Slashdot Mirror
Wardriving Worries Residents
sphynx99 writes "This article describes how residents of an upscale neighborhood in Arizona are worried about wardriving, a "new method of privacy intrusion and identity theft". Nothing to worry about, though; "The Scottsdale Police Department plans to create a cyber-crimes unit next year."
Scottsdale residents are concerned people are looking into their homes when their blinds are open. Police plan to start a blind closing service.
finally some one sees this as a real problem. For now the best solution (the one I also use) is to secure your network.
Maybe I am in the minority but I see stealing bandwidth, the same way as stealing movies off line, it seams like you hurt no one, but you are still stealing, no amount of justifying is going to change that
Heaven forbid they setup their networks properly and save taxpayers thousands upon thousands of dollars. Why be responsible when you can just whine to the government?
I wish they'd just save everyone a lot of hassle and RTFM...
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
purely passive wardriving is NOT a crime.
now connecting to their access point and using their internet/network for whatever... that might be, i am not a lawyer, so i cannot say. what i do know is that RF signals are not owned, for if they were i could sue for criminal trespass when the other guy's signals cross my property.
Instead of wasting tax payers' money, they should just use wired lans.
Why should the poor pay taxes to subsidize all these extra expenditure made for the sake of those who are wealthy?
I'm talking about those in the bottom of the scrap heap here. Those who don't even have computers, Joe Sixpacks.. like.. Homer!
Now, why would Homer have to pay more taxes so that Burns can have a safe wireless lan?
Those people who buy a wireless router should pay for a tax at time of purchase!
Online backup with Mozy, sounds like Ozzie, but more!
So on what basis are the residents reporting incidents? Or is it just upscale residents reporting scruffy people in beat up cars? (which is not necessarily a bad thing)
That's very interesting. I would like to see a comparison between the cost of the proposed cyber crimes division and the cost of sending high school nerds house to house to show these fools how to enable WAP/WEP encryption keys, MAC address filtering, and other proper precautions that most people are too lazy to read the instructions about, but concerned enough to perpetually bitch over. For real people, what the hell? If I knew I was living in a high crime area, I wouldn't leave home with the doors and windows wide open and then pretend that my ineptitude isn't at least part of the reason I was robbed clean. I also wouldn't recommend starting another bureaucracy who is responsible for cleaning up a mess that is easier to prevent in the first place.
Maybe they could actually set up their access points properly. It's not hard. Even WEP is far from trivial for a wardriver to get past- they'd have to camp out and wait for "weak" packets...except for certain specific AP's that have faulty WEP key generation. The owner's manuals now cover turning on WEP/WPA quite nicely, have for years, and most of the glaring problems have been fixed long ago as well.
What's next, people complaining about all the crime in their neighborhood but not locking their goddamn front doors? Oh...check.
Please help metamoderate.
residents of an upscale neighborhood in Arizona are worried about wardriving
Geeks living in that area should consider advertising their services. Improving computer security and making money while doing it sounds like win-win situation to me.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
This is not police business, this is the resposibility of Joe and Martha computer owner to ensure that their network is secure.
A quick look at the Scottsdale yellow pages reveals a great many business that offers such a service... and the costs would not be large.
To think that the concern is coming from "residents of an upscale neighborhood" is especially humourous.. or bothersome, depending on how you look at it. I'm betting that they are spending big $$$ securing their homes.. but would balk at paying a tech to secure their computer/ network. This is NOT police business. Period.
I support either much higher taxes on gated commuties, or the removal of publicly funded services for them. Why should my taxes contribute to things like roads and grounds keeping for a plot of land that I'm not even allowed to be on?
If wardriving is a crime, how are people supposed to know which AP is the place offering free wifi and which is an ignorant home user? (other than the ESSID, which if the home user knows how to change, will probably be able to prevent it in the first place)
This seems to me to be another case of the naive shifting responsibility to others...
My dog ate my sig
While the article is absolutely informative in a panic-causing sort of way, they're a little off on their history.
http://en.wikipedia.org/wiki/Wardialing
While Wargames popularized the practice (among geeks anyway) it was not the origin of it.
What the Scottsdale PD should be doing is creating a program that helps the citizens setup their home network security. Give classes that teach people how to turn on WEP, how to use a firewall, etc.
A community service, for sure. And since it's offered by the local PD, it would make the average user realize how important it is...
-ch
you can get access into any gated community with an access code beginning with "911" ("9110", "91100", etc.)
:)
if "privatized" = "stupid" then you're right
"Once they're on your network, they can take their time attempting to hack into your computer and steal information," he said. "It's nearly impossible to find them, unless you see them sitting in their car outside."
Yes, it's so impossible to look out in front of one's house! Whatever will we do?
Really, I see how this can be a problem. But, that was possibly the worst way of detailing why it is one.
Why bother creating a cyber-crimes unit for Scottsdale when for a fraction of the price they could hire some out of work coders to put together a secure your wi-fi community education program? Hell, enlist Mr. Anderson's 8th grade comp sci class for that matter. It would cost a lot less and put idle hands to work. The geeks could go war driving and stop at every house with an open access point. Problem solved. Oops, I forgot... gotta bulk up that standing army a bit more...
There's no way the HOA in a stuck-up neighborhood like that one would let them do that.
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
In all cases, including "wardriving", there is no legitimate reason to collect the information or listen in. It's none of your goddamn business.
That's an opinion, not a fact.
the law is not based on whether or not they think their little "hobby" should be legal or not- it's based on decades of case law.
Certainly; but the law, in a roundabout manner, is a representation of what the people deem acceptable behaviour. Therefore, what the law should be is very germane for discussion. To argue otherwise is to run the risk of identifying currently-legal behaviour with 'good', and currently-illegal behaviour with 'bad'. While I'll agree that there is often an overlap between the two, that is never wholly the case. Consider the Jim Crow laws; backed up by decades of precedent, and wrong to the very last,
To base legal advice on what the law should be is dumb; to criticize those who air an opinion regarding what the law should be is even dumber.
Tubal-Cain smokes the white owl.
WEP is still alot better than running a completely unsecured wireless network "out-of-the-box". If they took that simple precaution they could probably detur most wardrivers because they'd rather keep looking for an unsecured network than dick around with breaking WEP.
I fail to see what exactly they are going to arrest or prosecute people for.
This is a radio transciever operating completely within legal regulations.
If you don't want me to listen to your router's packets, don't transmit them.
If you don't want you router to respond to my 'specially crafted' transmissions, then tell it to ignore me.
Of course, it's far more complex than that, but current law does not seem to apply to this on the surface. It may apply to your actions once you are using their resources, but only marginally.
-Adam
1. It's the end-users responsibility to know what the hell they're plugging in and what the necessary safety steps are. 2. The more we involve the Government in compensating for our ignorance by laziness, the more they WILL get involved. 3. In general, the more the Governement (at any level) gets involved, the worse the problem will get. 4. Most PDs do not have CyberCrimes divisions. I don't say this out of generalized ignorance, I've actually researched it. Of those that do have CyberCrimes divisions, those staffing it are mostly incompetant. This isn't by their own doing. Typically they are ex patrolman and detectives who knew enough to be labled and expert and thus get appointed to these units. There isn't enough training or budget for them to even think about staying on top of things. This goes all the way up the food chain into the Fed Law Enforcement arena. Until you get into organizations such as NSA and DIA (which are primarily doing research) there is a complete and utter lack of talent. The two exceptions to this that I have seen (and I'm sure there are others) are the FBI's computer forensics guys and the RCMP Cyber Crimes guys. 5. Police are reactionary by their very nature...as they should be. Again, they are there to enforce laws. The only time laws need enforcement is when someone is or is trying to break them. When police get into proactive activities they are pulled away from their real purpose (DARE, Public Relations by Officers, etc). While the idea of a completely reactionary police force isn't a popular one, it is in fact the only effective one. Just my experience based two cents. ER
My roommate from freshman year worked at a local restaurant and was arrested by the FBI for stealing credits card numbers and using them to buy stuff online. I guess they would call that 'warwaiting.' I don't see them doing anything about the increasing threat of 'warwaiting.'
Ironic quote of the day: "If ignorance is bliss, then wipe the smile off my face." -Rage Against the Machine
Wow...imagine if the article said that they had done this...inside a gated community.
Fact of the matter is that gated communities without a guard stationed there offer little extra security. It will help stop the casual opportunistic theft, but does nothing against people who are interested in getting in. People just tailgate in or rely on the same mechanism that the school busses, garbage trucks and other utilties use.
If I'm standing outside and I use the light from your porch to see something, am I stealing from you?
/bin/fortune | slashdotsig.sh
I don't live in Stonegate, I live in a nice apartment building. From my apartment, I can see 2 or 3 other networks. I don't broadcast my SSID, use WEP, and have MAC filtering enabled so I'm not too worried about it.
It's easy for us geeks to shout from the rooftops to just lock it down, but we are dealing with people who think putting a key inside a fake rock is a safe way of not getting locked out of their home. I am surrounded by Joe Sixpacks and Barbi Braindeads. They have no clue and no amount of education is going to fix it.
Here is an idea -- provide a USB port on the access point and configure them with a random WEP key, no SSID broadcast, and MAC filtering at the factory. Then take a USB key fob to the access point, automagically download the SSID and WEP key, and take it to each PC. The PC can install the SSID and the key, and then download their MAC. Take the fob back to the lan and plug it in to finish configure the MAC filtering. No fuss, no bother, no skills involved.
There, problem solved. No computer can connect until it's done, and the system is delivered secure. Leave the web configuration utilitiy so if someone want's to turn it off to deliver free access they have a choice. That will take skills, or at least someone who can RTFM.
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
its whether the communication is conducted via a method the user has a "reasonable expectation of privacy" using
That's a standard that the existance of the concept of wardriving shoots a nice big hole through...
A wide-open 802.11x access point can be seen as an open invitation onto that network. Afterall, there are many public places that intentionally set their networks to be wide open in order to encurage use by visitors/customers.
The lack of intent doesn't have much to do with it... if you set up a wide open network, you're giving an internationally recognized signal. One should know the customs of what they're dealing with lest they unintetionally make such a signal.
I think that eventually I'll set up firewall rules such that people without a VPN key will be able to websurf at very low rates, which should keep people from fucking with my wireless network entirely. As it is, I have it set up such that only VPN connections are allowed so no one can use it anyway. Unless they find a hole in netfilter that's exploitable with a default-drop rule and few inbound connections allowed, which is not impossible, or they find a hole in the VPN software, I'm pretty much immune to anything other than someone using my connection for something naughty.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
You need a few gigabytes of packets to crack WEP. The way most people use their wireless networks I wouldn't worry too much. Also, if you change your WEP once a week (or more often if you use it extensively) you are pretty much safe.
The only risk you have is your neighbour (no sane person will wait for a gig outside your house).
MAC-filtering can also be effective, although you could still suffer a DoS attack from someone who has cracked your WEP, but that's just a friendly remainder to change your WEP.
Of course, the best would be to use WPA[2] combined with a logon service like NoCatAuth, where you effectively kill all routing unless they authenticate.
For Joe Schmoe WEP suffices.
Ponder how you might feel if you were a Regular Joe using your WiFi equipment. You read the confusing literature and try your best to secure your WiFi network. But you're not exactly sure if you go it right. Now you find out that there are people out there lurking around in your neighborhood whose sole purpose is to look for unsecure networks and... and you don't know what, but you're not exactly excited to find out what these wardrivers are going to do once they've gained access.
Will they gain access to your network? Maybe, mabye not. But it makes you nervous because unlike most Slashdot readers, technology is not your life. You're just doing your best with the stuff you bought at the local ComputerShack.
In many ways it is like using Windows. You try your best to secure it against malware and spam, yet the stuff still gets in. You've read the manuals and you do your best, but this stuff that was supposed to be easy is not only a pain in the ass, it now can potentially screw with your life.
The worst part is that the Internet is now so tightly intertwined with most people's lives that to do without it is a major inconvenience. True, nobody is forcing you to use WiFi, but you want convenience, and you don't want to be victimized by people who for all you know could have serious malicious intent. You don't know who these wardrivers are, but you do know that they drive around snooping for open networks. Now tell me honestly, if someone were driving around your neighborhood snooping for open telephone lines, and you had no idea whether your telephone line was secure or not, wouldn't be a bit nervous?
Bashing on regular computer users perpetuates the stereotype that technically-savvy computer geeks are elitist snobs who take every opportunity to trumpet their intellectual superiority while taking advantage of the less technically-inclined.
Read the EFF's Fair Use FAQ
You can easily crack the WEP key in under an hour these days. All ARP packets are 40 bytes (and nothing else is), so all you have to do is wait for one of those, then inject it back into the network. New replies will be generated, and you'll have more data for key-cracking. Repeat 1000 times a second, and enjoy your new AP :)
My other car is first.
Yes, but if Joe Driver decides to drive in front of your house with your open network, and connects to it for internet access, just a simple google query, nothing illegal, nothing questionable, no packet sniffing, it isn't really eavesdropping. PLUS WiFi networks are not covered as Telephone communications, and thus are not covered by the regulations that I cannot listen to them. I can listen to them just as legally as I can listen to HAM bands, Police bands, or the FM radio in my car.
Video Production Support
...we disagree with the trial court's reasoning that the cordless telephone conversations were not private because of the ease of their interception. Such reasoning would erode the right to privacy as technology advanced to create simpler ways to intercept private communications of all types. ... "[f]undamental rights should not be sacrificed on the altar of advancing technology."...we do not believe that Joanne Stone's use of a cordless telephone clearly and unequivocally waived her privacy rights. The ... testimony indicated that Joanne believed her cordless telephone conversations to be just as private as if she had used a corded land-line telephone. ...Joanne Stone was conducting a conversation on a telephone in the privacy of her own home. Pavlik did not unintentionally or accidentally pick up Joanne Stone's conversations on the scanner, but targeted and intentionally monitored Joanne Stone's conversations with the scanner. The fact that it was easy for him to do so is irrelevant. The type of conduct that occurred in the ...case is exactly the type of conduct the eavesdropping statute was intended to discourage, and which we will not condone.
We're looking for terrorists!
:-)
[pause while cybercrime squad relaxes]
D'ya know of any we could join?
<G/D/R> (-: Grin/Drive/Rapidly
Got time? Spend some of it coding or testing
You misunderstand the grandparent -- all he's saying is that enabling WEP, even if the key is "password", is an unequivocal signal that the public is not welcome to connect.
Wardrivers should respect that.
But an AP with no WEP or MAC filtering, and SSID broadcast on, looks like an invitation to use. This is reinforced by precedent: I know of multiple AP's around town configured like this intentionally by their owners for public use.
Actually I beg to differ, manuals these days are written for fuckin morons.
.PDF manuals on CD are worthless. They are not writing documentation for geeks any more, it is all targetted at Joe Average, and if he's not willing to read through literally 3 - 5 pages of setup, screw him I'll go wardriving myself.
Have you bought a Linksys, Dlink or Netgear product recently? If you did or plan to, RTFM, and you'll see that they offer next to no technical information any more.
Even their included
I had a neighbor who I cut his wifi because he was so freakin' paranoid about someone warjamming his connection from the sidewalk. Anyway, this guy is gone, hasn't been able to get a job etc etc... thus, had to vacate his loft. sorry to see a guy with 15 years admin experience... but there's a limit to how much good intentioned paranoia can be tolerated in a corporate atmosphere. So while he was in a sense right... he was flat out wrong. And it cost him his livelyhood.
... say a year or two from now. But his appproach seemed to me to be a major "WTF", even with WEP and MacAddressed access combined, all they could do is warjam. So who gives a rats ass. The spammers as always will be looking for easy targets. Who'd want to collect a gig of data from some dude in downtown SF to hack his wifi AND manage to clone a mac address? I mean he had a lesser DSL connection than me!!! Sure more machines, but still.. every admin should be paranoid, but not too paranoid to be able to live with reality.
I hung out with him frequently because me and him got along. When he aboned his wifi and went back to ethernet. I asled him what that was about. He mentioned that he was unable to "absolutely secure his wifi network". My rhetoric to him was "Why the %^&** would someone want to sit out on the sidewalk and warjam your wifi? I mean.. what do you matter and why would anyone give a %^&%?". His answer? "The spammers man... they're everywhere and will take whatever they can get. And I run windows here as well as Red Hat". Right answer but wrong again. Sure, we'll be seeing that in says to come, wardriving for network access to attack and then spam
but why when the war driver can drive another block and deal with the next unsecured access point? Using WEP is the same as using the club. Sure, you don't protect a Ferrari with it. However for most people, they throw the club on because the theif will move on to the next car. So if you're a bank or something, yeah, WEP sux. However for most home users (which TFA was about BTW), WEP is MORE than adequate.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I find it hilarious that if a know-nothing computer user buys a network card, plugs it in to their computer, accidentally connects to the "default" network, they are actually guilty of tresspassing...
I can just imagine it now. COPS, the TV show, filming police officers pulling over a suspicious vehciles driving around an upperclass neighborhood. They approach the car and find two males, one's holding a laptop. They start yelling "close the fucking laptop" and the two men freeze in terror. One guy unwittingly opens his door and starts moving when one of the officers pulls him out and tackles him to the ground. "Your pasty white ass is going to jail, boy!" The other man quickly surrenders as the other officer rushes the car. Back-up arrives. The two distraught men are man-handled as they are shoved into the hood of the police cruiser. One officer turns to the camera. "Yeah, these wardrivers. A real menance to society. We're just doing our job--taking criminals off the street."
> In all cases, including "wardriving", there is no > legitimate reason to collect the information or
> listen in. It's none of your goddamn business.
I operate a bunch of 802.11b 2.4ghz access points in my area ( somewhere in the order of 6 ), a couple of connections commercially but mostly for employees / acquaintances of our company with an assortment of antennas and gear.
We also operate a fair bit of Trango gear in the 5.3Ghz and 5.8Ghz spectrums, the fundamentals are the same.
Scoping out who is running networks and where they are pointing and roughly what EIRP they run is absolutely essential to ensure that I don't stomp on other peoples networks and that I run my own networks in channels that receive the least interferance.
I am completely uninterested in the data that crosses other peoples networks, and I am not defending people who are into snooping the _traffic_. But from a RF point of view, this is absolutely my business, as this is the only way that you can be a 'good citizen' in unlicenced spectrum.
I am a lawyer and this constitutes legal advice and I shall indemnify you against any losses arising from taking it.
Not sure about US law (or realy even the local ones) but they tend to distinguish between stuff the owner has / has not attempted to secure.
ie if the doors and windows are locked, and you bypass them to get in, it is break-and-enter, but if the door is not locked, it's different.
Turning on WEP could be seen as locking the door - if you are determined to get in it won't really stop you, but it is illegal to enter because the owner has tried to stop you/informed you they do not want you to get in.
You should be able to setup your network so that your MAC's get full priority, all others can use your leftover bandwidth. NoCatAuth should be able to hand this. Throw in a firewall and a wondershaper so their downloads don't crush your ACK's and you have something that makes everybody happy, except maybe your provider.
Consumer WAP's should operate in this mode by default with a nice wizard to help people set it up securely and easily. Cringely would probably argue you should get a penny per megabyte they transfer.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Just think, people don't really know how to fix their own cars, but they know enough to know what sorts of problems might crop up, and more importantly, enough to do what needs to be done to maintain their cars reasonably well within the limits of what they, as nonexperts, can do. The only reason people know this is that there has been a culture passed from one person to the next of this kind of practical knowledge. Maybe some geeks should do their part to help disseminate the (frankly not very extensive) knowledge necessary to secure home wireless networks.
Shop as usual. And avoid panic buying.
If the damned fools would at least be intelligent enough to even change their access point's passwords that'd be a significant help right there. I had to deal with this stupidity the other evening in my own apartment building.
____ _______
Duty now for the future!
IANAL But I disagree, if the person is monitoring your electronic communications thats clearly in violation of federal wiretapping laws, if however if they are using an OPEN ap (ie no security just find and connect) and there is no warning or banner to NOT use it, they have a reasonable expectation that this AP is there for public use and their use of it is certainly NOT illegal.
I post my wireless research here. http://mb.citiwireless.com/
If you liked what I had to say, please show you appreciation by making a contribution to the FreeNet project.
http://freenet.sourceforge.net/
Have Fun,
-Steve
Huhhhh, I said marriage. http://www.archive.org/search.php?query=marriage%2 0AND%20mediatype%3Amovies
have i been accosted due to my wardriving (walking) exploits...by some fatass who warned me that the neighbors around here "didn't like people walking around at night"...
Why bother locking your front door? I can just come along and kick it off its hinges. What's the point of locks?
I'd say the judge made it perfectly clear that eavesdropping on private conversations (as Jane Doe understands them) remains illegal even when new technology makes it easy. The Geek is not above the law.
Typically, post here are full of smarmy comments from geeks and techs and poseurs who may understand machines but don't have a clue about how their own species operates.
Here's the scoop: If someone's Internet connection is insecure, they will blame you -- the techies -- for not making it secure. Everytime someone starts to preach about "stupid users" getting what they deserve because they aren't running the right firewall or using some software du jour, those "stupid users" are hearing techies recommend cumbersome technical remedies for problems caused by techie failures in the first place.
People want this stuff to be secure when they plug it in. If it isn't, it's your fault, 'cause you make the stuff.
Wireless is insecure. That's not the users' fault. It's your fault. First one to make it secure makes a billion dollars.
-- Slashdot: When Public Access TV Says "No"
It doesn't quote residents who are upset that someone is using their WiFi without asking.
The whole issue would probably be moot if they had just set up encryption in the first place. People need to be educated on this. I'm not sure how much of a part the wireless makers are taking, I don't remember much in the documentation, it should be on the "quick start" pages, but it usually isn't.
I don't know about anyone else, but I like to be able to pick up a good signal where ever I am... in fact, I leave a node open just for folks passing by. Hey, see it, use it, respect it, and it'll always be there!
"Once they're on your network, they can take their time attempting to hack into your computer and steal information," he said. "It's nearly impossible to find them, unless you see them sitting in their car outside."
It's impossible to see, unless you open your eyes!