Slashdot Mirror
FBI Warns Companies About Wireless Warchalking
nobilid writes: "Well-meaning wireless activists have caught the attention of the U.S. Federal Bureau of Investigation. One of its agents has issued a warning about the popular practice of using chalk marks to show the location of wireless networks."
The FBI is not saying that setting up free wireless networks is a bad thing. They're warning companies that run WLANs to check for warchalking around their buildings and check their LANs for security. This is what they should be doing, but considering how many idiot admins there are out there, they need the FBI to give them security advice.
Typical.
At least the FBI are warning the companies and not arresting the warchalkers.
to install M$ patches for well known exploits, what are the chances that they'll take the additional effort to lockdown their wireless networks, then modify all their client PC's?
They will only do this after they've been 0wN3d. As per usual.
you don't, but the companies do.
Most would probably think that those marks were either a) gang related or b) random garbage.
"The FBI is now telling companies that, if they see the chalk marks outside their offices, they should check the security of wireless networks and ensure they remain closed to outsiders. "
Hey, how about you do this even if you DONT see chalk marks?
Don't Tread on Me
The FBI is telling companies, "If you see this symbol outside your building, it probably means that your network is accessable from the outside. Make sure this is what you want." What's so wrong with that?
"Do I dare disturb the universe?"
At least the FBI are warning the companies and not arresting the warchalkers.
Well maybe that's because warchalking isn't ILLEGAL... All they're doing is walking around with a laptop and noting when someone else is broadcasting networking signals in an area. It's against federal law to attack the computers on that network, or misuse their bandwidth to mess with other people's computers, but putting a chalk mark on a wall to signify that the schmucks inside need to tighten their security is probably the least destructive thing they could do to them. It's like publicly announcing a security hole in a Microsoft product, except they do so by taping a notice to the door of Microsoft's front lobby. Sure, it's public so anyone can read it, but the number of people who pass by it is very small (compared to putting this info on a web page like another poster mentioned), and most of those people are are very likely to be the Microsoft employees themselves...
Because this isn't the point of warchalking. Most warchalkers - and I made the first ever warchalking mark - use them to mark out their own open nodes, for the sake of others using them. I've seen many many warchalking marks around London, and none of them is for an unintentionally available network.
The FBI's whole premise is bollocks, and you shouldn't assume that because it's possible to mark up a wlan that isn't yours that people actually do.
Have you ever TRIED telling someone that you're not employed by that they have security issues? (If you're an employee, it's still a hard enough issue sometimes, depending on politics).
I had a friend who had a friend who ran a webshop, with everything running NT. We benignly poked around for all of about 90 seconds probing for 2 known NT holes (had been known about for over a year at that point) and found the entire database for a local HR company completely exposed via the web (SQL Server 7 I believe it was). Repeated phone calls and emails to that shop went unnoticed. Notifying the HR company that their data was exposed and that they should notify their webshop resulted in threats of lawsuits and other less legal retaliatory measures for 'hacking', 'breaking in', etc.
Walking in to someone's house through their open front door is seen as bad, even if you're simply trying to tell them that their door is open and they should close/lock it because of burglars. Hell, you might even be a master locksmith, but they'll probably still call the police.
It's just not that easy to tell the network owners they are vulnerable. You may very well face 'hacking' charges.
creation science book
If you leave your lights on at night with the windows open does this make it immoral for me to stand outside and read my newspaper in the glow emitted?
Maybe I'm crazy, but every single article I've ever read about warchalking has implied to me that the purpose of warchalking was to break into networks not owned by you. This includes articles both by people for and by people against the practice. I have never heard of using warchalking in order to tell people about an intentionally accessible network.
In fact, to me, that makes absolutely no sense. Why not just put up a flyer? Why use obscure chalk marks on the wall that can wash away? The only benefit that warchalking marks have over a flyer is that most people won't recognize them. The only reason that you wouldn't want people to recognize the marks is if you don't want the people running the network to realize that it is open.
Might I also add that if you did "invent" warchalking, you chose just about the worst name possible. Every technical person I know who has heard that word immediately associates it with the term "wardialing". Wardialing is not a benevolent act, and in fact, is about as rude and hostile as possible. Perhaps you need to think a little more about these things next time around, and perhaps you need to talk to the people out there warchalking, because I've never been given any impression by their words and actions excepting that all they want is a free ride on a network that isn't theirs to play with.
-[Blaine]- "'Oh dear,' says God, 'I hadn't thought of that,' and promptly vanishes in a puff of logic."
To clarify: it does not mean operating an open 802.11 access point is a crime, but instead that using someone else's 802.11 access point without their permission is a crime. That's a good point, and should be used as the basis to prosecute spam and DOS attacks.
Warchalkers have questioned the scare stories surrounding the phenomena, saying that anyone with malicious intent is unlikely to publicly mark their target.
It's not the warchalkers themselves that are the great security risk, it's the people who are going to use the open WLANs for malicious purposes who otherwise wouldn't have done the legwork to go out and find the open holes.
No no no. you've got it all wrong. The reason people should be warchalking is to mark OPEN nodes. Nodes that belong to groups like Personal Telco Project in Portland, OR, or Seattle Wireless, or Austin Wireless. These nodes are MEANT to be used for FREE by the PUBLIC. Thats why people should warchalk. Thats why there are two separate symbols, a closed circle for closed networks (meaning stay away) and an 'open circle' for open networks, saying go ahead and use it.
> like some wet behind the ears *kid* who's only interested in his own problems, rather than the one the company pays him to work on?
So you're suggesting I should worry about my company's problem instead of my own? Did you not understand from my post that I am unemployed? Even if I wasn't, I could give two shits about a company who is going to can me when one of the two following conditions are met:
1. There is yet another recession, or
2. I am making too much money and will be replaced for someone who they can pay less.
Why should I look out for my company when they won't look out for me. I have to keep my own and my family's well-being in mind. Admit it - there is no job security in IT. If you think I am doing something else wrong, I welcome further comments. That's how we kids learn.
Ok, the original poster is suggesting that a college student is a *kid*, and you are suggesting that a college *graduate* is not a kid.
What the difference? 0-4 years in age? At what point does someone become qualified to work in a particular position. The day after graduation? What about 6 months before graduation, or are they miraculously much more intelligent the day after graduation?
I guess I don't see the different between a "college kid" and a recent "college grad", since we all know a college degree doesn't dictate skill, just how much bullshit you are willing to put up with (work ethic).
Such users are much closer to the street and have less blocking mass between the transmitter and the street compared to a business user. These users are far less likely to change default security settings and passwords. Yet as a source of freeloading bandwidth or disguizing an attack they are very fruitfull. It is like those X10 cameras that they push to consumers, most of which someone with a few dollars of parts picked up at an electronics store can see the signal from your cameras from the street. But this is not a fact at all warned against by the hucksters pushing these devices everywhere you look.