Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured

avatar4d writes "Networkworld is reporting about a warballooning operation (similar to wardriving) that was disallowed by the management at the Riviera Hotel in Las Vegas, but was covertly launched anyway. The team found approximately 370 networks, and about a third of those were unsecured. In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"

i hate you all

[blhack]

Will everybody please STFU about securing your wifi..

Cracking their wep when I'm on the road and without my gear is a pain in the ass!

Re:i hate you all

[uassholes]

A lot of businesses provide unsecured wifi deliberately. Who gives a fuck.

From TFA

Something less bellicose might not have caught anyone's attention.

A better word than bellicose would be childish.

Re:i hate you all

If people don't want others on their network, that's their prerogative. Joking aside, you should welcome that they secure their networks instead of leaving them open and suing unsuspecting piggybackers. I will agree with you though that it is a tad disappointing to be in an area where there are plenty access points but they're all locked down.

Re:i hate you all

Yes, ours is "unsecured". It gets you to a DNS which answers only one query and an "internet" where the only thing that you can send to is an IPSEC VPN server. Much good may it do you. DefCon should concentrate on real security (is IPSEC as good as OpenVPN or does it's over-compexity make it more vulnerable) and not messing around with pretending to secure your wireless with WEP/WPA and all the other hop by hop garbage.

Re:i hate you all

[MrNaz]

More to the point about finding unsuspecting piggybackers, I don't see how it should be expected that the law should get involved to quickly unless a serious crime has been committed. I find this particularly alarming:

In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'

So they'd prefer if the police stopped and strip search everyone doing something they considered suspicious? What kind of hackers are they if they think authority needs to always get up close and personal with anyone doing anything remotely out of the ordinary.

It's a good thing that the police had a look, could see that a crime wasn't being committed, and decided to continue looking for something worthy of their time, not a bad thing as the absurd summary seems to suggest.

Re:i hate you all

Why does everybody jump on that? The article is a statement of fact. The police came by and looked, the hackers waved at them, the police waved back. Where's the criticism? It could just as well mean that the authors were delighted and found it commendable that the police did not make a fuss about an innocent site survey. Give the police some credit. Maybe they're not "trusting" but exhibiting good situational awareness?

Re:i hate you all

[jimmyhat3939]

My thing is i don't understand why people don't just make unsecured wifi routers that firewall one user from another. That way, you can get on the internet from it, but it's much harder to hack others on the same segment.

Re:i hate you all

[Restil]

The summary only mentioned the police drive by, not the hotel's assertion that police concern was a primary factor in disallowing the balloon launch, which is what makes the complete lack of concern at the end ironic, and therefore worth mentioning. Nobody's talking about unwarranted strip searches.

-Restil

Re:i hate you all

[RiotingPacifist]

wtf? how the fuck do you firewall one computer connected wirelessly from a 2nd connected wirelessly with the ability to spoof the router?

Re:i hate you all

[billcopc]

What kind of hackers are they

Gee, I dunno, the kind of hackers that foolishly draw attention to themselves by performing mindless attention-whoring activities at Defcon ?

Defcon itself is a big pathetic joke. It's really just a bunch of overgrown kids talking about various acts of fraud and abuse, while launching cowardly attacks at anyone not in the in-crowd. They make the 2600 con look like a goddamned Mensa party.

Re:i hate you all

But but but!! The cops are bad!!

Re:i hate you all

[icebike]

It could just as well mean that the authors were delighted and found it commendable that the police did not make a fuss about an innocent site survey.

If you read it that way, English must be a second language for you. It was CLEARLY disparaging of the police, tauntingly so.

That you mistake it for gleeful respect suggests a very naive outlook.

Re:i hate you all

[icebike]

Easy. Don't allow traffic between any IPs behind the router, other than TO the router itself.

This is trivial with Iptables.

That would force users behind the router to connect via its external NIC to talk to each other, and that can be filtered easily as well.

You can't really spoof a machine on your own subnet.

Re:i hate you all

[cjb658]

Yet curiously, many exploits in OSS software seem to be found during the beginning of August.

Re:i hate you all

[hesaigo999ca]

Nice , very sweet, will have to test that on my own at home!

Re:i hate you all

[icebike]

I use shorewall for this, by the way. http://www.shorewall.net/

Re:i hate you all

Yes, ours is "unsecured". It gets you to a DNS which answers only one query and an "internet" where the only thing that you can send to is an IPSEC VPN server. Much good may it do you. DefCon should concentrate on real security (is IPSEC as good as OpenVPN or does it's over-compexity make it more vulnerable) and not messing around with pretending to secure your wireless with WEP/WPA and all the other hop by hop garbage.

Except the packets traveling through the air would be unencrypted... it might not be possible to get connectivity to your network but it's possible to look at what everyone's doing on it

Networks on The Strip

[superj711]

I don't believe this a good test of "security" since the majority of the hotels on the Strip have multiple unsecure Wifi networks for their guests. You have to go to a launch page first before you're even allowed access, sometimes entering a code.

Re:Networks on The Strip

[ghoti]

Exactly. 1/3 is actually a pretty good number, and shows that the casinos are taking security seriously. Plus, I wonder how many networks they didn't even see because they weren't broadcasting their SSIDs. This whole thing seems to be much more about doing something cool and making a lot of noise than any kind of serious analysis.

Re:Networks on The Strip

[Fulcrum+of+Evil]

Broadcasting your SSID is only relevant if you have no traffic. If you have traffic, your SSId shows up anyway.

Re:Networks on The Strip

Even if you don't "broadcast the SSID", that just means you're broadcasting an empty SSID: the beacons are still there and contain all information which is necessary to uniquely identify your access point and tell if it's encrypted and how. So yes, of course those networks are going to show up in their stats.

Re:Networks on The Strip

[espiesp]

As somebody that currently lives a block away from the Luxor and Mandalay Bay, I can accurately say that you don't have to drive far from the strip to find a very high density of wireless access points, with approximately this ratio of secured to unsecured points. Within reach of the confines of my condo I have a buffet of wide open AP.

Take the strip out of the equasion and I think it's still valid.

Re:Networks on The Strip

[dfn_deux]

Thanks for this, I have repeated this comment hundreds of times to various people setting up their networks and yet they still seem to think that setting the essid as "hidden" is providing some small extra security, when in fact it only obscures your network for legitimate users, since anyone sniffing for a networks will see it regardless of whether you have it set to broadcast or not.

Re:Networks on The Strip

[ghoti]

Interesting, I didn't know that. Still, the Las Vegas Strip is one hotel after the other, they're all bound to have open WiFi for their guests. If this was in a residential area or a business park without any hotels around, 1/3 unsecured would be a completely different matter.

Re:Networks on The Strip

[geekymachoman]

Depends with what software they have been 'sniffing'.

SSID is broadcasted in 802.11 beacon frame, along with some other stuff.

So if you turn off the SSID broadcasting, you'r removing the SSID info from the body of beacon packet, so regardless you have traffic or no, your AP is gonna show up (without ssid so you will not know the name of ap) in something more advanced then netstubmler. Kismet for example.

This has nothing to do with traffic amount.

Re:Networks on The Strip

[drtsystems]

even in a residential area its not that big of a deal to have unsecured wifi. Its no different than locking yours doors. I live in a fairly safe neighborhood so I don't worry about locking my car a lot of the time. Just like I don't bother having security on my Access point because when my friends come over its a pain in the ass to remember the key and have them enter it. Sure its not the best idea, but its not like its some horrible thing either. Some people aren't paranoid. PS... Posted anonymously because i don't want you creapers on the internet to come to my house and hack all my computers and steal stuff out of my car

Re:Networks on The Strip

[cjb658]

I don't believe this a good test of "security" since the majority of the hotels on the Strip have multiple unsecure Wifi networks for their guests. You have to go to a launch page first before you're even allowed access, sometimes entering a code.

I was at DEFCON and stayed at Circus Circus. In about 30 seconds, I cloned someone else's MAC address and was on their WiFi. Also I could have pulled up Wireshark and seen all their traffic (see: Wall of Sheep).

Re:Networks on The Strip

[cjb658]

Thanks for this, I have repeated this comment hundreds of times to various people setting up their networks and yet they still seem to think that setting the essid as "hidden" is providing some small extra security, when in fact it only obscures your network for legitimate users, since anyone sniffing for a networks will see it regardless of whether you have it set to broadcast or not.

Worse, when your clients can't see the cloaked SSID, they send probes for it that include the SSID. If it's an obscure one, you can just go to Wigle and find out where that AP is. A bit of a privacy problem, if you don't want random people to know where you live, especially if you're out of town.

Re:Networks on The Strip

[BLKMGK]

They used Kismet, they see you broadcast or not by looking at the existing traffic. The summary is crap BTW. Rick and crew weren't happy about the cops because they had been told that the police would be "looking for them". Seems that naming the project "warballooning" might not have been a good idea! This was primarily to demonstrate the ability to scan\see networks from a long standoff distance.

The secure\unsecure figures weren't even mentioned in the talk and were brought up only after *I* shouted a question from the back of the crowd to highlight it. I know Rick and knew the answer before I asked.

Secure vs insecure wasn't the point of this - Rick didn't even save off packets. He specifically used a commandline on the drone to avoid saving data.

Tony on the other hand with his BGP redirect - now THAT was wild and he had gigs of packets! (lol)

FWIW - Rick has also surveyed with a rocket (in farm country) and done automated triangulation of APs using his boat on a lake. He likes to tinker with wireless and this was interesting like the others. Folks get way too stupid and serious about these articles.

Re:Networks on The Strip

[BLKMGK]

He surveyed something like a 7.5mile radius - the strip was a small part of his survey. BTW, here at Caesers the sign in page that asks for room and last name isn't even SSL unless YOU manually switch it. Insecure? Oh hell yes!

Re:Networks on The Strip

[BLKMGK]

Really? So if I'm say 3 miles away with a directional cantenna you don't mind me hopping on your network and hacking say a bank? Downloading music and movies? Kiddie porn? Is it REALLY no big deal to you? If you want a pain in the ass leave that sucker open.....

Re:Networks on The Strip

I am one of the top wardrivers in the world. I assure you that a minimally competent wardriver will find your AP without SSID, whether you have traffic or not.

Re:Networks on The Strip

[I'm+not+really+here]

Posted Anonymously, Mr. drtsystems?

Re:Networks on The Strip

[I'm+not+really+here]

Sorry to double post, but I also wanted to point out that you can simply choose to use a Pre-Shared Key... how hard is it to create a unique password that you can remember? You don't need a 16 digit HEX code... just a "strong" password that you enter on someone's machine when they first hit your network. Usually, you don't even have to enter it the next time they stop by.

So let's get this straight

[yourpusher]

If the police flip out over something we do, they're overreacting idiots that don't understand technology.

But if the police don't flip out over something we do, they're underreacting idiots who aren't keeping us safe.

Mmkay.

Re:So let's get this straight

[OverlordQ]

If your UID wasn't so slow I'd have to say "Welcome to Slashdot, you must be new here", but now I'm rather stumped on what to say.

Re:So let's get this straight

I can see your point however I do not expect everyone will so allow me to preemptively provide a WHOOOOoooosh for those who are incapable of perceiving contradictions.

Re:So let's get this straight

[lukas84]

Police should only employ top specialists in every topic there is, so they can make a judgment on of any situation on site.

That way, when somebody lies on the street and needs a heart transplant, the police can help him on-site. No special equipment needed, a chewing gum and a swiss army knife will do th etrick.

Re:So let's get this straight

[jd]

You make a good point, however I guess I would ask why any rational society would expect just those two modes of operation. Neither seems that useful. Wouldn't it be more logical to expect either the police to come over and say hi, or to take a note of the registration and car details (not necessarily visibly)? A standard social engineering technique used time immemorial has been to look as though you should be somewhere. Only an idiot looks suspicious, and it's not the idiots who should concern the police the most.

In the first case, it's basic community policing 101. You don't prevent crime by looking intimidating, you prevent crime by being aware of what's happening and understanding why. The second option also works on the premise of being aware, but looks for standard social engineering practices and patterns, rather than cause-and-effect.

In neither case is flipping out a productive or useful method. It doesn't help you recognize where or when problems are likely to occur, and only helps you catch the more dysfunctional criminals who are likely causing the least of the social headaches. However, it is by far the most common method used, because it's easy. Catching competent criminals is much harder, much more expensive, and gives a police department a worse score on offenses dealt with.

Re:So let's get this straight

[Pictish+Prince]

If people weren't overspecialized by the public stupefaction system police actually would be able to deal correctly with a larger number of situations. However, this is not in the interests of those who want a stupid, brutal police state.

Re:So let's get this straight

We are talking about Las Vegas here and as it was mentioned in the article a casino had made a complaint to the police. So one has to wonder if the old addage "what happens in Vegas, stays in Vegas" still holds true. Or if they or the police might receive "an offer they can't refuse".

Have to wonder how close the attendees at this conference are being watched and if any slot machines have been hacked yet. Lots to play with in Vegas, especially for those willing to take the risks, both the known and unknown.

Re:So let's get this straight

[Drakonik]

A standard social engineering technique used time immemorial has been to look as though you should be somewhere.

Quoted for truth. Several of my teachers told my class that if we wanted to, we could just wander around the school instead of going to classes, as long as we looked like we were on an errand. I'm not sure whether I should think that it's cool that I could get past authority figures by simply acting like I know that I belong, or whether I should be scared that someone who knows how to act like they belong somewhere can generally get access to that place.

Re:So let's get this straight

I think its more likely that the local police know that Defcon is attended by law enforcement officials from local to international jurisdictions, intelligence analysts and operatives, the press, professional and academic security researchers, various *Hats, and finally your slightly anti-social hacker geeks. That makes its difficult for the local police to know who they can bust without suffering any career-ending consequences.

Re:So let's get this straight

[Otter]

Wouldn't it be more logical to expect either the police to come over and say hi, or to take a note of the registration and car details (not necessarily visibly)?

Indeed one might, but it would certainly result in the "overreacting idiots that don't understand technology" hysteria here that the OP suggests.

Re:So let's get this straight

[NFN_NLN]

"'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"

The police probably one-up'd these nerds.

Popo 1: What the fudge, those guys are launching some sort of balloon, let's check it out.
Nerds: I smell bacon, let's wave to them in unison at... .5 Hz, synchronize now.
Popo 2: Wait, wtf. Is that an albino convention... no wait they're all wearing 'Defcon' T's and khaki's. Let's get out of here before they start asking us about the number of joules my tazer outputs. Speaking of which, it just finished charging and I thought I saw a crack head down that last alley. Just wave back and let's get the hell out of here.
Popo 1: I'm with you number two, switching to yellow alert, engines full reverse, Hahahaha.

Re:So let's get this straight

[Jarjarthejedi]

Asking for perfection isn't a bad thing, expecting it is.

In this case, however, I don't see how the officer did anything wrong. A bunch of kids (effectively, you know how geeks get when they're doing something marginally legal with technology) hanging out in a field with a balloon...what are you going to do? I'd say they responded properly, driving in to check it out (probably called in), realizing it wasn't anything important, and making the people aware that they were there before leaving.

Re:So let's get this straight

[sumdumass]

When I was in school, and I'm hoping your talking about high school and not colledge, but we had hall passes. Restroom passes were wood things made of different shapes so if you were on the wrong floor or in a difference corridor it was easily noticed. If you were going to get something from your locker or for the teacher of whatever, you had a hand written hall pass on a off shade of yellow paper and you were asked for it if you were seen by a monitor or another teacher going somewhere between classes. It was actually quite difficult to skip class and get away with it on school grounds. There were a few ways to do it but not many.

That was 15 years ago when we still had a gun club at school and had trap and skeet competitions. A lot of things have changes since then, some of which might be because of the changes. Of course the guns and ammo were locked up, and you didn't have either until you were in a stall or lane with about 15 rules that could end your participation if you failed to follow them. I can see getting rid of programs like that if they were to stop watching students.

Re:So let's get this straight

[sumdumass]

With the Dash cams and video recording in police cars nowadays, as well as the license plate recognition systems that locate a license plate and automatically runs it through the computer, it is possible that they had already "take a note of the registration and car details" and such.

If nothing came back with a flag on it, then they would have had a recording of whoever was there at that time if something happened. A little detective work after that could get anyone's identity and make sure something was done or followed up on if a law was broken or something and reported later.

Re:So let's get this straight

Then why post?

Re:So let's get this straight

If your UID wasn't so slow I'd have to say "Welcome to Slashdot, you must be new here", but now I'm rather stumped on what to say.

Yea, slow UID's are terrible.

That's why I supercharged mine.

Re:So let's get this straight

I myself did this many many times in Primary School whenever I felt like skipping a class.

Re:So let's get this straight

[MacJedi]

Wow, 6 digit UIDs are considered (s)low now?

Re:So let's get this straight

[OverlordQ]

Compared to the 1.2mil+ uid's, yea I'd consider ~100k low.

Re:So let's get this straight

[Mr.+DOS]

Sorry, but last time I checked, there was only one MacGyver ;)

      --- Mr. DOS

Re:So let's get this straight

[fm6]

You're reading too much into that bit about the patrol car. Somebody saw the balloon, freaked, hit 911, meaning the cops had to check it out. They did, and quickly decided it was no big deal. Happens a lot.

Some artists I know in San Francisco decided to have some fun with colored chalk and a sidewalk. Nothing illegal about this, but somebody called 911 to report that terrorists were marking targets on the local gas mains. So these guys are chalking away, and a patrol car pulls up. Cop leans out of the car, inspects the artwork, and asks "You guys terrorists?" He's assured that they're not, drives away. No big deal, though I suppose it's just as well that nobody thought to call the FBI.

Re:So let's get this straight

[fm6]

Well, if 3-digit users like you aren't gonna participate (6 posts a year!), somebody has to play Village Elder.

Re:So let's get this straight

No it's if the police inquire and THEN flip out over something we do, they're overreacting idiots that don't understand technology.

But if the police don't inquire over something we do, they're underreacting idiots who aren't keeping us safe.

Re:So let's get this straight

Exactly! What were they doing that could be considered illegal? Well other than trespassing if the property owner decided to be annoying.

Otherwise, there's no problem. Unless people think everyone in public doing something out of the ordinary should be treated like a threat to national security. And if that's the case, then we have ceased to live in a free country.

Re:So let's get this straight

[icebike]

To sat nothing of the interests of people who just want freedom in their everyday lives.

Re:So let's get this straight

[BLKMGK]

welll the project WAS named "warballooning" which apparently freaked someone. The police were supposedly "looking out for them" - for what infraction I dunno'. But to be really fair - they were lofting an igloo cooler like 7 miles from the local airport on one BIG ass balloon. So yeah, if I was a cop I'd have asked WTF just to make sure they weren't going to drift some C4 and nails towards the strip. Afterwards note their info and move on.

Honestly the cops probably didn't need a 911 call to want to go check this out. Dealerships loft balloons JUST like this to draw attention so duh I guess it worked for Rick too! Really, this was no big deal but it did make their hearts go faster after having been "warned". They had FAA approval and were outside the 5mile limit anyway with a balloon of spec dimensions - they weren't stupid about this. People really spining this all out of shape.

Re:So let's get this straight

[T3Tech]

I think I would too, seeing how my other UID is ~1mil less than this one and that makes it what, over 5 years old. I really can't remember when I got it, but I know it was quite a while after I started lurking that I finally decided to get an account.

Re:So let's get this straight

[aug24]

Low only by six-digitters' standards.

Personally I find that the three and four-digitters are getting pretty slow now...

Justin.

Re:So let's get this straight

[k_187]

That happens with age.

Re:So let's get this straight

[bughunter]

"Slow" id users get so many mod points, they don't need to post. Someone else usually posts essentially what we were gonna say, and we mostly just mod those folks up.

Mostly.

Re:So let's get this straight

[fm6]

I thought the point of posting was to share your opinions, not get mod points. Are mod points redeemable for valuable gifts or something?

Re:So let's get this straight

Popo 1: Check it out, those geeks the hotel called about are still playing with their balloon.
Popo 2: Hey the one guy's waving at us, let's mess with them.
Popo 1: Nah, we've got a couple crackheads behind the Rio and one of them is foaming at the mouth.
Nerds: (waving) Heyaaaaa does anybody smell bacon? I definitely detect a pork product of some kind.
Popo 2: Right. I just sent the license plate and a couple of photos over to the data center, these guys are pretty clean. Just some geeks attending that security conference.
Popo 1: Just to be safe, I'm gonna have the Black Van park around the corner. Those guys can monitor what they're doing and call us in if they're doing anything illegal.
Popo 2: Good call. I don't get why these kids think we were born yesterday. But hell, makes our jobs easier.

Re:So let's get this straight

[MacJedi]

Your point is well taken.

RSS aggregation has mostly eliminated the need for sites like /., at least to me. It just doesn't have the monopoly on tech news and commentary that it used to. All the big names used to post here. Maybe some still do?

I'm happy to see that the comment system has gotten more high-tech, at least! :)

Anyway, don't worry too much about my lack of recent activity. I used to post here entirely too often...

Re:So let's get this straight

[fm6]

Well, Slashdot has an RSS feed too. But I never use it, because I value Slashdot more as a discussion site. As a news site, it sucks pretty totally.

The Police just waved?

[Meshach]

What else would the Police do with that situation? Is what the people were doing illegal?

Re:The Police just waved?

[hoofinasia]

I don't care how big the parking lot, crowd, or equipment...
Geeks with balloons are not scary.

Re:The Police just waved?

[JustinOpinion]

Agreed. The statement in the summary "...the project managed to show how trusting the local law enforcement agencies really were..." infuriates me. Police are not supposed to be harassing people left and right, trying to uncover illegal or just unsanctioned activities. The police were friendly, waved, and didn't bother to investigate something that by all rights did not look overtly illegal. They acted appropriately.

I would much prefer that law enforcement err on the side of trust and friendliness. This probably means that some fraction of illegal actions will go undetected and unpunished (note that only a small fraction of those illegal actions are truly dangerous and unethical)... but that is the 'price' of freedom.

Again, I applaud the police for not flipping out when they see people engaging in activities that they don't exactly understand (but for which there is no evidence of illegal action).

Re:The Police just waved?

[Angelwrath]

Let's also remember to mention that:

A. These people were not committing crimes.
B. The cop most likely wouldn't have the foggiest idea what they were doing.
C. Police on the street aren't the ones that track down cyber criminals, that's handled by other organizations.

Re:The Police just waved?

[aiken_d]

But I thought everything that wasn't compulsory was forbidden? Surely floating a balloon isn't compulsory, is it?

Re:The Police just waved?

But I thought everything that wasn't compulsory was forbidden? Surely floating a balloon isn't compulsory, is it?

It is only compulsory at the beginning of armed conflict.

Re:The Police just waved?

[HiggsBison]

The police were friendly, waved, and didn't bother to investigate something that by all rights did not look overtly illegal.

Anywhere else in the world it could look like a school science experiment. In Vegas, especially during Defcon, it should be assumed to be a novel approach to gaming a casino.

Re:The Police just waved?

Riiiiight.

Even if that were true, it is up to the hotel security to contact the police. I sincerely doubt the hotel wants the police harassing all its guests. Especially considering the marketing and unique events hotels/casinos use to attract guests.

Re:The Police just waved?

[Cheesebisquit]

Agreed. This sort of overcriticism, of assuming everyone should be omnipotent and world class experts at everything they do, is so common in the media and in many peoples way of thinking. Life is hard enough! Let's give each other a break from time to time.

Re:The Police just waved?

[Svartormr]

But what if its a low-altitude test of an orbital mind control laser?!?

Re:The Police just waved?

[apparently]

I don't care how big the parking lot, crowd, or equipment... Geeks with balloons are not scary.

I disagree.

Re:The Police just waved?

[jannesha]

Serve the public trust, protect the innocent, uphold the law.

--robocop.

Re:The Police just waved?

Well if the police didn't know what the group of people were doing, wouldn't the best cause of action have been engaging with the citizens/public, ask questions and get educated or at least exchange a few friendly words (given that they had the time) ?

That would surely have made the hackers have a better impression of the police and it would have helped the police to learn something new =)

Re:The Police just waved?

[ShakaUVM]

>>The police were friendly, waved, and didn't bother to investigate something that by all rights did not look overtly illegal. They acted appropriately.

Seriously.

I mean, as much as Slashdot complains about police brutality and how America is a police state and related nonsense, shouldn't it be celebrating a reasonable police action? They cruise by, check it out, see nothing obviously illegal going on, wave, and leave.

WTF, why the hate?

Re:The Police just waved?

[HiggsBison]

Hmmm. Yes. On reconsideration, I suppose it is the responsibility of the Las Vegas constabulary to be tolerant of all manner of wacky tourists, and the casino's private security to be nutso paranoid about anything odd happening near their particular racket.

Re:The Police just waved?

[DerekLyons]

In Vegas, especially during Defcon, it should be assumed to be a novel approach to gaming a casino.

Which is the responsibility of the casino's security and management and the gaming commission - not the Las Vegas Police.

Only 1/3?

[superid]

Last weekend I made a quick 5 mile drive and found 105 systems in my average residential neighborhood. 46 were unsecured. About 25 were running WEP.

Re:Only 1/3?

[chunk08]

I live in a very small farming town. I can pick up 3 networks from my house, there are 5 in town. Mine is the only secure one (WPA2). Try to explain it to anyone else and they'll say "Why shouldn't my neighbors get on my network?"

Re:Only 1/3?

[remahl]

Which, incidentally, is the same that Bruce Schneier says. Go figure.

Re:Only 1/3?

[Zadaz]

I don't even have to go outside to get a large number of samples. From where I sit (in downtown San Francisco) I get 47 wireless networks, 4 of them are unencrypted. (and of those I know two require log-ins.) Or 8.5% are open.

All of this is anecdotal. When I visit my family in Rural Middleparts 100% of the wireless networks are open (1 of 1). Meanwhile in Tokyo something close to 5% or more of networks are open. If it's that high, it's impossible to find a place to connect there because everyone has data plans from their phone company.

I'd love to see some research that shows by area the level of openness and quality of encryption.

Re:Only 1/3?

[RabidMoose]

I have to wonder how many of these "unsecured" networks are setup with MAC address filtering. My home network looks unsecured at first glance, but try getting it to hand out an IP address without being on the whitelist.

Re:Only 1/3?

[anagama]

I'm not sure if you are making a joke, so just in case you aren't, I'll point out that MAC address filtering is no security at all. Your laptop is transmitting it's MAC as part of the regular wifi transmissions so sniffing it out of the air is trivial with Kismet or Kismac. Spoofing a MAC address is trivial on Linux and Windows machines, a bit more involved to make your OS X Leaopard system able to spoof but not rocket science, and apparently trivial with "spoofmac" on Tiger.

Here's an overview:

http://www.irongeek.com/i.php?page=security/changemac

For Linux, if you just want a random MAC to make yourself even more anonymous:
http://www.alobbs.com/macchanger

Similar software exists for windows (google "windows macchanger")

Re:Only 1/3?

[zn0k]

Spoofing a MAC address is trivial on Linux and Windows machines, a bit more involved to make your OS X Leaopard system able to spoof but not rocket science, and apparently trivial with "spoofmac" on Tiger.

bash-3.2$ uname -a
Darwin Laptop.local 9.4.0 Darwin Kernel Version 9.4.0: Mon Jun 9 19:36:17 PDT 2008; root:xnu-1228.5.20~1/RELEASE_PPC Power Macintosh
bash-3.2$ ifconfig en0|grep ether
        ether 00:11:24:d5:57:9e
bash-3.2$ sudo ifconfig en0 ether aa:bb:cc:dd:ee:ff
Password:
bash-3.2$ ifconfig en0|grep ether
        ether aa:bb:cc:dd:ee:ff

It's trivial on OS X (Leopard and Tiger), too.

Re:Only 1/3?

[anagama]

You're right -- I have the 9.3.0 PPC kernel and it worked fine on wired and wireless. I was under the mistaken impression you had to patch the kernel to get it to work. Maybe that was old info.

Re:Only 1/3?

[RabidMoose]

I wasn't entirely serious. Encryption is obviously needed to prevent any sniffers from grabbing and spoofing a MAC, but I would honestly like for somebody to spoof a MAC and get onto my network. That would mean there's at least one other person in my apartment complex that knows what they're doing, and possibly a new friend. And as long as they're not from the **AA, I've got nothing to hide, and pleanty to share.

Re:Only 1/3?

[YrWrstNtmr]

and they'll say "Why shouldn't my neighbors get on my network?"

I trust my neighbors (mostly).
I trust their kids somewhat less.
I trust their kids' friends not at all.

Re:Only 1/3?

[BLAG-blast]

Who cares? My wifi is unsecured, I live in a big City. Providing people don't use up too much bandwidth, I don't care and I'm happy to share my connection for free. One time somebody got abusive with the bandwidth, so I changed the network name asking them to stop. And they stopped. Neat, eh!

Re:Only 1/3?

[cjb658]

I live in a very small farming town. I can pick up 3 networks from my house, there are 5 in town. Mine is the only secure one (WPA2). Try to explain it to anyone else and they'll say "Why shouldn't my neighbors get on my network?"

I leave mine open for that very reason. I monitor it and haven't seen anything other than casual web browsing. And in a small town, where everyone knows everyone else, it's even less likely someone will use their AP for evil.

If I was running a bank or something that needed more security, I wouldn't leave it open, though.

Re:Only 1/3?

Even if you spoof your MAC address, you still have to be one on the filtered list to get in. There are 16^12 = 281474976710656 combinations of possible MAC addresses.

I would guess that on the MAC-filtered home network, there would be an average of about 2 computers per network. I bid you good luck in being on of the 2/281474976710656 MACs possible. You can rotate spoof your MAC, but be prepared to sit around for awhile...

Hence, MAC filtering is NOT useless... QED.

Re:Only 1/3?

[BLKMGK]

Really? All I have to do is wait for your MAC to get transmitted and I have it. I then send a deauth packet to your card, bumping it off the network, and then authenticate myself. Ooops, you are now wondering WTF :-) There's nothing random about the MAC I'd choose....

Re:Only 1/3?

[BLKMGK]

Pretty sure that the crypto will not hide your MAC. I belive, but am not sure, that it's primarily the data portion that is encrypted. I will see your SSID and I believe MAC just fine even with encryption turned on...

Re:Only 1/3?

[jabithew]

I would tend to worry more about *what* they were doing with my connection. Open wifi networks would seem a gift to anyone wanting to pursue illicit activities online.

I suppose you could store router logs or block illegal websites, but it sounds like a lot of effort compared to only letting trusted machines on in the first place.

Re:Only 1/3?

[BLAG-blast]

I suppose you could store router logs or block illegal websites....

Or not, and be perfectly ok. Why would I care if people are pursuing illicit activities online? If they are not causing problems for me, they are free to use my connection. Also, given the stupidity of most laws, I'm glad to help out and anonymize them a little bit. Are you worried that people might be doing something illegal online? or are you worried about getting busted for somebody else's crime?

Re:Only 1/3?

[jabithew]

I'm worried about getting busted for someone else's crime.

Re:Only 1/3?

[phorm]

My internet speeds kinda suck at times (even though I'm in the city, my area has crappy Bell infrastructure). I'd imagine that in some more remote areas or smaller towns they have slowness issues as well.

I wonder how feasible it would be to build a small local "mesh" network, so that neighbours could aggregate bandwidth? Creating a master node with wireless connections to everyone, and access via VPN to a semi-smart NAT box would be a fun project.

Re:Only 1/3?

[anagama]

Correct - the MAC address is not included in the encrypted data. Seems like a next step in security would involve encrypting the MAC address so it can't be sniffed, but then how would a computer know which packet belongs to it? Anyway, if anyone does do MAC address encryption now, it's pretty exotic hardware -- not the type of thing you'd just find on the shelf.

Re:Only 1/3?

[chunk08]

I monitor it and haven't seen anything other than casual web browsing. And in a small town, where everyone knows everyone else, it's even less likely someone will use their AP for evil.

I don't care about the bandwidth, but I have my computers behind a NAT for a reason (not just because I only have one internet IP). Having an open WiFi network kinda defeats that. Most of the neighbors do their banking etc. online. My point was it won't just be your neighbors that you know and trust getting in to your network, and not everyone who gets in wants internet bandwidth.

Warballoon

[4D6963]

Hill suspects that local authorities might have been spooked by the fact that he called his device a warballoon.

A slight name change sounds necessary then.. How does waterballoon sound?

Re:Warballoon

[Ravadill]

What about "Freedomballoon" ?

That's it?

[andreyvul]

Only 1/3 of (wireless) networks are unsecured? Well then, how am I supposed to connect my DS to the network in order to download torrents to my R4 (via DSLinux)?

Open by choice?

[ishmalius]

Don't assume people's motives for having an open AP. Rather than security ignorance, altruism is a perfectly good reason to turn off WEP and WPA.

Re:Open by choice?

[the_skywise]

Especially given that there was a hacking convention going on in town (who might be more inclined to believe in free wireless for all?)

Re:Open by choice?

[dwater]

I do.

There's even an organisation around where I live/work that promotes it. It's called wippies :

http://www.wippies.com/www.phtml

For a free year long commitment, they will send you a free wifi router that will run a second wifi network 'on the side' for other subscribers to use when they're away from home. There's a google map of coverage somewhere on their site, but I can't find it right away...

Re:Open by choice?

[TeknoHog]

I'm also a member of Wippies, but there's nothing altruistic about this subscribers-only network. Then again, I'm wary of keeping a truly open AP, because of the illegal uses that might be traced back to me.

Re:Open by choice?

[dugenou]

How similar is this to FON ?

Re:Open by choice?

I open up my wireless to see if some fool will use it to log into his gmail account. I then use it for spamming.

Re:Open by choice?

http://www.wippies.com/map.phtml

Re:Open by choice?

[eosp]

Plausible deniability.

Re:Open by choice?

[Eclipse5302]

This is a fine idea, except for when someone uses it for uploading / downloading **AA content and now you are liable. At least at this point in time...

I used to share my internet with my neighbors, via a lowered-security network and open WIFI. Then I found out they were downloading (and presumably sharing) music. I eventually killed the open SSID and told them they would no longer get free internet due to a change with my internet connection.

Previous to the cancellation of their internet access they told me they would stop downloading music, but there was no way I was going to be made an example of by the **AA, and this was back when the lawsuits were flying. I tried to run with a simple content filter for a while but decided that I didn't want to support something like that for someone who wasn't paying me anyhow...so buh-bye.

Re:Open by choice?

[dwater]

> but there's nothing altruistic about this subscribers-only network

Really?

It's free to join...you just have to share yours too.

Clearly it's not the same as an open network, but it's still quite altruistic, IMO.

Re:Open by choice?

[dwater]

Well, yes, but I have to wonder why the RIAA's search has to end at the ISP? It's common practice to do this, so their search for the culprit should continue.

However, that's no defense for the legal costs.

How did you find out what they were downloading?

Re:Open by choice?

[dwater]

Dunno...it seems to be flash which wants to open another window, which I don't want it to; and can't be bothered to find another link.

However, their top level flash image seems to suggest the router costs money. Wippies doesn't cost anything, IINM.

Re:Open by choice?

Actually FON just sells the router to those who don't have one already. You can join FON for free if you already have a Wi-Fi router.

Re:Open by choice?

[Eclipse5302]

From what I've read, the search for the culprit typically stops at the ISP...when they get their name-to-ip mapping.

So it's then up to the internet connection owner to prove that he wasn't downloading / uploading. And from what I've read, no one seems to be able make that argument properly.

The smart people know that thanks to a little thing called NAT, there is almost no way to track users in a situation like that, unless the router is question is keeping DHCP, MAC, and access logs...to which your standard Linksys isn't doing.

Oh and I found out about it when I was working on their PC; one of them mentioned something about the connection being down and not being able to download music. I was really happy to hear that...

Re:Open by choice?

[dwater]

> and not being able to download music

I assume they didn't mean iTunes or any of the other *obviously* legal download services.

And what did you want the police to do?

[the_skywise]

In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"

Oh now they're too trusting?!

What do you want?!

Should they have played hardball and interrogated them, maybe arrested them and confiscated their equipment until they could ascertain they were safe so you could have a post about "out of control" law enforcement again?

Perhaps they should've called out the bomb squads ala the Mooninites bomb scare?

I, for one, vastly prefer this response.

Re:And what did you want the police to do?

[General+Wesc]

Of course, there's no middle ground, such as going over and asking 'What are you guys doing?' and upon being told, replying 'Cool, have fun!' and then continuing along the way.

I don't have a problem with police not bothering them (and the article doesn't say trusting is bad), but nor do I have a problem with police (or anyone) saying 'What's up?' in a non-hostile manner. You present a very absurd, and obviously false, dichotomy.

I see a new sport coming on

[deepgrey]

Warballooning! Heck yes.

Re:Unsecured networks can be a big security risk

FUD. Computer networks are means of communication, no more, no less. Where communication is a bad thing, freedom of speech dies.

Just following Schneier's advice...

[consumer]

http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

Re:Just following Schneier's advice...

[db32]

I have thought about opening mine up, but the problem is that all of my desktop machines are wireless and I have the thing configured to only accept configuration stuff on the wired interface. As a result I have used the same old WEP key for the better part of 6 years.

I'm a bit lazy about my wireless for the same reasons he argues to open one.

Re:Just following Schneier's advice...

[topham]

The difference is, when he hirs his $1000/hr lawyer to defend him from accusations of transmitting child porn, because someone uses his wifi, his reputation as a security researcher will give him a lot of credibility in his opinions.

you and me? not so much. we'd get stuck proving it wasn't us, inspite of the general case of 'innocent before guilty'. by the way, your name would all ready be in the local paper as being involved in child pornography, your name would be attached to sex-offender lists and you would lose your job and possibly driven out of your neighborhood by your neighbors. all that before 2 months goes by and you actually even get a hearing.

have fun.

Re:Just following Schneier's advice...

[devman]

It's scary because its true.

police just can't win, can they?

[speedtux]

'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off

If they hadn't, then there would have been a story about how intrusive and incompetent the police was.

The police did the right thing: they judged correctly that there was no imminent danger and drove on. It isn't their job to try to find economic or computer hacking crimes-in-progress, and they have neither the equipment nor the training to do that. And they were smart enough to see that a bunch of geeks playing with balloons are not terrorists.

Re:police just can't win, can they?

[Fulcrum+of+Evil]

Or they could have questioned the people in the parking lot - something simple that at least shows them making an effort (and making it harder for the blackhats to boot).

Re:police just can't win, can they?

...and then watch as everyone on /. cries out, "Police state!"

Re:police just can't win, can they?

or just do what they did, in the face of no apparent danger move along and spend their time (and your money) more wisely dealing with crimes that were more important.

Not knowing LVPD, but assuming they are not different from police around the rest of the world, they are probably not in lack of things to do (and solve).

Spending time on a balloon seems like a waste of time compared to all the other problems going on...

So what's wrong with that?

I have no problems with the results of that report.

Sounds good

[Irongeek_ADC]

Actually, only 1/3 insecure sounds like a great improvement over just a few years ago.

Re:Sounds good

[Miasik.Net]

Actually, only 1/3 insecure sounds like a great improvement over just a few years ago.

What kind of improvement is that? Less networks to connect to when you are in need? Does it really sounds good to you?

Re:Sounds good

[legirons]

only 1/3 are operating a public amenity, and you think that's an "improvement"?!?

Not 'Unsecured'. It's 'Open System'

[TechyImmigrant]

802.11 APs that people refer to as being 'unsecured' are in fact broadcasting a beacon declaring them to be 'Open System'. It is right there in the spec, section 8.2.2.2 .

'Open System' means exactly that. Come on it. We're open.

This is a good thing. I don't secure my wireless LAN. I secure my computers. If people want to borrow a bit of my bandwidth, go right ahead. My neighbor does it all the time when he can't get his crappy cable internet to work.

This should be encouraged. Call them 'Open' and call it a good thing.

Re:Not 'Unsecured'. It's 'Open System'

Ditto. Occasionally a neighborhood realtor finds my network useful to check his email. My SSID is "FreeAccess".

Re:Not 'Unsecured'. It's 'Open System'

As the IT person at a small to mid size company we have a management backed policy. Broadcast an open guest SSID in the conference rooms and in the break/lunch area's. This way any vendors or employees with there own laptops can use the internet. Sorry, the SSID is on a separate VLAN that terminates in our DMZ. It can only access the internet and uses a DNS sever that is not on our network.
If they cannot get there machines on the wireless network, all of my network jacks in conference rooms and break rooms are on the guest VLAN.

If an employee wants to access company resources they will need to come by the help desk and we will install a certificate onto there company owned laptop.
Management backs us up 100% that we will not allow laptops on the corporate network unless they are owned and imaged by the company.

Re:Not 'Unsecured'. It's 'Open System'

[TechyImmigrant]

Separating guest traffic on a VLAN is a fine idea.

It's a shame that off the shelf, consumer grade wireless routers don't do it.
 

Re:Not 'Unsecured'. It's 'Open System'

[adolf]

Sure they will -- at least the hardware will. The rest is just software, and that part is free.

A Linksys WRT54G from Wal-Mart, running DD-WRT, can use multiple SSIDs, with different settings and routing for each. Even the cheesy 10/100 switch built into it supports VLAN.

Complaining that "off the shelf, consumer grade wireless routers" can't do these things is like complaining that a new computer can't play Quake: They're both a fallacy. The hardware in either case is perfectly able to do lots of neat stuff like fancy WiFi routing or FPS shooters, respectively, as long as appropriate software is installed.

(And in case you're thinking, "That's not software! DD-WRT is firmware!!!" remember this: Flash memory changes everything. The software installed on a WRT54G is no more firmware, than is a copy of Windows XP installed on a solid-state disk.)

Re:Not 'Unsecured'. It's 'Open System'

You mean the WRT54GL - L for linux.

Re:Not 'Unsecured'. It's 'Open System'

[ponraul]

Agree.

Pointing out open APs in 2000 was clever; pointing out open APs in 2008 is not. After setting up an open access point, the realization sinks in quickly that if no extra steps were required to connect to the network on your computer then anyone's computer can connect to the network.

What happens after that depends on temperament: most people do not care; aspies with shopping carts rigged-up with Wifi equipment and public address systems think it is criminal and a greater opprobrium than walking around with a shopping cart rigged-up with Wifi equipment and a public address system.

I leave my access point open. Any application that relies on the security of the underlying network is not an application designed to be used on the internet. "Security is not a product; it's a process."

Re:Not 'Unsecured'. It's 'Open System'

[BLKMGK]

Worth noting is that the presentation didn't mention open vs closed networks. It was brought up when *I* asked the question fron the back afterwards - it was a softpitch question as I knew the answer. Rick did this to show an alternative way to survey LARGE swaths of territory not to highlight levels of security. He got a 7.5 mile radius surveyed in something like 15mins.

That said, my APs are lightly encrypted with WEP. They are not open as I do not trust that someone won't bring the *AAs or worse to my door. They can break the WEP and I will then hunt them down - the WEP is simply a no tresspassing sign...

Re:Not 'Unsecured'. It's 'Open System'

[adolf]

Nope, I meant exactly what I said.

Last I checked, every single WRT54G could run some incarnation of DD-WRT, including the newer and cut-down version that Wal-Mart sells. I installed it on one myself, a couple of months ago, on a brand new unit from there.

A WRT54GL would be a better choice, as it has more RAM and more flash, but it's not necessary.

geeks are bringing us the police state

[speedtux]

Are there really people stupid enough to think that awareness of security holes is something new? Every major piece of infrastructure over the last century has had major security holes. But rather than gleefully exploiting and exposing them for personal fame and fortune, the people who figured it out just shut up about them. Why? Because they understood that fixing those holes would be costly and intrusive, and it would ultimately still not make the system really safe.

So, if you enjoy body cavity searches, universal surveillance cameras, automated defense systems, and dealing with proprietary and intrusive access controls everywhere you go electronically or physically, then go ahead and keep wardriving and warballooning and defconnning.

Just be aware that it is your actions that are bringing us the police state, because once a bunch of geeks stands up and says "hey, your infrastructure isn't secure and we are at risk", then politicians and lawmakers have to act.

Re:geeks are bringing us the police state

[twistah]

You're right, let's all shut up and stop defconning, this way the bad guys won't know how to do bad things and the government will have no right to intrude on our civil liberties, because they only do so when those damn geeks make up some threat about insecure networks and credit cards being stolen and all that other stuff that won't really happen. Really guys you should know better. Can we get this Slashdot thing shut down already?

Re:geeks are bringing us the police state

[speedtux]

because they only do so when those damn geeks make up some threat about insecure networks and credit cards being stolen and all that other stuff that won't really happen

As I was saying: there are plenty of flaws in networks, software, and protocols. But only a complete moron would think that the right way of dealing with them is to publicize those flaws widely.

You're right, let's all shut up and stop defconning,

How stupid do you have to be to see that DEF CON isn't improving security? DEF CON has been exposing security problems for 15 years, and things have gotten steadily worse. It's not working. The assumption that if you expose security holes, people will fix them and things will improve clearly is wrong.

Re:geeks are bringing us the police state

[iamme9182]

How stupid do you have to be to see that DEF CON isn't improving security? DEF CON has been exposing security problems for 15 years, and things have gotten steadily worse. It's not working.

This assumes that technology has not changed in the last 15 years. As projects get bigger and do more, new security flaws show up.

It also assumes these people don't report to companies about the flaws before they go public with them. They do, and somehow the issues are not always fixed in a reasonable amount of time.

If I am using some software that a group of people know are insecure and how to get personal information out of, I think I have the right to know about the security risk and either accept that risk or go with a competitor.

Re:geeks are bringing us the police state

Come on, get real. How does your response relate to warballooning or Boston metro ticket hacking?

Re:geeks are bringing us the police state

[BLKMGK]

Only a complete moron would think that not pointing out security flaws would make them go away or keep them from the bad guys. Many companies will not fix their shit without a spotlight being pointed at them! Do you REALLY think the bad guys aren't looking as hard or harder than those who present at DEFCON? Wow....

Surprise, exposing security holes does get them fixed. Sadly the lesson doesn't appear to sink in and morons keep building insecure shit. When it hits their wallet they listen. How stupid do you have to be not to notice this?

Re:geeks are bringing us the police state

[speedtux]

Do you REALLY think the bad guys aren't looking as hard or harder than those who present at DEFCON? Wow....

That's the typical black-and-white security bullshit coming from "computer science security researchers". None of the physical security systems people use are secure: they all have "security flaws". Every single one of them. It's only computer scientists that have some pipe dream of total security. Of course, although that is theoretically achievable, actual software fails to deliver.

Sadly the lesson doesn't appear to sink in and morons keep building insecure shit. When it hits their wallet they listen.

How does warballooning or telling people how to forge MBTA tickets help anybody? Why is it your problem whether people access my WiFi or whether people cheat on their MBTA fares?

Look at MBTA. Physical tokens used to be pretty easy to fake. The costs and risks of that were well understood. Now, they moved to mag stripes, and they are still easy to fake. Do you really think the MBTA didn't think about this? Most likely, they decided that the hassles and costs of key management and administration just weren't worth it.

But publicity from DEF CON presentations may force the MBTA to redo the entire system to make it cryptographically secure, even though that is clearly not the best cost/benefit solution for them. They will also increase police presence and stop and possibly arrest anybody doing anything with gadgets near their RFID readers.

Who do you think will suffer from this? The MBTA will have to pass on the costs of redoing their system to the riders, and the increased police vigilance will make geek life in Boston that much more unpleasant, since any PDA or gadget used around their machines will become suspect as a hacking tool. MBTA employees also probably will have to be tracked more carefully. Congratulations for bringing us one step closer to the police state.

How stupid do you have to be not to notice this?

Yes, indeed, how stupid do you have to be?

Re:geeks are bringing us the police state

[BLKMGK]

You've apparently missed my first point completely - bad guys ARE looking and YOU ignore this. Buy a cloned cell phone on a street corner in NYC and you will realize that there's money to be made at this kind of thing and that people ARE trying to break token security systems. Oddly you do not dispute this sort of activity occurs but instead simply call bullshit. Do you REALLY think that MBTA cards wouldn't be diddled without these guys? That they haven't already? Did you think their research ONLY effects MBTA? Did you not realize that what they did can be applied elsewhere? Wow...

The MBTA stuff could have been built secure from the start. I'm quite sure that the folks in Boston bought it having been told it WAS "secure" - except that no one had been allowed to look at the actual "proprietary" hardware\software involved. It was all secret squirrel wink wink nudge nudge. MBTA took them at their word of course. Now MBTA has discovered that their word wasn't worth shit and is scrambling to put the genie back in the bottle. These guys did this work with a minimum of hardware and the results applied to more than MBTA - plenty of incentive for criminals to do the same in dark back rooms.

That you blame the guys at DEFCON for MBTA stupidly accepting promises of a company trying to sell them something is pretty sad. Perhaps they shouldn't have gone public and instead setup shop selling a service to bump up fares on MBTA cards instead - would that have made you happier? If they didn't someone else would have. I seem to recall reading that some of this same hardware is used to protect facilities too, would you also prefer that those places remain vulnerable? You focus too much on MBTA, look beyond your immediate needs maybe?

The talk wasn't going to reveal how to increase balances on cards although anyone attending could probably have figured it out. No PDAs near readers would have been required either as it's the cards that get modified as I recall. Should they arrest someone for innocently playing with a PDA near such machines I think they will find it a pretty big mistake. That you are upset this might happen and not that they would be so stupid to do this is telling. BTW - the talk still went on but was instead given by a reporter who had been following the story I'm told. I'll have the video in a few weeks as will many others and I already have the slides - didn't get to see him present but it went WAY over due to high interest. Whoops!

A real shame that you so feel the need to bury head in sand and focus blame where it doesn't belong. You're not the manager that stupidly signed off on this for MBTA are you? You seem to have the proper mentality for it...

Re:geeks are bringing us the police state

[speedtux]

You've apparently missed my first point completely - bad guys ARE looking and YOU ignore this

Are you dumb or something? As I keep saying: of course, bad guys "are looking". Not only are they looking, they are succeeding in defrauding these systems. Public transit authorities know that, and their economists work out the optimum tradeoff between fraud and enforcement.

Do you REALLY think that MBTA cards wouldn't be diddled without these guys?

Again, are you dumb or something? As I keep saying: the MBTA knows how much they are "being diddled". That's factored into the costs!

No PDAs near readers would have been required either as it's the cards that get modified as I recall. Should they arrest someone for innocently playing with a PDA near such machines I think they will find it a pretty big mistake.

You haven't been paying attention; the RFID hack involved placing a GNU radio next to the RFID reader at a subway station.

The MBTA stuff could have been built secure from the start.

Really. Do tell us how. How would you handle key distribution? How would you handle key revocation? What are the costs for networking and system upgrades? How much do the RFID tags cost that support this? How much do the people who can run such a system cost? What vendors offer it and are available for selection by the MBTA? What vendors were available at the time?

A real shame that you so feel the need to bury head in sand and focus blame where it doesn't belong. You're not the manager that stupidly signed off on this for MBTA are you? You seem to have the proper mentality for it...

No, I'm not the manager who signed off on it. In fact, I'm just an MBTA rider. But I've been part of enough big projects to know that a cryptographically secure solution is rarely the economically right one.

But my recommendation to the MBTA would be: (1) ignore the bad publicity and don't change anything about the existing card or RFID system, (2) use data mining and behavioral profiling to find unusual behavior and arrest people who seem to be cheating, and (3) ban the use of any electronics other than cell phones on MBTA property.

In fact, MBTA has no choice because, contrary to what the MIT nitwits think, there is no simple technical fix to this problem.

I'm quite sure that the folks in Boston bought it having been told it WAS "secure"

Yes, and that sort of idiotic arrogance is at the heart of this. No, a bunch of MIT undergraduates are not smarter than the people who design subway systems full time.

Re:geeks are bringing us the police state

[speedtux]

(3) ban the use of any electronics other than cell phones on MBTA property.

Make that cell phones or MP3 players, although both are almost useless on MBTA anyway, given the noise.

Comment removed

[account_deleted]

Comment removed based on user account deletion

wow

[dodgedodge]

1/3 of wireless networks are not secured? wow. anyone with netstumbler could figure that out in 5 minutes of driving around.

cops just waved

That's the most pathetic complaint I've heard in a very long time. Go to North Korea, assholes, you can get your police state fix there.

Re:cops just waved

[couchslug]

"That's the most pathetic complaint I've heard in a very long time. Go to North Korea, assholes, you can get your police state fix there."

That would be no fun without good connectivity. What good is a police state if I can't rant about it online?

Re:cops just waved

HAHAHA i jsut found my new sig

"What good is a police state if I can't rant about it online?"

Re:cops just waved

wtf are you talking about? korea has more fiber backbone than the US. Its government funded much so like land lines and telephone poles are here. I know a few korean gamers as well after playing gunz online a bit. Like the #1 fps I bet even more hacked/modded than quake.

Re:cops just waved

[couchslug]

"wtf are you talking about? korea has more fiber backbone than the US. Its government funded much so like land lines and telephone poles are here. I know a few korean gamers as well after playing gunz online a bit. Like the #1 fps I bet even more hacked/modded than quake."

You don't know the difference between North and South Korea.
Are you an American?

Re:cops just waved

[Kalriath]

He plays Gunz, so it's quite likely he's a 12 year old.

Re:cops just waved

[NiteShaed]

In America only old people know about North and South Korea.

A duh...

[WwWonka]

a third unsecured in a busy metropolitan area? Nooooooooo. I think this article is full of hot air.

Why shouldn't they be?

[ScrewMaster]

In addition to that, the project managed to show how trusting the local law enforcement agencies really were.

Why shouldn't they be? Why should people out in the open with laptops automatically be assumed to be criminals? No matter what they were doing, odds are the cops wouldn't have to technical knowledge to make a proper judgment anyway. Suppose these guys really were up to no good, and the cops questioned them about it. "We're just playing some network video games officer."

Or is the use of a portable computer in public now considered criminal behavior?

solution to problem

[transporter_ii]

Log into their routers and turn the security on for them.

You know 98% of those unsecured APs also had the default password, right?

But seriously, is it now illegal to scan for networks to see how many are unencrypted???

I would say the only hint of anything illegal would be if they logged on to the networks. But even that shouldn't get the police to come and beat you.

Transporter_ii

"Unsecured" does not mean wide open..

Just because there is no WEP/WPA running, it does not mean the network is insecure or wide open - did they actually bother to test this, or they are calling these scores simply based on the presence or lack of WEP/WPA? There are plenty of solutions sitting on channels that are unencrypted on link-level, like f.e. a simple VPN tunnel, or an authorative gateway.

Re:"Unsecured" does not mean wide open..

[xrayspx]

"Unsecured" doesn't mean "Unauthenticated", but you can still sit there and listen without authenticating and being able to browse. The hotels do not establish secure tunnels to each client at authentication, for instance.

Re:"Unsecured" does not mean wide open..

[BLKMGK]

No they did not check, finding secure or insecure networks wasn't the point. They were simply showing an interesting way of surveying a 7.5 mile swath for networks. They were able to see these networks from a pretty good standoff distance and without moving from a stationary position. Sadly whoever wrote the summary missed the point, the secure\insecure info wasn't even IN the presentation!

Please explain...

why is this article not tagged "free internet!"?

unsecured ?

what do they mean by unsecured ? my wirelss network (open) dosent reach outside my prorerty I have tested it , my dog is big and noisy and I'm heavily armed and have a bad temper.

Re:unsecured ?

[xrayspx]

Did you test it with a high gain directional antenna? Team Tenacity tested a 7.5 mile radius around their "plan B" location, which included the entire LV strip.

The most entertaining part was when the cop car showed up, they all waved at the cops, and the cop car drove away. Had the intent been bi-directional communication, it would have been kind of hard without a much more stable platform, I'd imagine. But even in a listen-only Kismet setup, 170 networks, 1/3 of which are open is pretty significant.

ONLY 33.3%?

[dkarma]

When I began getting interested in wifi and wardriving most of the books I read indicated that usually about 70% of wifi routers were unsecured. I found typically 40-60% of wifi signals reachable from the road were unencrypted.

Tempest in a Teapot

[mschuyler]

You say that like it's a bad thing. Most WiFi networks are of such low power to render them effectively useless beyond a few feet of the origin of the signal. In my neighborhood with houses on half-acre to acre lots I can detect half a dozen networks. A couple are 'insecure,' but the signal is one bar in strength. Besides, I'm detecting them with my own network, so why do I want to 'steal' their bandwidth? Mine is faster. There aren't many people who want to cruise the neighborhood looking for unsecured signals so they can use their laptop in the privacy of their own automobile to surf the net. How uncomfortable is that? I surf with my feet propped up, a beer on the table, and the dog curled up at my feet.

Then there are those networks that are intentionally unsecured. The local library has a router intentionally pointed at the parking lot (Gasp!) In the downtown area every hotel is within range of an unsecured network. They even have a placard that tells you how to connect--free!

Sure, there are probably guys into taking advantage of you if your network is unsecured. Perhaps the issue is more prevalent in an apartment house or a dorm than single family residences, but I think this is more of a theoretical issue than a practical one. You can hypothesize your way to wild conclusions, but in the end, is this REALLY a serious problem?

Re:Tempest in a Teapot

[xrayspx]

If you aimed a better antenna at your neighbors house, it would be easy to sniff all their traffic. Now let's say that you're not the well meaning, keep to yourself kind of guy that I'm sure you are, but that you're intent on identity theft or stealing personal or business data. The fact that you can see 1/2 dozen unsecured networks from your house means you live in a pretty target-rich environment. How many of your neighbors might use the same password for AIM or Myspace that they use for Bank of America, or their local login password?

The attacker wouldn't necessarily own a house in your neighborhood either. Maybe they rented a van? Maybe one of your neighbors is in a position at work that puts them in touch with sensitive data, and someone follows them home? Or, maybe someone launches a balloon 4 or 5 miles away and collects everything scattershot for a couple of hours, then hones in on those interesting location in a car. As unlikely as those scenarios are, why not just click the damn "WPA2" radio button on the stupid gui and make yourself a somewhat harder target?

Re:Tempest in a Teapot

[shermo]

Because anyone who would go to those lengths wouldn't be troubled by you 'click[ing] the damn "WPA2" radio button'.

Re:Tempest in a Teapot

[xrayspx]

Why drive around and crack WPA networks when there is so much low hanging fruit? With an unsecured network, you're just advertising an easy target.

Re:Tempest in a Teapot

[mentaldrano]

I surf with my feet propped up, a beer on the table, and the dog curled up at my feet.

You let your dog sit on your table? So you're insecure AND a hick.

Re:Tempest in a Teapot

'I surf with my feet propped up, a beer on the table, and the dog curled up at my feet'.

So, the dog, your feet, your beer and the computer are all on the table?

Just asking...

And the only question remaining...

[ladybugfi]

...was Cory Doctorow in the balloon blogging? http://xkcd.com/239/

Easier Way

Wouldn't it be easier just to hire a private pilot?

You could cover exactly the area you want, wouldn't risk losing your gear, and wouldn't run afoul of any airspace restrictions (ie if you lost your balloon near the airport.)

DHS has been informed . . .

'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'

Expect a knock on your door, terrorist sympathizer scum!

How can we Feel Safe (tm) if we have police like this patrolling the streets of our most beautiful and American cities? The terrorist El Hilanizteum should have been maced and beaten and taken into custody as per DHS Secret Directive USA17-76.

What's this country coming to?

"It's no paranoia when they're really after you." -- H. Ross Perot

Socially Engineering the Police

[istartedi]

They were cool and casual, and did not run from the cops. If they had stared at the cruiser with that "OMG, we're busted" look, or even worse, run away; there might have been trouble. You hear stories like this all the time--the guy who gets pulled over for a warning about going 10 miles over the limit, and he's cool and the cop never finds out he's got joints in the glovebox. Then, on the other side there's the guy who's initially done nothing wrong and ends up getting his whole car searched by dogs, and getting detained for an hour just because he acted suspiciously.

Re:Socially Engineering the Police

For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares?"

For all intents and purposes you may not be the best person to judge grammar!

Harriet Island report

[British]

I was at Harriet Island in St. Paul, MN for the Irish fair. Whipped out the laptop, and couldn't find any unsecured AP that had more than 1% strength. ALL the other APs, all with strong signals are secured. Kinda pissed me off as I wanted to check my email.

Defcon needs to make a note

[mysidia]

To boycott the Riviera for future conferences.

It's really dumb to give conference organizers permission to do something and then recant with so little advance notice.

Re:Defcon needs to make a note

[BLKMGK]

They had approval from conference support staff, the management above them squashed this after dumbasses freaked over the attention being given to a "warballoon" that was going to be lofted. Visions of C4 floating around or something apparently occurred. Rick admitted the name was a poor one and commended the support he got from the conference organizers at the hotel. The issue came when citizens spotted articles about this and stupidly called the police - shit rolled down from there.

local law enforcement

[nurb432]

Well, since what they were doing is totally legal, why shouldn't the local cops wave and drive off?

Thanks for the sour persimmons, cousin.

[westlake]

"Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"
.

and the next time the geek pulls some damn full stunt in Vegas will the cops be so warm and fuzzy?

1/6 dont know and 1/6 dont give a crap

Honestly, how cares. So 1/6 of people dont know that locking down their wifi is a good thing, and 1/6 of people really dont care. I dont care. A lot of people just dont care. Non-story. Slow night.

Warkiting

[Shadyman]

"Networkworld is reporting about a warballooning operation (similar to wardriving [CC]) that was disallowed by the management at the Riviera Hotel in Las Vegas..."

Go fly a kite.

Warkiting, anyone?

Re:Unsecured networks can be a big security risk

[HungryHobo]

Bullshit.
No matter what you think could happen either it's impossible or a number of the people reading your comment have already considered it and dismissed it.
Anonymity is not hard to come by on the web.
Hack any old WEP network and bounce through a few VPN's and proxies located in different countries which don't keep logs and the only people who are gonna be tracing you have magical powers and travel around in a truck built from unobtainium.

NASA security is just as good.

[Facegarden]

One time about a year ago i was going to NASA at Moffet Field to show off a robot i was working on. The robot was in a big black pelican case (the kind of thing you might also store weapons or a bomb in) in my trunk.

Moffet Field is open to all US citizens and they even have some random businesses there so it's pretty much a public place, but they do have armed guards in a booth there who check your ID (usually a very laid back glance) and let you in. Well when i drove in they pulled me aside for a "random" security check.

I got out of my car and they looked in the front seat, the back seat, even under the front seats. Then i opened the trunk, and there was this big black pelican case that i personally thought looked a bit ominous.

The security guard looked around in my trunk a bit, around the case, and then... said thanks and walked away.

I'm certainly not looking for a police state, but i figure if you've got armed guards checking out your car for security reasons, they might as well ask you what's in the big black case...

It just struck me as odd.

As far as the cops not bugging the guys at DEFCON... for all we knew they were aware of the conference and knew they were generally good people... Someone suggested getting the information of the vehicle, but i disagree... I don't want the cops collecting information on everyone... though i wouldn't have minded if the cops asked the guys what was going on at least, so long as they were reasonable about it...
-Taylor

Only 370 networks?

[iceeey]

You would think covering a 7.5 mile radius for 20 minutes in a major city, you would find more networks. I'm surprised. Perhaps it was the altitude they flew at? I went driving for 10 minutes in my (smallish) town over a 1.5 mile distance (roughly a straight line, not a circle) and found 650 networks, 33.23% of which were unencrypted. So that 1/3 unencrypted figure seems to be very accurate. It's unfortunate that the numbers have been declining, but I am seeing a lot of SSIDs like "FreeWifi", which is encouraging.

Meaningless figures

[nmg196]

Stories keep getting posted about the number of networks which are unsecured like it's some kind of problem. The vast majority of those networks are SUPPOSED to be unsecured. They're probably open networks designed for free public use - like the ones you get around New York parks which have been installed by Google or the hotpots in coffee shops such as Starbucks.

In the UK, all BT Openworld public access hotspots are unsecured as well. You can't actually use them though, unless you log in as they have an HTTP intercept until you log in.

Unless they can differentiate between intentionally open public hotspots in Starbucks (etc) and unsecured home access points in naive people's houses, then any figures are totally meaningless.

White Hackers.

[FatSean]

I bet you that team was mostly white. Had there been more people of darker pigmentation up there, the police may well have been more interested in investigating.

Ditto for mine

[phorm]

At first glance my network would appear insecure. If you can find it (no SSID broadcast, though that's simple to get past) then the DHCP server will happily give your machine an IP address.

However, *which* IP you get depends on a lot of things. The DHCP-pool IP's are rather restricted: if I remember correctly the only thing they're serving right now are DNS and http requests through the proxy. When I'm bored I also "massage" the firewall/proxy rules so that it does fun things with the proxied http requests, like various manipulations of the images. I'm still trying to figure out a good way to just translate the entire page-text to a random foreign language via babelfish or whatever.

To really do anything useful, you need to have a valid IP in the static net, then you need to VPN via OpenVPN, which at the moment I believe is more secure than current WEP/etc encryption, and seems less buggy as well (anyone notice that XP and certain routers like to randomly crap out then reconnect when using WEP... seems OK on 'nix though).

Re:Ditto for mine

http://www.ex-parrot.com/~pete/upside-down-ternet.html
Have a look here...

Unencrypted != Unsecured

[KillerBob]

There's other methods for securing a wireless network that many of us have seen... You can:

- use MAC filtering. Easy to get around, but is as much of a deterrent as using WEP or WPA, and so I'd say equally secure.
- force all traffic through authenticated proxy. many many hotels use this method.
- require domain login
- require VPN
- require access to come from terminal servers, providing open wireless access only so that you can log in to a terminal via rdesktop or xdmcp, or ssh w/ X forwarding (any of which can be configured to require an encrypted connection)

there's a host of other methods to secure a wireless network. Just because you're using an unencrypted wireless net does *not* mean that you're insecure.

Open is NOT 'unsecured'

Since when is an 'Open' network considered the same as an 'unsecured' network? Sheesh.

On my block there are 6 WAP's that are totally open, because a bunch of us like to have LAN parties. We use this as a block-area network for fun. It's not even hooked up to the internet.
OK, so one guy has a server on the LAN that you can VPN to and get access to the 'net, but that is secured through a VPN.
So what we have is an open, secured network.

And then they complain that the local police are doing their jobs, as in not hasseling the citizens without a good reason? Give me a break.

Besides, how do they know that the cops didn't radio to have a 'black van' drive by and sniff their wifi activity? They could have already been investigated and didn't even know. Seriously, not all cops are as dumb as some people would like to believe.

Liability?

[JSBiff]

I've wondered this before. If you don't secure your network somehow, and someone else uses it to commit crimes, can you be held liable? For all the police know, it was you using the network. Does this provide sufficient 'reasonable doubt' as to require the police/prosecutors to have to prove it was actually you using the network at the time?

Open/Unsecured?

1. Find open wifi access point.
2. Login to admin functions.
3. Turn on a huge random PSK so they can't connect anymore.
4. Feel good that you have made the world more secure. Pat yourself on the back a few times while you're at it- you deserve it Mr. Self-appointed Cop.

Oh, what's that? They have a password on the admin functions or have disabled them? Then it's probably supposed to be an open access point.

Give me a break.

It's the power-grubbing politicos and corporate types who are bringing us the police state. Geeks are just pointing and saying "the emperor has no clothes".

The bad guys already know this (as do some of the more technically-minded good guys). Nothing the geeks are doing is bringing the "police state" closer.

It's the fucking *politicians* who passed the Patriot Act, the *criminals* in the White House who allow people to be shunted to Guantanamo and waterboarded instead of respecting their civil rights, the *corporate goons* of AT&T and the other telcos who rolled over without a fuss when the government demanded help tapping all their communications. The "police state" is coming to you courtesy of all the greedy, fascist, power-hungry people who think they are better than the rest of us--and especially courtesy of the fat, lazy, dumb Americans who are too preoccupied with the latest American Idol or other stupid shit, to care about this or stick up for their rights.

Many many Americans died over the last 50+ years to protect the civil rights that have been stripped from the populace over the last 7 years with virtually no fuss. It's easy to let them take away your rights---it will be much, MUCH harder to get those rights back again.