Slashdot Mirror
Worldwide WarDrive Aftermath
wardriver writes "The event took place on August 31st 2002, people from around the world took part in the effort to document and make known wireless access points as a group. Some people go WarDriving everyday, so this was just like an normal day for many who attended any of the world wide events as documented on the results page. Hardware ranged from laptops, to car mounted computer systems, to handhelds all equipped with GPS devices to accurately map the spots. Cars were marked with )(WarDriver stickers and people were sporting their wardriving is not a crime t-shirts. All in all the event went well and with enough pressure and requests to chris it may happen again." And in a related story, Dr_Marvin_Monroe writes "Wardrivers be warned---- A Practical Approach to
Identifying and Tracking
Unauthorized 802.11 Cards
and Access Points includes information on locating rogue access points and intruders."
It should be known that there are cards that can "just listen" without letting themselves be known.
;)
Cisco makes the AIR-LMC350 which would be a good choice for wardrivers.
Or, not being an idiot administrator and leaving everything open helps too
Get paid to code OSS
I went for a low-tech version of this event.
Knock knock
"Anybody home?"
Try door.
"This one's locked, next house!"
Nicky nicky nine doors is fun...except for the old codger sitting on his front porch on a rocker with a shotgun full of rock salt...
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
World Series (2 teams from Canada, rest from States).
WarDriving... Cities from only the western part of North America...
Don't call it "World" if its just North America, and especially don't if its just a region of North America.
Tournament Management Online &
They interviewed a couple of guys that regularly drive around in a "pickup truck full of gear" and document access points. Apparently one of them has documented more than 400.
The best part was when they said they do it at night, so people in "affluent neighborhoods" won't mistake the cylidrical antenna for a shotgun.
If by "worldwide" they mean "a few counties in California, Canada, and bits of the midwest," then the project was an amazing success. :)
Information wants to be anthropomorphized.
An ounce of prevention shows up in the ledgers, but they never see the cost of the avoided pound of cure.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
"wardriving is not a crime t-shirts...
You got to admit that people aren't doing themselves any favours by choosing a real positive expression like "wardriving"....
I can see this must win real friends when you are explaining to companies what you are doing outside their offices. Especially in countries where vigilante groups /gangsters like cruising round in their autos. Great PR, guys :-)
(Yeah yeah I know the origin of the term but I still think it sucks.. maybe try cruising round New York on 11th September and explain to a cop that you're war driving...)
I understand that some people invite others onto their network. This is very generous (but in my opinion insane because YOU are responsible for what comes out of YOUR router), but shouldn't these people advertise that their network is open instead of people driving around trying to discover these access points? I think the concept of wardriving is interesting, but the practical ethical results of wardriving efforts seem very very few. Maybe there is some application I am missing. Feel free to enlighten me
psxndc
The emacs religion: to be saved, control excess.
Unless you think of THEFT OF SERVICE!
Sometimes I have to wonder about the real-world intelligence of these people. Sure, they probably are really bright when it comes to technology, but evolution should have taken care of the guys wearing these t-shirts long ago.
Some people go WarDriving everyday...
...and really need to get a life.
"Information wants to be paid"
Also, people have been uploading their scans to http://mapserver.zhrodague.net -- a web-based mapping package for the entire planet, and http://www.wigle.net - a java-based mapping client. Check 'em out when you get a chance.
Zhrodague.net - I do projects and stuff too.
'world' events in Europe and Asia are similarly limited ...
Got any examples? And don't say the World Cup, it has hundreds of countries including the USA.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
/.'ing a server so quickly should be a crime.
C:\>
It would seem to me that if someone wanted you on their system they would register on one of the various websites for free wireless access.
If they didn't want you then you're becoming a bother. I guess you could tell them that they were open and be helpful. I don't see anything of that angle though.
So its just "Lets see who screwed up their technology. Tee Hee." Nothing useful here.
It was named after "War Dialing." http://www.wikipedia.org/wiki/War_dialing
Port scanning also is not a crime(for now at least) but a lot of crimes are started with it. I don't blame people for getting a little paranoid.
It's like a guy swinging a baseball bat all over the place. Sure it's not illegal but he could start clobbering people whether on purpose or not. I'd probably tell him to stop swinging too.
My brother-in-law lives in California and has had all kinds of trouble since this event. Conicidence?? You start stealing service and disrupting other people's service and you just crossed the line.
The people that are just scanning and mapping could be considered accesories to the crime when other people use their info to "steal bandwidth".
If they were smart, they would get their site posted to slashdot after first making sure their 56k modem was up to withstanding a slashdot effect.
Oh, wait. Nevermind.
The many war{driving|storming|floating|biking|hiking} groups here in Europe would likely participate next time.
I just got a new laptop and I'll be getting netstumbler up and running RSN. Part two of my driving around Europe vacation is about to begin. That should provide a nice map of a few dozen cities by the end of the month.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Got any examples? And don't say the World Cup, it has hundreds of countries including the USA.
You are absolutely correct about the World Cup. Indeed, that is why soccer (football) is the one sport I enjoy watching. Football (soccer) is one of the few areas that is truly worldwide, with Africa as well represented as, say, Asia or Europe.
I'm trying to recall some of the 'world' events I saw while I was living in Germany (mostly art and music events) that represented perhaps 10 countries, out of how many hundred? In any event, a tiny slice of the world, even if the 10 countries in question were widely scattered. If you look around, I'm sure you'll see what I mean.
The Future of Human Evolution: Autonomy
Most cards have Linux drivers that allow them to be put into "RF Monitor" mode, which is completely passive. This is the default mode of operation for Kismet (http://www.kismetwireless.net/)
Supported cards include:
Prism2 with the linux-wlan-ng drivers
Orinoco cards with a slightly patched driver from http://airsnort.shmoo.net/
SOME Cisco cards. While they all happily go into RF Monitor mode when asked, SOME OF THEM KEEP BROADCASTING.
So all in all, if you *absolutely* don't want to be detected, Cisco is the least safe choice for wardriving. Orinoco is probably the best bet, even though you will have to downgrade your Orinoco firmware for compatibility (8.10 is severely broken for RFMon usage). Prism2s have the best compatibility, but are generally known for crappy receivers and most don't allow external antennas. Almost all Orinoco-based cards have much better receivers and support external antennas. The Cisco hardware is the best (100 mW transmit, not like that matters if you're trying to stay silent, some have dual MMCX jacks for diversity antennas), but you can't trust it to stay silent in RF Monitor mode.
retrorocket.o not found, launch anyway?
Comes from War Dialing - dialing every phone number in a block in an attempt to find modems. This was typically done in order to find a weak point in an organization. War Driving is a similar art.
SIG: HUP
Legal or not, there is certainly an ethical question here... not so with skateboarding. Don't sniff around other folks' networks, regardless of your intentions. No good will come of it.
My sig sucks.
Matt Jones
"The new wave is not value-added; it's garbage-subtracted" - Esther Dyson, Dec 1994
In many cases, these people go wardriving just out of curiosity.
I find it very interesting that in a short drive around my area I found 45 networks (I was NOT expecting that many, esp. since I wasn't using an external antenna), and over a third of them were factory default. (Not just unencrypted, but completely unchanged factory default units.)
I haven't actually DONE anything with those APs though.
retrorocket.o not found, launch anyway?
Note that Kismet (http://www.kismetwireless.net/ is purely passive - You NEVER associate with the AP or broadcast it to any way.
So how is that intrusion?
retrorocket.o not found, launch anyway?
As I mentioned in a previous post - Many people just do it out of curiosity to see what's out there. They never DO anything with the information except for plot it, and in mant cases, laugh at the morons who leave their APs wide-open factory-default.
retrorocket.o not found, launch anyway?
It boggles the mind that so many administrators unintentionally leave their wireless networks open and available to anyone willing to make a little effort (and some cases, no effort at all). Certainly, wardrivers who spend time attempting to access secured networks need to consider their actions carefully, but what constitutes a secured network? There are plenty of foolish administrators out there who take no measures at all to secure their networks but of those who do, and have their networks authorized by 'unauthorized' persons; what truly constitutes security? Certainly there is a level of incompetence in network security where the person gaining unauthorised access can simply claim(when acused of accessing a secured network illegally) "The network was not secured". There has to be some remedial security standard below which (assumin it would otherwise be a crime to access a particular secured network) no crime would have been committed.
--CTH
--Got Lists? | Top 95 Star Wars Line
Wardriving as peeking in someone's window is only if you are running a program to capture packets at the same time. You can run ethereal and airsnort at the same time to view the webpages people see. That would be snooping.
Looking at ssid's like like looking at housenumbers as you drive down the street. Wardriving is like seeing if there are houses in the city. Its like looking at the development of the neighborhoods. Do these people plan properly?
birdwatching is about understanding what is out there and to a degree the world around you.
When I scan for networks, I am doing just that. I can see in real time how my neighborhoods are evolving - where the technical people are, where businesses are popping up, even cafes. There's a cafe near my office whose access point is named 'Good Day Cafe'. They apparently leave it open on purpose. I first saw it from a taxi in Omotesando. For them, it's a form of cheap advertising I guess.
Lots of people (myself included) leave their access open for web browsing.
Often times, my iBook will automatically log me on to the strongest network I am near. I've noticed that I sometimes get a low IP like 192.168.0.2, which would seem to indicate that it's just me and the router - no servers to 'snoop'. Most home users seem to just use these things to get online.
Be ashamed for not knowing the difference!
Don't be such a pill.
There's a big difference between logging networks and breaking into them. At least awareness is being raised and more people that want to are securing their nets.
Cheers,
Jim
-- My Weblog.
Sorry, you can't justify your crime because they did something wrong. If you use someone's wireless network, whether they secured it or not, without their permission, it is illegal. Whether their signal is interfering with your phone or not. If their wireless equipment is FCC certified and they have it set to factory defaults they aren't doing anything wrong. If that causes interference on your wireless phone, you need to complain to the FCC and the manufacturer, not try to justify illegally using your neighbor's network.
In my universe I'm perfectly normal, it's not my fault you don't live in my universe.
Ok, Slashdotters. Time to fess up and be honest Wardriving, though harmless in and of itself, is shady business. It's the electronic equivalent of casing a store or residence in order to rob it later. I realize the vast majority of wardrivers do nothing with the info they find, and right now it's more of a fad than anything (especially for kids that fantasize about being Mad Haxorz with Big Skillz, or whatever they hell they're calling it this week), but deep down, face it. You KNOW you're up to no good. The very essence of Wardriving is LOOKING FOR VULNERABILITIES. Only two kinds of people really give a damn about this kind of information. Serious security researchers, and net scum looking to break into networks. Now, like everyone else, I'm getting damn tired of seeing my liberties slip away in new laws and regulations. But if there was half an ounce of honesty here, we'd all admit to each other that by doing stupid shit like Wardriving, we're begging the government and public to be alarmed and put further restrictions on what we do. So to you people that deface webpages, spread virii, and wardrive looking networks to break into, why don't you do us a favor and go fuck yourselves. You are why the word "hacker" evokes fear and loathing.
Life is hard, and the world is cruel
$5 / month hosted VPS on linux = awesome!
WarDriving... Cities from only the western part of North America...
... only a tiny fraction of the world community takes part (e.g. "world" art exhibitions, with all of 4 countries on 4 continents represented out of hundreds is arguably as small a slice of the world as it would be if those 4 countries were on one continent, to cite an example I witnessed more than once while living in Germany).
Don't call it "World" if its just North America, and especially don't if its just a region of North America.
So get off your butt and go do some wardriving. Nothing is stopping you, or anyone else in the world, from participating. Indeed, I suspect the organizers would be happier if more countries participated.
Perhaps it will become an annual event, with gradually more countries taking part.
BTW - Where do you draw the line for 'world?' 1 country per continent, x countries per hemisphere? Most 'world' events in Europe and Asia are similarly limited
If 10 people take part in a 'world' event and they happen to be scattered all over the globe, does that somehow add legitimacy over 10,000 people taking part, who happen to be scatterd over just one corner of it? I agree the term is often abused, but your kneejerk reaction is more than a little silly itself.
The Future of Human Evolution: Autonomy
Probably not. No one ever takes the black helicopters seriously. Why would they take wardrivers seriously?
No Zen is good zen
When the story goes live on the website, here's the link
it's not going to stop until you wise up, no it's not going to stop. so just give up.
If I can see you having sex as I ride by in a car is that my fault or yours?
If I can see you having sex as I ride by in a car provided I'm using glasses is that my fault or yours?
How about if I use a pair of binoculars?
How about a telescope?
Why wardriving are listening to telephones with a ham radio are probably both socially repugnant the flip side is that one group of people are BROADCASTING on public airwaves. If they don't want people listening to those broadcasts, maybe they shouldn't be broadcasting on a public frequency.
If you want privacy, pull the digital shades.
No Zen is good zen
I'm hoping to write some scripts of my own to scan the various MAC addresses that show up on the network I manage for 802.11 access points.
So far I haven't been able to find a list of the prefixes used by various manufacturers for their access points. I asked about this on usenet but the only replies I got were the IEEE lists of ALL MAC address prefixes, with no distinction between NICs, APs, switches, etc.
I'm sure various vendors must have compiled such a thing for their auditing tools... but it doesn't seem like there's anything available through Google just yet.
Thanks for any help you can give!
-carl
. We've got computers, we're tapping phone lines, you know that ain't allowed - Talking Heads, "Life During Wartime"
I have read a lot of snickering about idiotic network managers and know-nothing, affluent homeowners. I guess I fall into the latter category. It would be really nice if one--just one--person posting criticism might also offer a link or word of advice on how to actually secure my spiffy new wireless access point.
My router offers WEP, but a quick Google search makes me wonder if even that's enough. What can the know-nothing, affluent homeowner do that does not take six weeks of intensive reading on network security?
He looked at me and said, "Kid, we don't like your kind, and we're gonna send your fingerprints off to Washington."
g0bshiTe wrote:
> Last I heard it was not a crime to putt around
> anyones neighborhood, whether you lived there or
> not. So what, if you just happen to have a laptop
> and a wireless network device. I haven`t heard of
> anyone bieng arrested for posessing network gear.
> Unless it was stolen! Is a cop really gonna bust
> you for wardriving? I think not.
If you "putt around" the neighborhood of a single woman, living alone, especially at night, she will most likely be giving her local police department a call about a "suspicious vehicle" which appears to be canvasing the neighborhood. And when you explain to Mr. Policeman that you are "scanning for access points", you are going to be seeing some bars from the inside very shortly.
And if Mr. Policeman sees your WarDriving Tshirt, no doubt he will think you are part of a gang.
> It`ll be the old skateboarding thing, where your
> told that even though it is public property, and
> you technically can be there that what your
> doing is potentially damaging and/or disruptive.
> Who cares!
My guess is the rest of the general public who don't want to be damaged or disrupted. Well, except for the bigger skateboarding dude that runs into you and puts you in the hospital. Chances are, he won't care.
To be a responsible member of a civilized society, you have to think (and care) about the impact of your actions on others.
"What do you think Mothra would do?" - Moll, "Mosura" 1996
I am seeing a lot of confused comments in this thread, so I will throw in my $0.02.
Disclosure: I wardrive on occasion. I keep a list of access points that I find while driving. Currently in excess of 1,000 for the Portland, OR area.
1. Why wardriving? Everyone has their reasons. Mine are security related. Myself and a small group of other local wifi enthusiasts enjoy passive monitoring to identify security weaknesses. We also inform insecure node operators of the fact that their networks are wide open.
We have found a number of extremely sensitive, wide open access points operated by city and state governments, corporations, and home users. By this I mean networks that are obviously not intended to be public.
If your government has weak security on sensitive information, this can affect you directly (which means Us, the wardrivers too). So we like to notify them of the vulnerabilities and give them information on fixing the holes. Sometimes we get paid to do this.
[You will notice the results page is missing GPS coordinates. This is intentional, as there are those out there who would take advantage of unsecured networks]
This is also usefull for identifying trends and generating usefull statistics.
2. How do you really secure a wireless network? You have a few options: Basic security and high security.
Basic Security: Enable MAC ID restrictions, allowing only those cards with a specific MAC id to connect to the network. Also turn on 128bit WEP encryption. You can switch to a lesser used channel, like 1 or 11 if you wish.
Please note that this is still easily circumvented with the right tools, like AirSnort and MAC ID spoofing. Despite this, most people will find a network in this state and move on. It significantly raises the barrier to entry.
High Security: Install a VPN with very good passwords or preferably something like SecureID cryptographic tokens. This is the only way to be truly secure, where truly secure is as good as the firewall VPN combo you use at work.
No one said anything about browsing the network. They're just looking for networks ... that's all. :-)
pollution/
Why think of you feet when you can think in your head.
thank God the internet isn't a human right.
Um, getting the access is the bad thing. Criminal tresspass and all that.
- In Capitalist America, law violates YOU!
Note that the 400 access points we discovered were just during THAT evening's war-drive.
l
I war-drive for one reason--to guage the growth of wi-fi in the Northern Virginia area. It's been fascinating. Driving last year I'd pick up 20-40 access point within a few miles of my home. Now, I pick up several hundred on an hour long cruise around my town. That phenomenon keeps me going out on a monthly basis.
We visited Old Town Alexandria for this NPR event. We combined it with a "war-walk" and it's a shame they edited out that portion of the adventure. The inebriated queries regarding our yagis were an amusing portion of the un-edited mini-discs.
If you would like to see the setup that was used, visit:
http://ruff.cs.jmu.edu/~beetle/wardrive/index.htm
We used this same setup for a similar war-driving demo for the Baltimore Sun a few months back.
Beetle
Beetle
http://ruff.cs.jmu.edu/~beetle/
If you bothered to check, its called the World Series, because it was started by the World newspaper, hence the World series. If it was started by the times, it would be called the Times series.
Normally I'd say someone was ignorant but since you know about google, clearly you made no effort to confirm your assumption, so your stupid.
BTW it(wardriving) was a world event, the fact that you didn't participate is hardly the fault on North America.
The Kruger Dunning explains most post on
Brian
Remember Lexington Green!
A better example would be Aussie Rules Football except that there has never been a "World" anything and it's called "Aussie" rules.
And for the poster above, neither Ireland or Scotland have world class cricket teams. Not sure what they play in Scotland but Ireland play a game called Curling I believe. It's sort of an unusual cross between field hockey, soccer, rugby and war.
Nerd: Derogatory term typically directed at anybody with a lower Slashdot ID than you.
Yeah glad you stuck in the emoticon, I think a lot of people do get a buzz out of the 'war' association, kind of macho big dick stuff. Me, I got mugged a week ago, kicked to the ground and kicked in the head multiple times by several teenagers trying to get my bike and wallet. Ouch, not nice. More to the point if this was not nice then the whole idea of war, people trying to shoot me with guns would probably be even less pleasant. So I think I'll skip the war=cool thing... (Sort of happy ending: a woman in a house across the road came out and shouted at the kids from her window, called the police and the kids ran off. I gave chase, well limped, and a biker dood gave me a lift and we caught up with the kids and got my bike back off them. Goes to prove there are good and bad people in the world).
Or a job?
See for many of us it isn't that easy. Look at the unemployment numbers for this month and you'll see why.
Get your Unix fortune now!
If I walk by a house or business (on the sidewalk) and they have a widescreen TV in view, with the windows open, and they are playing a pay-per-view movie, and I watch it, am I a criminal?
In that scenario, you're not affecting their enjoyment of/use of/benefit-derived-from the service they are paying for.
If your neighbour is paying for a 512/1Mb/2Mb connection, and you connect to it and start downloading ISO's, then you are limiting their use of a service they're paying for.
IANAL, but I seem to remember that theft is the act of depriving the rightful owner of the use of/rights to/benefits of their property.
Information wants to be beer.
Now drive around town. Whenever you encounter an 802.11 access point, the computer will speak to you with the name of the network.
Cool...
I must remember to change my SSID to "This is the police. Pull over."
:-)
Information wants to be beer.
I've been reading all these replies to my post, and felt that I should clarify. (Maybe it's not a good idea right now, I've been up all night from insomnia) I sort of assumed that people would be eventually using these unsecured access points to get a free internet connection. I imagine there are people out there who just record where the open WAPs are. However, from what I've read in the newspapers, magazines, web, etc., I have noticed that people have been marking these spots like hoboes used to do or maybe still do. Or maybe there's a web site out there that catalogs them all. Now there's no point in doing that besides letting others know where the free access is. That results in eventual theft of service. So while just cataloging the open wireless transmissions isn't theft of service, making these spots widely known seems to me to be a bit unscrupulous, like a locksmith publishing his book of lock backdoors to the Internet. Hopefully you understand what I was getting at.