Slashdot Mirror
FBI Warns Companies About Wireless Warchalking
nobilid writes: "Well-meaning wireless activists have caught the attention of the U.S. Federal Bureau of Investigation. One of its agents has issued a warning about the popular practice of using chalk marks to show the location of wireless networks."
The FBI is not saying that setting up free wireless networks is a bad thing. They're warning companies that run WLANs to check for warchalking around their buildings and check their LANs for security. This is what they should be doing, but considering how many idiot admins there are out there, they need the FBI to give them security advice.
Typical.
to install M$ patches for well known exploits, what are the chances that they'll take the additional effort to lockdown their wireless networks, then modify all their client PC's?
They will only do this after they've been 0wN3d. As per usual.
you don't, but the companies do.
Most would probably think that those marks were either a) gang related or b) random garbage.
"The FBI is now telling companies that, if they see the chalk marks outside their offices, they should check the security of wireless networks and ensure they remain closed to outsiders. "
Hey, how about you do this even if you DONT see chalk marks?
Don't Tread on Me
At least the FBI are warning the companies and not arresting the warchalkers.
Well maybe that's because warchalking isn't ILLEGAL... All they're doing is walking around with a laptop and noting when someone else is broadcasting networking signals in an area. It's against federal law to attack the computers on that network, or misuse their bandwidth to mess with other people's computers, but putting a chalk mark on a wall to signify that the schmucks inside need to tighten their security is probably the least destructive thing they could do to them. It's like publicly announcing a security hole in a Microsoft product, except they do so by taping a notice to the door of Microsoft's front lobby. Sure, it's public so anyone can read it, but the number of people who pass by it is very small (compared to putting this info on a web page like another poster mentioned), and most of those people are are very likely to be the Microsoft employees themselves...
Because this isn't the point of warchalking. Most warchalkers - and I made the first ever warchalking mark - use them to mark out their own open nodes, for the sake of others using them. I've seen many many warchalking marks around London, and none of them is for an unintentionally available network.
The FBI's whole premise is bollocks, and you shouldn't assume that because it's possible to mark up a wlan that isn't yours that people actually do.
Have you ever TRIED telling someone that you're not employed by that they have security issues? (If you're an employee, it's still a hard enough issue sometimes, depending on politics).
I had a friend who had a friend who ran a webshop, with everything running NT. We benignly poked around for all of about 90 seconds probing for 2 known NT holes (had been known about for over a year at that point) and found the entire database for a local HR company completely exposed via the web (SQL Server 7 I believe it was). Repeated phone calls and emails to that shop went unnoticed. Notifying the HR company that their data was exposed and that they should notify their webshop resulted in threats of lawsuits and other less legal retaliatory measures for 'hacking', 'breaking in', etc.
Walking in to someone's house through their open front door is seen as bad, even if you're simply trying to tell them that their door is open and they should close/lock it because of burglars. Hell, you might even be a master locksmith, but they'll probably still call the police.
It's just not that easy to tell the network owners they are vulnerable. You may very well face 'hacking' charges.
creation science book
Maybe I'm crazy, but every single article I've ever read about warchalking has implied to me that the purpose of warchalking was to break into networks not owned by you. This includes articles both by people for and by people against the practice. I have never heard of using warchalking in order to tell people about an intentionally accessible network.
In fact, to me, that makes absolutely no sense. Why not just put up a flyer? Why use obscure chalk marks on the wall that can wash away? The only benefit that warchalking marks have over a flyer is that most people won't recognize them. The only reason that you wouldn't want people to recognize the marks is if you don't want the people running the network to realize that it is open.
Might I also add that if you did "invent" warchalking, you chose just about the worst name possible. Every technical person I know who has heard that word immediately associates it with the term "wardialing". Wardialing is not a benevolent act, and in fact, is about as rude and hostile as possible. Perhaps you need to think a little more about these things next time around, and perhaps you need to talk to the people out there warchalking, because I've never been given any impression by their words and actions excepting that all they want is a free ride on a network that isn't theirs to play with.
-[Blaine]- "'Oh dear,' says God, 'I hadn't thought of that,' and promptly vanishes in a puff of logic."
No no no. you've got it all wrong. The reason people should be warchalking is to mark OPEN nodes. Nodes that belong to groups like Personal Telco Project in Portland, OR, or Seattle Wireless, or Austin Wireless. These nodes are MEANT to be used for FREE by the PUBLIC. Thats why people should warchalk. Thats why there are two separate symbols, a closed circle for closed networks (meaning stay away) and an 'open circle' for open networks, saying go ahead and use it.