Slashdot Mirror
Warflying: San Diego
geogeek6_7 writes: "WarFlying over SanDiego reveals hundreds of WAPs, and some very interesting statistics. There is a second write up of the same adventure at the pilot's personal website. All this of course should not be confused with that 1500ft 'WarDriving' effort in Australia."
How long until someone makes a law prohibiting this sort of action?
WAP... a word that will soon be in the same category as other failed ideas that should have been shot down the instant AOL agreed to endorse it.
---
Programming is like sex... Make one mistake and support it the rest of your life.
Oh, and is this a FP?
Not really surprising. With no intervening obstacles (or even a horizon) even a weak signal in the 2 ghz range can have incredible range. It might be amusing to try this kind of thing with a big tethered balloon in an urban area.
Roving Web-Teleoperated Robot
Okay, there are a lot of wireless access points out there. Okay, many of them aren't secured very well (if at all).
So what? Why is it worth so much effort to reillustrate this point over and over again? Sure, Wardriving was a neat concept the first time someone pointed it out, but this is just more of the same thing. What's next? Wartraining? "Look, we got on these wireless LANs while riding the El in Chicago! Why the hell do we have to obsess on this over and over again? This has been overdone to the point where I'm sure we'll see a UserFriendly strip about it!
Okay, rant over. Sorry.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
this is one of the most ill-conceived ideas i've heard in a long time.
"hey, let's fly real slow (and probably quite low) over all the prominent area businesses, and see if any military jets have to be scrambled."
seriously, it's time for these people to think about taking up stamp collecting or bowling.
...over /. once again. Many here decry the government's attempts at gaining access to information through laws and other legal avenues yet you also have no problems poking your noses in other people's networks without permission or through legal means. Regardless of how open these networks might be you have no right to acces them nor use their bandwidth for your own personal enjoyment. One might get the that many /.'ers are self-centered narcissists.
has got to be a bitch.
Very interesting statistics, though. With all the SSID's left at the default name it makes you wonder if any of these AP's have been secured.
- If we aren't supposed to eat animals, then why are they made out of meat? - Steven Wright
...If these guys happened to be of Arabic origin (I don't know if they are or aren't and don't care), do you think the FBI would have been all over them like sh*t on a stick by now?
Since this was reported on ArsTechnica, the story had a focus on the coolness/tech factor, but if the story had been spun by our yellow rag mainstream media, the headline would have been something to the effect of "Hackers Use Airplane to Spy on National Information Infrastructure" or something similar...I can imagine the ramifications then.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
i hate people that do this...i really hate them...
but only because i wish i had as much free time as them.
dude.
Armed with this information, we took a few common brands of garage door opener (Genie, MultiCode, Sears, etc.) and set them to these combinations. We then hopped on our bikes and started riding around the neighborhood clicking the buttons. You wouldn't believe how many garage doors opened.
I sort of drew a parallel between unsecured WAPs and these unsecured garage doors. It was remarkably easy to do. Most people have no clue how to change the dip switches on their garage doors, just like most people have no idea how to change the default SSID, disable SSID broadcasts, and enable encryption.
Because of what I learned about the security (or lack thereof) of the typical garage door opener, I now have a much more secure Linear DX Code receiver controlling my garage, just in case some kids get the same idea I once had.
That was hilarious. Thank you.
Be wary of any facts that confirm your opinion.
Seeing as how you posted this _article_ within two minutes of the posting of this slashdot article, I think you should give credit to whomever wrote this piece. Since you are probably simply using it as a scare tactic joke (which is what it probably is, IMO, but I know nothing about this sort of thing, so someone else would have to prove him wrong) I suppose you don't care about bylines and such, but trying to pass this off as your own isn't cool.
Hedonist23
The FBI field office in San Diego has just issued the following warning:
"If you see strange symbols floating in the sky above your corporate office, this might mean your wireless networks have been targeted by hackers or terrorists. Be sure to secure you wireless networks and contact the FBI immediately."
Beauty is in the eye of the beerholder.
As a pilot I can tell you that one of the things drilled into your head, early and often during training, is the question "if the engine quits here, where are you going to land?"
At 1500' over a heavily populated area the pilot could still be in trouble with the FAA. It is technically legal, but not necessarily safe or prudent. Simply put, there is not a whole lot of options for landing at 1500', and even less over a densely populated area.
I have seen a great many tech folks at the airport who are smoking holes waiting for a place to touch down. If you consistantly treat an aicraft as a car with the z-axis, it will eventually catch up to you.
My $0.02
If brevity is the soul of wit, then how does one explain Twitter?
Try warorbiting!
(You know the feds are doing it.)
WarSkydiving?
You know you're a geek if you've ever replied to a tagline.
I was reading /.'s article about warchalking the other day and my wife asked what I was reading! This is rare as she is familiar with the slashdot masthead and has always stayed away whilst I read. Anyway, I tell her. Our resulting conversation was like this:
Wife: God, some people have way too much time.
Me: yea pretty wild huh.
Wife: Why are you grinning like that.
Me: huh? I'm not grinning.
Wife: You aren't thinking of going out to do this are you?
Me: Can't. I don't have wireless connectivity.
Wife: You've got DSL.
Me: --Edited speech about differences between dialup, dsl, wireless, 801b.11 blah blah blah.--
Wife: So you're telling me that you want to buy a laptop and walk around town with it?
Me: I didn't say that. We don't have the money anyway.
Wife: You'd do it though, wouldn't you?
Me: I dunno.
Wife: You would do it! Why the hell would you want to walk around and pry into other people computer networks.
Me: Dunno. Curiosity?
Wife: What? Curiosity. I might be curious to know why the neighbors are moaning so loud every night after letterman, but you don't see me over there with my x-10 camera laptop!
From there the discussion went downhill....
(ok moderators: Off topic, Funny, REAL LIFE)
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"First things first -- but not necessarily in that order"
-- The Doctor, "Doctor
If you'd read, you'd see that they didn't access the networks, just scanned for APs. The author specifically states that he doesn't access the networks he finds, and talks about setting up his own unsecured AP for the sake of seeing how far away he can get in a plane and still access it.
do not read this line twice.
Yep, somebody got an idea from that Australian story. No points for originality, I guess. "Hey, i can make new too!". Ho-hum. Please don't post the follow-up stories for New York, Dallas, Seattle, etc, etc...
You need a FREE iPod Nano
Since he has to get on the network to know where and what is there, he has already used the internal servers of that network.
If he didn't have permission to use that network, he has already broken federal computer crime laws.
...they flew over my apartment, so I'm probably one of those Apple access points. Oddly enough, because of the construction style of my unit (apparently Spanish Mission Faraday), I can't get a reliable signal from one end of my unit to the other. Glad I can be of service to local pilot community, though.
I've been searching for a few years for a way to get legit, reasonably priced, Internet connectivity in cockpit. There are many web sites where pilots can get nearly real time weather data. If we could connect in flight we could see radar images of storms ahead. Commercial weather avoidance devices cost tens of thousands of dollars. It's frustrating that every ground-based wireless connectivity solution just won't work at 3,000-10,000 feet. Besides many, such as cellular systems, are is illegal to use in flight.
Commercial in flight internet links like ground-based AirCell and satellite phones, cost more than $3000 for equipment with conenct rates of $2-5 per minute.
The $3,000 PDA-based AnyWhere WX shows the potential. The promised inflight access to NEXRAD will fill the bill, but most avionics makers are planning systems that are still in tens of thousands of dollars range, when a laptop or PDA will do the job.
Your average weekend pilot isn't going to sign up for a $200 month subcription for something only used for a few hours on nice weekends. (Flamers should douse the fire. Most pilots are mere mortals that made flying a priority, just like those who sink money in hot cars or the hottest gaming machines. Most aren't really rich.
It would be a godsend if 802.11b connectivity could be made to work reliably in flight. Does anybody have any ideas on which wireless technology might fill the need?
Ever dream you could fly? Get up from the Flight Sim. I Fly
In the US it is explicitly illegal to use the computer services of a system that you do not have permission to be in.
Prove it.
Did you even read the story? Or do you know anything about how 802.11b hubs work? You don't have to enter their network - they broadcast their existence like crazy. All you have to do is listen for the broadcasts. It's like determining where the phones are by listening to them ringing.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Incidentally, the "war-" prefix either comes from "wardialing" or is an acronym for "Wireless Access Reconaissance," depending on how politically-correct you feel like being.
Be who you are...and be it in style!
In the US it is explicitly illegal to use the computer services of a system that you do not have permission to be in.
I'm not sure this is true, but I'll assume it is. You should undersand that he didn't do this, not even accidentally. He didn't use any computer system other than his own laptop. You'd know that if you RTFA.
'SBEMAIL!' is better than a goat!!
note to idiot:
read the article.
It's hardly illegal. If you read the article you'll see that the IP stack on the laptop was disabled, so no communications were actually sent. I could go around looking at jewlery in stores, which someone might steal, but there's a big difference between that and stealing the jewelry. You honestly don't belive that just because something might be used for an illegal purpose that it should be illegal, do you? If so, how long have you been working for the RIAA?
...what so cool in this waring? If they are really looking for networks that want to be found, would not it be easier to just create a service using which you can broadcast your location, description, coverage and other details. I quess I am missing something, but I don't see anything fancy in driving, flying, walking or swimming around in search of some spectrum. Is it just because everyone is still astonished about the fact that you can transfer bytes over air too ?
Is it the same to detect a system as to use it? If this were the case, anyone using a port-scanner, traffic sniffer, or even PING could be called a criminal. He didn't make use of the networks, just pointed out that they existed.
He also disclaimed his posting of the map, in that the locations marked are those of the plane as it detected the access points, not any indication of where the point itself exists. This is hardly an assist to others in breaking the law.
Any spoon would be too big.
When you own the land that your house or office sits on, the stuff on that land is yours. With owning the land, you also own the land "beneath" you and the air space above your house. How long will it take for someone to take this up in a court saying its illegel to steal the network "above" your property? just my $.02
"an eye for an eye only makes the whole world blind"
Yeah but if you published a map of these stores, and in any way hinted which ones were less secure? PLease.
First - I think these guys did an excellent job - and made a nice contribution by publishing their article w/pictures hosted etc...
My issue - is that the security problems are IMHO vastly overstated. I've worked at two companies with WAPs - and those were outside of our corporate/internal firewall.
If someone wanted to work over the WAPs, they would use them like a home DSL line, and simply VPN in. No security problem there.
As for private home users, and even some small businesses (as both my parents run offices with non-secured WAPs) - the security risk is only as great as the value of their data, divided by the cost to get to it. If any of you want to (i) find, and (ii) hack my father's office's legacy Dos-based auto/office management software, than by all means - we've been in need of a windows compatable update!!! (hehe).
But seriously - what use would you have for your neighbor's email or home document/resume, etc... and would you really go thru the trouble of hacking a next-door Pentium running WinXP? I think it's far more likely to be the sploits' of a script/trojan than an individual.
All good companies will have seperate VLANs (or equivalent) running different things - i.e. the WAP should be firewall'd like the rest of the net etc...
Not to mention - anyone can be hacked over the internet, even with firewalls, but to use WAPs, you have to be within the range - typically 1/4km. Do you have the time/car/laptop/battery life to drive to your 'enemy' or soccer-mom's house and hack the encryptions? (yes I can spell - watch some more southpark).
BR
nuff said.
Did the pilot mark the areas with skywriting?
The above post is an editorial, the poster cannot and will not be held responsible for all or in part for it's contents
Lots of inanimate objects are considered by many in the US to be evil moral agents. For instance: guns.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
What's the big deal?
Well, if I had a new klez worm varient to unleash, what better way to introduce it to the world than jumping on some poor sap's low security WAN?
Crack attempts, spam, kiddie porn, whatever. Any internet activity that people avoid for fear of being traced down can be easily, safely pulled off by leeching off of some poor sap's WAN.
I'm glad to see geeks making a fuss about a glaring security hole like this. The more fuss, the more press, the more dummies with LinkSys wireless routers start securing their connections.
--
How about doing something like this from low earth orbit? But I have a funny feeling that the band would be so crowded you might be lucky to get anything usefull...
"I bow to no man" - Riddick
Nothing illegal about this or wardriving. However, if you take it to step 2, which is wep cracking or attempting to join the network, then you are in the same boat as walking into an office and plugging in and nosing around. Netstumbler Forums has more info on this, but as you will read most of the people there do this strictly for the fun of it and do not promote accessing other people's networks.
We learned that when houses were put up for sale, most of the realtors set the dip switches in the garage door openers to a few easy combinations: on,off,on,off,on,etc...
When I was a kid we had a better way... we removed the dip switch in the transmitter, and replaced it with a binary counter (available at Radio Shack). Then we would drive the counter with an oscillator, and like magic it could run through all the combinations in a few seconds.
Something similar occured when I was a little kid, a few months after we got our garage door opener.
:)
Our neighbor, seeing ours and talking to my dad about it, decided to go out and buy/install one.
As to my dad: To his credit, he modified the resistors. (No DIPs, you had to clip resistors here) But he only clipped one.
Neighbor did the same thing when he installed his - He clipped just one.
Well, we hit that 1 in 7 chance of picking the same resistor. All of a sudden, our neighbor's garage door opened on him. So he walked to the garage, and hit his button.
Ours went up, his closed. My dad walks out. Eventually, they're both standing there and figure out what happened.
Both of em' clipped a second resistor and made sure not to clip the same one this time.
retrorocket.o not found, launch anyway?
What this means is that you can use a radio that you have an FCC license for, or an unlicensed radio that is allowed in aircraft. (Example: Amateur radio gear and 802.11 equipment.)
You STILL can't use your cellular phone, because the FCC does not allow cell phones to be used more than a certain (very low) altitude AGL, because the phone suddenly gets LOS to multiple towers, which will cause interference with those towers. (At best case, each tower will see your signal and consider you a user and work around you - Still, that means that instead of using up 1 users' worth of capacity on one tower (the way the system capacities are designed), you will use up 1 users' worth of capacity on numerous towers.
Note in the article how much improvement there was in range when he was 1500 feet up - This is EXACTLY why cell phones are illegal in the air. Not because they interfere with flight systems, but because they interfere with cell phones on the ground.
retrorocket.o not found, launch anyway?
You extremely overstate your qualifications. A mos of 33q10 is a very low level commo mos. Chances are, if you are indeed a 33q, you are a private to spec4 in the army - and damn sure are not qualified to make these statements. NSA trained my ass.
I can't help but feel I have been trolled....
ymmv
From what I read, though, they did not specify which ones were insecure. They only specified that most were set to their default SSID (of which, if you're reading slashdot, you have a higher than average chance of realizing that "certain SSID" = "certain manufacturer default SSID"). Even so, doesn't mean that the specific access point doesn't have WEP or MAC restrictions turned on (again, per the article.)
Karnal
Funny you mention Realtors setting garage door combos on houses for sale -- in my neighborhood a house went for sale, and I went on the tour on Sunday afternoon. I saw a Linksys 802.11b box in the window, plugged in to a DSL connection and turned on. I tried accesing it from my house and it was open.
There was basically no furniture in the house, so I assumed the occupants had just left it on while they moved out, but your post makes me wonder:
Is there some secret society of Realtors who turn off WEP encryption on 802.11 boxes in unoccupied houses for sale, just like they do with garage door openers, so the realtors can all use their laptops when they are at the house?
As I understand it one of the first generation of car alarms could be adjusted bu turning a small dial (after removing the cover). Apparently walking down the road with your finger on the button and turning the dial with a small screwdriver was quite efficient
--
God loves you - whether you like it or not
The weathers here - Wish you were beautiful
Proved
Combine this law, with the liberal dollar amounts figured by the one state school where the guy got sued for SETI or whatever he put on the computers, and you are a federal felon.
Especially with the inclusion of paragraph b, the attempt to break anything in a is also illegal. Doing it, or attempting it are indistinguishable.
I appreciate all the concern about my readin abilities, but I did read the main article linked, and it didn't delve into the finer technical aspects. I will also point out that the windows machine he was using isn't limited to IP traffic, so not having the IP stack installed is irrelevant to whether he intruded on the network.
You might be perfectly comfortable stating that WarStomper, or whatever the name of the program was didn't try to otherwise communicate with the network, but I haven't looked at the source.
If it did simply listen to public airwaves, then I stand corrected.
At the biggest urban areas, the airspace is Class B around the main airport (shaped like an upsidedown 3 or 4 tiered wedding cake) and to fly VFR without being in contact with ATC you have to stay as low as 1000-1500' AGL at the areas adjacent to where the Class B airspace goes down to the surface. This is generally where the most interesting-to-a-warflyer stuff is on the ground.
Ok, you're right. My bad for taking the slashdot blurb at face value. I should know better than to rely on it for an accurate assesment of the linked story.
You need a FREE iPod Nano
I can be on a MS network without an IP stack enabled. I can communicate with my ethernet card, and I assume a WiFi card without an IP stack.
I don't get your point, and no it isn't in the main (first) article linked.
And if there was network communication (which I am more than willing to admit there wasn't now), it would most certainly be illegal.
I did some searching. The earliest copy I can find of this message is August 17, 2002 a.k.a. www.FriendsOfLiberty.com, submitted by the user account "Anonymous" there.
hmmm.. I've seen alot of script kiddies get in shit for port-scanning, you might want to rethink your argument.
I've got an access point at home - no WEP - so what? The hassle of setting it up and the fact that the rate goes down is too much of a bother. And I don't care if someone uses my internet link, and if they try to hack my linux box - good luck!
At work we use VPN's so WEP is enabled purely to prevent unrestricted access to the internet via our T1.
If folks are running a work AP without using VPN's and not using WEP then they are vunrable but other than that - give me a break. Besides, isn't the whole idea of this hobo war-chalking thing to get free wifi access to the net?
Cliff
There's one little diamond there in a residential area that's almost certainly my WAP. I think I may have even noticed the plane go by, as we don't get that many low-flying civil aircraft in this area due to its proximity to the military and commercial air traffic. How interesting. 'Scuze me while I go pull the power cord out of the Linksys.
Five years ago, with our rental car, at Disneyworld. I got the door
opened and then noticed that the sweater in the back seat wasn't ours.
We took a closer look and realized this was somebody else's car. We
looked around some more and found our car. It was the same model
and color.
One last detail, this car didn't have a RF key to open the door, I had
used a regular key to open the door.
I guess this particular automaker allows a key combination to be used
for more than one car.
-cmh
That could be an alternative name to "warflying". I can see where "warstorming" comes from (think "barnstorming").
However, why are we using full-size planes for this? A serious model plane could do the job as well, if done right. Tightly strap in an IPaq and a small GPS, padded, with an external antenna on the Orinoco card. Add MiniStumbler, some gas, and go.
Even better, with some custom software on the IPaq, and assuming you stay in range of your AP, there may be a chance of real-time telemetry. Add a camera card and spy on your neighbours... no, now I'm just getting silly!
(this is not a
WarKayaking