Fi mooching and the law, http://news.com.com/FAQ+Wi-Fi+mooching+and+the+law/2100-7351_3-
5778822.html, Declan McCullagh , 7/8/05
31
   Cox Acceptable Use Policy, http://www.cox.com/policy/#aup_5, 11-16-05
keeping with our core values of disseminating knowledge, access to information and fostering
community..." 32


Conclusion
           Wireless networking is a new technology that has seen tremendous growth over the last
ten years. As with almost all pieces of technology there are those who have (and will) use it for
illegal purposes; yet it seems clear that a majority of those using wireless networks are doing so
legally. It also seems clear that there are a number of individuals devoted educating the general
public on the need for wireless security. There is great hope that in the coming decade as the
number of access points continues to rise that so will the number of secured access points also
climb. Yet only time will be able to show if that is the case.




32
     Speakeasy Wi Fi Policy, http://www.speakeasy.net/netshare/terms/#Wi-Fipolicy, 11-16-05