Drive-By Hacking in London

delibes writes "The BBC News website carries this story about hacking wireless networks in London's financial centre. " There isn't really much in the way of details, just saying that many businesses don't encrypt their networks. They talk about finding 12 networks while driving 1km... 8 of which had no encryption.

Re:Trend?

[42forty-two42]

Dateline: 2999: A teenage hacker was caught hacking into the NASA's 802.11z using chewing gum, a toy slingshot, two day-old salmon, and a ball of twine. Details at eleven.

More info

[Da+J+Rob]

For those who want to read more on this subject, check out this past slashdot article

Or just go here.

Well,

[big_groo]

I have to believe that the network honchos at these companies are in the *testing* phase of their wireless implementation. I bet some of them just threw up the network, with some monitoring tools - just to see what would happen.

That's what I'd do.

Re:Well,

[friscolr]

If that was the case then it wouldn't be possible to so fully exploit these networks.

walk around town with laptop in backpack then go somewhere to see what's been found - like an internet cafe, which is also useful for probing the network in question (like probing their network from the outside to find what router to spoof - determine this based off the ips in the tcpdumps from the walk) - here's what i've found

most of the unencrypted networks found will have nice tcpdumps chock full of arp requests, novell and nt broadcast messages. can tell you a lot about the network in question.

if you can find a discrete location close to the building in question then you have your entry point. of course cops dont really know what you're doing anyways (though they give some real wierd stares at 3am) so you might be safe. spoofing the router is generally wasy, gaining external access should be fine, sometimes they're real kind and leave a dhcp server accessible for you. but either all these places have taken the time to setup some real nice honeypost or they're real.

i'm giving a talk about this at rubi-con, plus my webstie has more info, not that i've done anything like this, of course.

I don't believe it!

[Andy_R]

from the article:

"From an attackers point of view you want back roads because there is less road traffic," said Codex, "and you might be able to park when you find a network."

Are they seriously suggesting that you can find a parking space in central London during office hours?

I See Movies Going Down Hill

[Angry+Black+Man]

Could the next great bank robbery movie's big scene be some guy driving by the bank in an old Cadillac with a laptop and 802.11b in his lap while hacking money into his account?

Is this ethical/legal or not?

[billmaly]

1. Individual companies knowingly installed these networks, and failed to encrypt and secure the access to them.

2. "Hackers" used their own legally obtained hardware and software to identify these networks.

3. They identified these networks while traveling on a public right of way.

From where I sit, the people who do this are not doing anything wrong UNTIL they begin to wreak havoc on the network(s), and start causing problems for the companies. The onus is on the people setting up the wireless nets to secure them. If individuals can ID these networks, use them, and not cause damage, more power to them.

If the network admins are dumb enough to setup these nets and NOT block unauthorized users, they deserve all the problems that they will inherit.

Finally, why does a brick and mortar office NEED wireless? Isn't cat5 already available to every desktop? Wired nets are invulnerable to wireless hacks, hence, 100% secure against wireless hackers. Well, unless the wireless hackers find a vulnerable wireless net, hack onto your network throught that one.......yadda. :-)

Encryption not as important as VPN

[Chairboy]

At my company, we use WEP, but complete the connection you must log in using a VPN. We'll probably just switch to VPN only, but this makes me wonder how many of those networks simply did not have WEP enabled but DID require some other authorization to access network resources?

Just because it does not have WEP does not mean it is secure.

Re:Yeah, you may have gotten the bank's secret dat

[pubjames]

I used to live in Brixton in South London. At first, I was against the cameras, but then I saw how they had a positive effect on reducing crime.

I now live in central Barcelona, where the pickpocketing and bag snatching is terrible. Frankly I wish they would install those cameras here.

And having walked around the streets of New York and San Francisco at night, I think they wouldn't go amiss there either.

It's not the cameras that you need to be afraid of, it's how they are used. As far as I can see they have had a good effect on reducing crime in many UK crimespots, without any infringements on anyones personal freedom (unless you're completely paranoid, in which case you'd better stay indoors with the lights out and your lead helmet on).

Re:Yeah, you may have gotten the bank's secret dat

[Rogerborg]

The thing that you have to understand about the UK is that there really is a history of these things been put in place and then not used, through apathy, budget constraints, or good old fashioned incompetence.

The omnipresent cameras are useless for identifying individuals; all they are used for is to grab grainy, wobbly pictures of suspects that identify height, clothing (maybe) and gender (if you're lucky) which are then splashed all over tabloids and the TV as part of appeals for actual eye witnesses to come forward.

A few more examples. The UK has had a DMCA since 1988, but few people know about it, because it's never been used. The RIP act, that mandates prison sentences if you fail to hand over encryption keys, is again a paper tiger because the Home Office doesn't have the budget to train anyone in its use. In fact, the police already suffer from having a surfeit of powers.

There was a case last year of a young student who went missing, sparking a nationwide hunt for her. She (or someone purporting to be her) sent an email from an internet cafe claiming that she was all right. The police eventually found her not by tracking back the message through the headers to find the cafe (a 30 second process), or through cameras, or through any technological procedure. Instead, they guessed where she was by looking at her past history, then blanketed the area with police handing out leaflets to cybercafes, until they got a response from an owner, then they staked it out until she turned up again.

So, sure, the UK has Draconian laws (but I'm sure the US will catch up), and sure, open networks and all that, but on the other hand, blurgh, it's a typical wet and windy British night tonight, and the Evil Things will be tucked up all warm and cosy in bed, not prowling the land looking for innocents to molest. ;-)

Re:Is this ethical/legal or not? Is WLAN worth it?

[Nonesuch]

In general, 'wardriving' aka Netstumbling, refers to the basic act of wandering around and logging the GPS coordinates and response of 802.11b wireless networks to broadcast 'beacon' requests.

IANAL. I have been consulting with laywers, and this is a paraphrase of what they say (in the state of Illinois):

The basic act of identifying a wireless network while on the 'public way' is ethical, and usually legal. The moment you connect to a network and begin to access their machines or use their resources, you are on very shaky ground ethically, and, while unlikely to be prosecuted, are committing a criminal act.

Wireless networks are not only much less secure than wired, they are also considerably slower and less reliable. I have difficulty getting a reliable wireless connection more than fifty feet away from the AP. I have ethernet cables longer than that!

Fluff

[Apotsy]

What a stupid article.

It's hardly a secret that your laptop will see something when you're standing out in the parking lot near any company with an 802.11 network. That doesn't mean it's insecure. A company with even a smidgen of security sense will put the wireless network outside their firewall, and require employees to use VPN to access internal stuff. People on the outside may be able to get a little free internet access, but that's it.

The article is very light on details, gives no information as to what "wide open" means (just because you can see the network, that does not mean it is insecure). There is only one mention of the word "firewall" in the whole thing, and even then it's very vague.

I think this reporter has been duped by a couple of script kiddies. The supposed terms "war driving", "war pedalling", and "war walking" sound like something the kiddies made up on the spot, and later snickered at the reporter for believing.

Re:2600

[xanadu-xtroot.com]

You can always watch them doing it too. :-)

This may not be as bad as it sounds

[fleabag]

Where I work, we have a network segement that requires no log in. Assuming you have a laptop, you can connect and get internet access - you need no special software on your machine. You are firewalled (properly) from everything else. Activity is monitored by the IP address you are assigned: if you are doing something silly, you would be booted off. ( I think the monitoring is automatic, and based on bandwidth consumed - not sure)

The whole point of this is that when people come in to do a presentation, they can get internet access without bothering the support team. Mucking around with VPN software etc on someone elses laptop always ends in tears.

How many of these wireless networks are the same sort of thing? If people started to leech in earnest then more security would be applied.

Re:interesting...

[swillden]

now, as we all know, encryption isn't the one-stop shop in terms of securing data. in a wireless environment where intruders can get at you with relative ease, what other forms of protection are there against having data stolen?

In a wireless network encryption is your only defense. Remember, though, that the encryption built into 802.11b cards and access points is lousy and trivially easy to break, even with the larger key size.

If security matters to you, you need to:

• Put a VPN-equipped firewall between your wireless access point and the rest of your network. Configure the firewall so that it only allows VPN connections, rejecting everything else.
• Run VPN client software and firewalls on all of the machines you connect to the wireless network. Make sure the firewalls are configured to reject all incoming connections and permit only VPN outgoing connections.
• It's probably also a good idea to install intrusion detection systems on the wirelessly connected hosts. Whether you take that step or not, it's important to maintain those hosts carefully, keeping up to date on all security patches (particularly the patches for the firewall and VPN software). Other actions may be a good idea as well, just remeber that every one of those wirelessly connected machines has to be able to withstand hacking on its own; there are no firewalls or barriers between those machines and the world, they are truly "bastion" hosts.
• Put a "honeypot" wireless host or two out. Run a DHCP server on and put some other interesting stuff up (SMB is juicy). If it sees DHCP requests or other traffic, inform security and have them watch anyone who might be hanging around in publicly accessible halls or outside. If possible track down and silence the offending machine. A laptop equipped with a directional antenna and some 802.11b sniffing software that can be configured to look for a particular MAC address might be helpful.
• Run your honeypots on the "default" 802.11b channel (6?), and run the real stuff on other channels. This isn't a barrier at all, but it does make naive attackers more likely to get caught by the honeypot.

If all of that is too much effort, and security is important to you, then don't do wireless. When the built-in encryption is fixed you can look at wireless again; it still won't be quite the same as wired but the effort required to secure it will be lower and more related to how you manage your keys.

Read the article

[strags]

I'll concede it's a little light on the technical details, but don't forget that this article is targetted at Joe Public.

I think you missed the most revealing fact in the article: 8 out of 12 networks detected were not even using 802.11 encryption at all. Yes, we all know that 802.11 encryption is not secure, but the fact that people are broadcasting unencrypted packets does mean that the networks are incredibly insecure. I'm thinking of SMB, POP3, TELNET, FTP, or any other number of services that transmit either plaintext or weakly encrypted passwords.

Yes, people should use VPNs, but the point of the article was that they're not.

Also, "war driving" and "war pedalling" are actual, legitimate terms - I've seen them used on many occasions before, as would you, had you researched this at all before spouting off.