Slashdot Mirror
Secret Service Goes War Driving
JSC writes "Looks like the Secret Service is taking a page from the WarDriving handbook. Your tax dollars at work includes springing for the Pringles can for the antenna."
← Back to Stories (view on slashdot.org)
Is there a comprehensive guide to wardriving on the net? Where can I learn to do the markings?
Wardriving honeypots?
They are planning on informing companies that they have leaky wireless networks. They aren't doing it to leach bandwidth like most wardrivers.
Being the security freak that the government is, why are they using wireless networks? That leaves them even more open to data interception and attack. The only way wireless technology could be more secure is if they came up with some cool encryption/modulation to put on the data so that it wouldn't even matter if anyone was listening or not since they wouldn't understand any of it, but you could do that with wires too, utilizing the security benefits of both. Now they get to waste money on a more expensive yet less secure system and then spend even more of it trying to make the system more secure.
I bet they paid way too much for those Pringles cans (like their $400 hammers and $600 toilet seats).
I do it. :)
Why should I care if the SS does it
Right Kyle?
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
Actually, most vendors advertise WEP as a security mechanism for these wireless networks, but as we all know, it is pretty much useless. I wonder if the writers of the article wrote the above statement knowing this fact, or if they just got lucky.
Sung To 'Be Our Guest' - or 'See my Vest' If you watch the simpsons...
Be a troll! Be a troll!
Let disruption be your goal -
Anything that you can do to draw attention to your role
Egoboo can be nice
Get your fix at any price
You can make entire newsgroups into clucking little birdcoops
Be a troll! Be a troll!
Pound their patience into coal
Tell the regulars they have no sense of flair
Insult their mothers too and their manners, pfoo!
Be a troll, be a troll, be a troll!
Make them burn, make them freeze
Sing of people scratching fleas
Snigger at the woes of others who are forced upon their knees
Stress and fear, jealous rage
Let them be your guiding gauge
Then accuse the quiet suckers all as nosy mother****ers
Don't be small, don't be tame
Show you have no sense of shame
Just enrage them til on stage the heads will roll
You love to shrill out flame, it's all a giant game
Be a troll, dig a hole, you're a troll.
Flaming dues, barbeques
Ought to wake 'em where they snooze
Don't forget to douse the fires with proof 307 booze
(song tangent) : 307 Ale my friends, 307 Ale!
The finest drink that any bar has ever had for sale!...
(ahem) Feed them slugs, feed them snails
Put their legs between their tails
And so what if you are hated cuz their nerves are really grated
When you leave, do salute
give that middle finger toot
And be proud of your achievements in your soul
For you have shown that they are evil in their way
You're a troll-l-l-l, says our poll-l-l-l, you're a troll-l-l-l!
(or, "a-ass-ho-o-o-ole!")
Warchalking PDF FAQ and check out This site
Peterson recently drove down a major Washington street and found over 20 wireless networks, many of which had no security at all. Peterson said his probes are part of good police work, like a patrolman driving through a neighborhood.
I know of someone who drove downtown in my hometown and picked up many wireless networks. This included 4 laptops with pringle can antennas. Among one of these networks he noticed the name was the state Lottery, thats right, the lottery. As he looked up, he was passing the building for the state lottery. It is interesting to see how many open wireless networks that there are in a town.
He also informed one company of the open network (he knew the network admin) and immediatly lost his ip for that network.
Is it illegal to pick up the wireless network as you drive by, if you don't do anything with it? Or is it illegal to pick it up and browse the net or both?
He is lying my horror loving brethern, for I Stephen King (aka A.C.) STILL LIIIIIIIIIIVEEEEEEEE, I LIIIIIIIIIIIIVE!!!!!
If companies want security let them hire someone to secure them and audit their security. How is this something that should come from taxes? It makes great sense to audit themselves or anything of key importance but just random wardriving sounds like a waste of $$$.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
I find it interesting that when the Secret Service goes around wardriving and alerting network owners of insecure networks it's okay, but then Joe "gray"-hat hacker does the same thing these same network owners attempt to prosecute the individual.
-IOVAR Web Dev Platform
communist!
and now I will watch a movie that I stole from the interweb, and I will enjoy it!!
Ive been wanting to make one of these for awhile now. You can find some absolutely splendiferous pictures here: http://verma.sfsu.edu/users/wireless/pringles.php
The Blade Itself
Isn't the FCC gonna be on their ass?
Im glad my tax dollars are going to someything like this. Not that they are war driving but they are using pringles cans. I mean i personally wouldn't spend my money on a nice antannea so why should the govt. spend my money on one. if a pringles can is good enough for me than its good enouh for the govt.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
A quasi-mainstream news source called warchalkers "independent security researchers." That's gotta be a first.
-a
How to rationalize theft.
Maybe this publicity will create some market for a security product to be used for wireless. A lot of companies don't realize that wireless networks allow potential hackers an easy way around a firewall, and as such, there's little demand for a product to prevent such a breach. If the SS can bring that to light with their Pringles can, maybe that will change. And maybe Pringles will get into network hardware too. That'd be ironic.
wardriving is an old practice now. I would expect the SS to have evaluated this long ago. If not, the director of SS needs to be slapped...
Yahoo! News Sun, Sep 29, 2002
Search for Advanced
Agency Probes D.C. Wireless Network
Sun Sep 29, 1:37 PM ET
By D. IAN HOPPER, AP Technology Writer
WASHINGTON (AP) - Secret Service agents are putting a high-tech twist on the idea of a cop walking the beat. Using a laptop computer and an antenna fashioned from a Pringles potato chip can, they are looking for security holes in wireless networks in the nation's capital.
The agency best known for protecting the president and chasing down counterfeiters has started addressing what it calls one of the most overlooked threats to computer networks.
"Everybody wants wireless, it's real convenient," Special Agent Wayne Peterson said. "Security has always been an afterthought."
The effort is part of a new government plan to build relationships with businesses so that they will feel more comfortable reporting hacking attempts to authorities. Recent anti-terrorism legislation gave the FBI ( news - web sites) and Secret Service joint jurisdiction over electronic crimes.
Wireless networks are cheap; a small one can start at less than $200. They make it easy for workers to wander around with their laptop or handheld computers and for visiting employees with their own computers to get on to the local office network.
These networks are becoming common in airports, universities, coffee houses, businesses, homes and even some public squares. But they are sold with no security measures, and protecting a wireless network from hackers takes more knowledge than what network installation guides typically offer.
Because of security concerns, the White House recently proposed banning some wireless networks in federal agencies. Faced with industry protests, the administration dropped the idea when it released a draft version of its cybersecurity plan this month.
That has led some independent security researchers to drive -- or even use a private plane to fly -- through cities to map networks. Those maps, which are usually posted on the Internet, show where a person can get a free Internet connection on a private network.
The Secret Service ( news - web sites) wants to let businesses know that their Internet connections and private networks might be at risk. Companies informed about security holes can reconfigure their networks to make them more secure.
Peterson's tools are a laptop, a wireless network card and one of three antennae mounted on his car. One is a small metal antenna; the second is a large, white, 2-foot-tall tube; the third is a homemade antenna made out of a Pringles can. They boost the reception of his wireless network card, allowing the agent to point them in different directions to get the best signal.
A Pringles can is ideal because of its shape -- a long tube that lets someone to point it at specific buildings -- and its aluminum inner lining. It acts like a satellite dish, collecting signals and bouncing them to the receiver, which is then wired into a laptop.
Peterson recently drove down a major Washington street and found over 20 wireless networks, many of which had no security at all. Peterson said his probes are part of good police work, like a patrolman driving through a neighborhood.
"I feel it is part of crime prevention to knock on the door," Peterson said.
The act of "wardriving," a term taken from older "wardialing" programs that called random telephone numbers looking for unlisted modems, has become so prevalent that enthusiasts are using chalk marks on streets and sidewalks to point out networks in public places.
Peterson said there has not been any reported "warchalking" in the Washington area yet, but if one was found agents would alert the network owner.
Chris McFarland, head of the Secret Service's Electronic Crimes Task Force, said his agents have begun evaluating computer security along with other concerns when they scout out a place where the president or other protected dignitary will go.
McFarland said, for example, that agents have had extensive discussions with officials at George Washington Hospital about improving its wireless network security.
While the agents plan to offer their expertise to anyone who asks, they are focusing on places most important to their mission of protecting public officials. The hospital is several blocks from the White House and treated Vice President Dick Cheney ( news - web sites) during his heart problems.
Agents also checked out computer systems at the Salt Lake City Olympics, last year's Super Bowl and the World Bank ( news - web sites) in advance of weekend protests.
"People can wreak havoc with these systems very easily," McFarland said. "It's almost like triage."
___
On the Net: Secret Service: http://www.usss.treas.gov
*munch*munch*munch**munch*munch*munch**munch*munch *munch*
n ch *munch*
n ch *munch*
"Hey Agent 423.. got any more Pringles?"
*munch*munch*munch**munch*munch*munch**munch*mu
"No, but I could sure use another Coke.."
*munch*munch*munch**munch*munch*munch**munch*mu
Stories about wardialing are popping up everywhere now. So how do you prevent unauthorized access to your wireless LAN? I have 128-bit encryption enabled. Is that enough to prevent bandwidth stealing/snooping or is there something else?
Peterson recently drove down a major Washington street and found over 20 wireless networks, many of which had no security at all. Peterson said his probes are part of good police work, like a patrolman driving through a neighborhood.
"I feel it is part of crime prevention to knock on the door," Peterson said.
So that's what port scans are, just knocking on the door, part of crime prevention, and not malicious in and of itself.
Seems to me that if there is a legitimate law enforcement use (checking for security) that is being performed by law enforcement agents, then private citizens can do it under the same pretence. Like a neighbourhood watch.
They are probably just following the war chalking marks around town.
FoundNews.com - get paid to blog.,
Why didn't you repost "College Fun" in the UC Irvine story instead?
I can't believe that Secret Service agents are being used for this when our southern border is being completely overrun!
This is total government waste, and it makes me sick. The government's job is to protect our borders, and the corporations should be in charge of securing their own networks and hiring their own wardrivers, not making joe taxpayer foot the bill.
Once upon a time, the military-government-corporate-et cetera complex had ALL the cool toys. Now, they are ripping off tricks that are widely posted by juveline nerdophiles. Now, if the government could only figure out how to clone gold, we could get out of our national debt. Best they go to the nearest MUD forum and get a crack off of some script-kiddies.
Voodoo Girl is the bomb!
All the Kidding asie. I belevie this is one of the best things The Secret Service is doing. The amount of Damage one regoue person can do be warcralking is reduced because these people are making the system admim's aware of the problem.
Another question is that What if the secret service informed a Sys Admin that his Network was "open". and he was susequently hacked is this sys admin liable for the damage caused??
A new bill to save Internet radio, HR5469, will be voted on Tuesday, October 1, by the House of Representatives. Please
send a fax to Congress to get your Representative to vote for it!
Moderators, if you care about the survival of cutting edge technology like Internet Radio, do not mod this down! Mod it up instead. Thank you.
Of course the secret service is war-driving.. Do they really want to repeat the embaressment of being caught
looking at Britney Spears websites?(lycosasia.com)
it's kind of weird because "off" has 3 letters. O-F-F, see?
In order to look into this intruging matter, I asked noted parade columnist Marilyn Vos Savant. Boy I'd like to slip it in her.
from the article: But they are sold with no security measures, and protecting a wireless network from hackers takes more knowledge than what network installation guides typically offer.
Every access point I've ever setup had simple instructions for enabling WEP. Granted, WEP isn't the end-all of wireless security, but I'll bet that the the SS's definition of "secure" and "not secure" is equivilent to "wep" or "no wep". Granted, most of the networks I see wardriving (airboxing!) have a default ssid like "linksys" or "WLAN", so I guess a lot of users probably never even attempt to configure their AP. But it certainly doesn't require "more knowledge than network installation guides typically offer".
__
Choose mnemonic identifiers. If you can't remember what mnemonic means, you've got a problem. - Larry Wall
this is just a 'look! it's wireless!" story, there's no real content. "Woo hoo seceret service agents are probing wireless networks for security holes using a antennae fashioned from a pringles can!" that is ALL of the content. Then it starts talking about wireless networks. This is really booooring.
Even if I say something insightfull or inteligent, it doens't matter cause I'm an ass.
For physical crime, you simply cannot protect yourself easily: there is no low-cost, convenient technology to protect yourself from a bullet or a fist.
But you have complete and easy control over most kinds of cyber crimes: if anything, you save money by going with the safer solution.
In different words, it looks to me like our tax dollars are making up for software deficiencies created by companies that rush products to market and by companies that install technology without understanding it.
Has Nokia accused them of piracy yet?
I have not a single time used someone elses AP for access, yet I have collected over 4300 here in the LA area... check out my picture repository: http://wardrive.eyecannon.com
works much better.
Let's get realistic about this - The SS is doing this because they can. They have a huge budget and lots of nifty toys. They're supposed to know "what's going on" around DC, so they have license to snoop around to an extent. Their basic job description probably leaves many of them plenty of free time. Someone probably read an article in Wired, and thought it was cool. That's kind of what happens when you empower virtually unaccountable branches of the government; in this dept the SS has nothing on the CIA, for example....
with 53,000 faked access points: http://www.blackalchemy.to/Projects/fakeap/fake-ap .html
after the USD5000 toilet seat the USD5000 pringle can? administration at work...
Wireless networks are cheap. really?
/patched software levels?
Like free mobile phones, the gullible and mentally feeble fail to factor in other costs over and above the initial capital outlay- like paying a sysadmin with real brains.
Insurance companies are worse - a good one should exclude policy holders who have wireless networks. If their wireless is open, any bets about thier other fixed
That is the real issue.
Like ambluance chasers, the managed security providers should tip off the insurance companies about negligent clients. The rule of thumb, is if you have a security desk in the foyer, wireless is not for you.
"...and we're here to help you." Is a phrase that ought to strike fear into anybody's heart! Dollars to doughnuts this is not the "helpful" measure it is being made out to be.
Be careful out there!
Dog is my co-pilot.
Shouldn't the System Administrator -know- whether or not his/her network is open? Or perhaps IS? It's a sad state of affairs when the people running the networks are utterly clueless to begin with. Alas, in my experiences, I see this more and more.
Peterson recently drove down a major Washington street and found over 20 wireless networks, many of which had no security at all. Peterson said his probes are part of good police work, like a patrolman driving through a neighborhood.
"I feel it is part of crime prevention to knock on the door," Peterson said.
I'll remember that when I get arrested for war driving in a few years time.
I don't think that it is their job to go around and tell people that their network is open to the public.
On the other hand, maybe the builders of these items will start including some real default security in their products.
Or maybe people will wake up and start taking some responiblity for their actions! (yeah, right...)
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
...this being done by or under the NSA? After all, this sounds exactly like what their charter calls for. I am confused as to why the SS is involved with performing these tests as it is clearly the NSA's domain. On top of all that, I'm not really sure that this is a role I want to see our goverment actively persuing.
OSHA exists to enforce safety rules. Something that companies, if left to themselves would neglect in favor of the bottom line.
Here, the secret service is basically doing free security audits of companies wireless networks -- something that companies should be doing for themselves. It's in their best interest to do so.
(Of course, you could argue that providing a safe workplace is better for the bottom line because it reduces insurance premiums. And silly intangibles like employee non-disgruntlement [er, of course I mean "employee satisfaction", not "employee non-shoot the place up with an AK-47".)
"I feel it is part of crime prevention to knock on the door," Peterson said.
No, its acting like an annoying neighbor to knock on the door. It doesn't even occur to this guy that he might just be annoying people who have open networks on purpose.
they're doing this should be obvious: they want to catch piggybackers. Unsecured wireless APs are the biggest enforcement hole they've got, so they're trying to map them. Think about it - if you're going to do something illegal on the web, what better cloak than to just be somebody else for a while. And if you are doing Bad Things from your own IP, an open wireless hub gives you plausible deniability when the SS comes to call: "must have been one of those wardrivers!"
that they are allowed to do this withthe sirens OFF. Fucking speeding cops.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
It's nice to see how well your tax dollars are at work,
as others have commented.
It's probably important to point out however, that is this by no
means the SS's first foray into matters having very little to do with
what we traditionally expect of them, nor into so-called "cyberspace."
Look here
for the article entitled "STEVE JACKSON GAMES WINS LAWSUIT AGAINST
U.S. SECRET SERVICE" on the Electronic
Frontier Foundation's Legal
Cases archive.
Alternatively, look at the summary
on the Steve Jackson Games site itself, where the answer to "Why was
SJ games raided?" is answered... "guilt by remote association".
How many of us know someone who would also fall under the "guilt
by remote association" blanket? (Have you watched the evening news
recently?)
Perhaps the moral is: Beware of men with dark clothes and sunglasses
eating commercial potato chips these days. (Their initials may be more
than just coincidental, eh?)
The only up side to this that I can see is that this incident led to
the creation of the
EFF itself.
I'm here at marist college in NY and they block p2p programs too. some can connect, but cant download. others cant connect at all. But there is one program that works. http://www.slsk.org its called soul seek and it seems to get through the network.
A friend of mine and myself wanted to start a small security business doing this. Then we heard about one guy going up to the door of a national/international health insurance company, told them about it, and was thusly arrested on the spot for "terroristic activities". How it was a terroristic activity i have no idea, but then there was the case where the guy showed the judge the same thing, and is now in a world of pain... It'd figure the government can get away with doing it, but when we turn on our laptops with wireless and windows XP, we end up in jail because microsoft made it so the thing automatically associates.
Go figure.
...this being done by or under the NSA? After all, this sounds exactly like what their charter calls for.
Actually it is precisely what their charter does not allow them to do: conduct operations within the borders of the US.
In the beginning there was data. The data was without form and
null, and darkness was upon the face of the console; and the Spirit of
IBM was moving over the face of the market. And DEC said, "Let there
be registers"; and there were registers. And DEC saw that they
carried; and DEC separated the data from the instructions. DEC called
the data Stack, and the instructions they called Code. And there was
evening and there was morning, one interrupt.
-- Rico Tudor, "The Story of Creation or, The Myth of Urk"
- this post brought to you by the Automated Last Post Generator...