Slashdot Mirror
Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured
avatar4d writes "Networkworld is reporting about a warballooning operation (similar to wardriving) that was disallowed by the management at the Riviera Hotel in Las Vegas, but was covertly launched anyway. The team found approximately 370 networks, and about a third of those were unsecured. In addition to that, the project managed to show how trusting the local law enforcement agencies really were: 'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off.'"
Will everybody please STFU about securing your wifi..
Cracking their wep when I'm on the road and without my gear is a pain in the ass!
NewslilySocial News. No lolcats allowed.
I don't believe this a good test of "security" since the majority of the hotels on the Strip have multiple unsecure Wifi networks for their guests. You have to go to a launch page first before you're even allowed access, sometimes entering a code.
If the police flip out over something we do, they're overreacting idiots that don't understand technology.
But if the police don't flip out over something we do, they're underreacting idiots who aren't keeping us safe.
Mmkay.
What else would the Police do with that situation? Is what the people were doing illegal?
"Maybe this world is another planet's hell"
Aldous Huxley
Last weekend I made a quick 5 mile drive and found 105 systems in my average residential neighborhood. 46 were unsecured. About 25 were running WEP.
Hill suspects that local authorities might have been spooked by the fact that he called his device a warballoon.
A slight name change sounds necessary then.. How does waterballoon sound?
You just got troll'd!
Only 1/3 of (wireless) networks are unsecured? Well then, how am I supposed to connect my DS to the network in order to download torrents to my R4 (via DSLinux)?
proud caffeine whore
Don't assume people's motives for having an open AP. Rather than security ignorance, altruism is a perfectly good reason to turn off WEP and WPA.
Oh now they're too trusting?!
What do you want?!
Should they have played hardball and interrogated them, maybe arrested them and confiscated their equipment until they could ascertain they were safe so you could have a post about "out of control" law enforcement again?
Perhaps they should've called out the bomb squads ala the Mooninites bomb scare?
I, for one, vastly prefer this response.
'Near the end of the operation, a Las Vegas Metropolitan Police cruiser drove by the parking lot to see what was going on. Hill and his team waved. The police officers waved back and drove off
If they hadn't, then there would have been a story about how intrusive and incompetent the police was.
The police did the right thing: they judged correctly that there was no imminent danger and drove on. It isn't their job to try to find economic or computer hacking crimes-in-progress, and they have neither the equipment nor the training to do that. And they were smart enough to see that a bunch of geeks playing with balloons are not terrorists.
Actually, only 1/3 insecure sounds like a great improvement over just a few years ago.
Irongeek's Hacking Videos / Security Videos and Articles
802.11 APs that people refer to as being 'unsecured' are in fact broadcasting a beacon declaring them to be 'Open System'. It is right there in the spec, section 8.2.2.2 .
'Open System' means exactly that. Come on it. We're open.
This is a good thing. I don't secure my wireless LAN. I secure my computers. If people want to borrow a bit of my bandwidth, go right ahead. My neighbor does it all the time when he can't get his crappy cable internet to work.
This should be encouraged. Call them 'Open' and call it a good thing.
Evil people are out to get you.
Are there really people stupid enough to think that awareness of security holes is something new? Every major piece of infrastructure over the last century has had major security holes. But rather than gleefully exploiting and exposing them for personal fame and fortune, the people who figured it out just shut up about them. Why? Because they understood that fixing those holes would be costly and intrusive, and it would ultimately still not make the system really safe.
So, if you enjoy body cavity searches, universal surveillance cameras, automated defense systems, and dealing with proprietary and intrusive access controls everywhere you go electronically or physically, then go ahead and keep wardriving and warballooning and defconnning.
Just be aware that it is your actions that are bringing us the police state, because once a bunch of geeks stands up and says "hey, your infrastructure isn't secure and we are at risk", then politicians and lawmakers have to act.
Comment removed based on user account deletion
a third unsecured in a busy metropolitan area? Nooooooooo. I think this article is full of hot air.
I have thought about opening mine up, but the problem is that all of my desktop machines are wireless and I have the thing configured to only accept configuration stuff on the wired interface. As a result I have used the same old WEP key for the better part of 6 years.
I'm a bit lazy about my wireless for the same reasons he argues to open one.
The only change I can believe in is what I find in my couch cushions.
"That's the most pathetic complaint I've heard in a very long time. Go to North Korea, assholes, you can get your police state fix there."
That would be no fun without good connectivity. What good is a police state if I can't rant about it online?
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
In addition to that, the project managed to show how trusting the local law enforcement agencies really were.
Why shouldn't they be? Why should people out in the open with laptops automatically be assumed to be criminals? No matter what they were doing, odds are the cops wouldn't have to technical knowledge to make a proper judgment anyway. Suppose these guys really were up to no good, and the cops questioned them about it. "We're just playing some network video games officer."
Or is the use of a portable computer in public now considered criminal behavior?
The higher the technology, the sharper that two-edged sword.
Log into their routers and turn the security on for them.
You know 98% of those unsecured APs also had the default password, right?
But seriously, is it now illegal to scan for networks to see how many are unencrypted???
I would say the only hint of anything illegal would be if they logged on to the networks. But even that shouldn't get the police to come and beat you.
Transporter_ii
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
Just because there is no WEP/WPA running, it does not mean the network is insecure or wide open - did they actually bother to test this, or they are calling these scores simply based on the presence or lack of WEP/WPA? There are plenty of solutions sitting on channels that are unencrypted on link-level, like f.e. a simple VPN tunnel, or an authorative gateway.
When I began getting interested in wifi and wardriving most of the books I read indicated that usually about 70% of wifi routers were unsecured. I found typically 40-60% of wifi signals reachable from the road were unencrypted.
You say that like it's a bad thing. Most WiFi networks are of such low power to render them effectively useless beyond a few feet of the origin of the signal. In my neighborhood with houses on half-acre to acre lots I can detect half a dozen networks. A couple are 'insecure,' but the signal is one bar in strength. Besides, I'm detecting them with my own network, so why do I want to 'steal' their bandwidth? Mine is faster. There aren't many people who want to cruise the neighborhood looking for unsecured signals so they can use their laptop in the privacy of their own automobile to surf the net. How uncomfortable is that? I surf with my feet propped up, a beer on the table, and the dog curled up at my feet.
Then there are those networks that are intentionally unsecured. The local library has a router intentionally pointed at the parking lot (Gasp!) In the downtown area every hotel is within range of an unsecured network. They even have a placard that tells you how to connect--free!
Sure, there are probably guys into taking advantage of you if your network is unsecured. Perhaps the issue is more prevalent in an apartment house or a dorm than single family residences, but I think this is more of a theoretical issue than a practical one. You can hypothesize your way to wild conclusions, but in the end, is this REALLY a serious problem?
How about a moderation of -1 pedantic.
...was Cory Doctorow in the balloon blogging? http://xkcd.com/239/
The difference is, when he hirs his $1000/hr lawyer to defend him from accusations of transmitting child porn, because someone uses his wifi, his reputation as a security researcher will give him a lot of credibility in his opinions.
you and me? not so much. we'd get stuck proving it wasn't us, inspite of the general case of 'innocent before guilty'. by the way, your name would all ready be in the local paper as being involved in child pornography, your name would be attached to sex-offender lists and you would lose your job and possibly driven out of your neighborhood by your neighbors. all that before 2 months goes by and you actually even get a hearing.
have fun.
They were cool and casual, and did not run from the cops. If they had stared at the cruiser with that "OMG, we're busted" look, or even worse, run away; there might have been trouble. You hear stories like this all the time--the guy who gets pulled over for a warning about going 10 miles over the limit, and he's cool and the cop never finds out he's got joints in the glovebox. Then, on the other side there's the guy who's initially done nothing wrong and ends up getting his whole car searched by dogs, and getting detained for an hour just because he acted suspiciously.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Did you test it with a high gain directional antenna? Team Tenacity tested a 7.5 mile radius around their "plan B" location, which included the entire LV strip.
The most entertaining part was when the cop car showed up, they all waved at the cops, and the cop car drove away. Had the intent been bi-directional communication, it would have been kind of hard without a much more stable platform, I'd imagine. But even in a listen-only Kismet setup, 170 networks, 1/3 of which are open is pretty significant.
I like music
I was at Harriet Island in St. Paul, MN for the Irish fair. Whipped out the laptop, and couldn't find any unsecured AP that had more than 1% strength. ALL the other APs, all with strong signals are secured. Kinda pissed me off as I wanted to check my email.
It's scary because its true.
"wtf are you talking about? korea has more fiber backbone than the US. Its government funded much so like land lines and telephone poles are here. I know a few korean gamers as well after playing gunz online a bit. Like the #1 fps I bet even more hacked/modded than quake."
You don't know the difference between North and South Korea.
Are you an American?
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
To boycott the Riviera for future conferences.
It's really dumb to give conference organizers permission to do something and then recant with so little advance notice.
Well, since what they were doing is totally legal, why shouldn't the local cops wave and drive off?
---- Booth was a patriot ----
.
and the next time the geek pulls some damn full stunt in Vegas will the cops be so warm and fuzzy?
Go fly a kite.
Warkiting, anyone?
Bullshit.
No matter what you think could happen either it's impossible or a number of the people reading your comment have already considered it and dismissed it.
Anonymity is not hard to come by on the web.
Hack any old WEP network and bounce through a few VPN's and proxies located in different countries which don't keep logs and the only people who are gonna be tracing you have magical powers and travel around in a truck built from unobtainium.
He plays Gunz, so it's quite likely he's a 12 year old.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
One time about a year ago i was going to NASA at Moffet Field to show off a robot i was working on. The robot was in a big black pelican case (the kind of thing you might also store weapons or a bomb in) in my trunk.
Moffet Field is open to all US citizens and they even have some random businesses there so it's pretty much a public place, but they do have armed guards in a booth there who check your ID (usually a very laid back glance) and let you in. Well when i drove in they pulled me aside for a "random" security check.
I got out of my car and they looked in the front seat, the back seat, even under the front seats. Then i opened the trunk, and there was this big black pelican case that i personally thought looked a bit ominous.
The security guard looked around in my trunk a bit, around the case, and then... said thanks and walked away.
I'm certainly not looking for a police state, but i figure if you've got armed guards checking out your car for security reasons, they might as well ask you what's in the big black case...
It just struck me as odd.
As far as the cops not bugging the guys at DEFCON... for all we knew they were aware of the conference and knew they were generally good people... Someone suggested getting the information of the vehicle, but i disagree... I don't want the cops collecting information on everyone... though i wouldn't have minded if the cops asked the guys what was going on at least, so long as they were reasonable about it...
-Taylor
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
You would think covering a 7.5 mile radius for 20 minutes in a major city, you would find more networks. I'm surprised. Perhaps it was the altitude they flew at? I went driving for 10 minutes in my (smallish) town over a 1.5 mile distance (roughly a straight line, not a circle) and found 650 networks, 33.23% of which were unencrypted. So that 1/3 unencrypted figure seems to be very accurate. It's unfortunate that the numbers have been declining, but I am seeing a lot of SSIDs like "FreeWifi", which is encouraging.
Stories keep getting posted about the number of networks which are unsecured like it's some kind of problem. The vast majority of those networks are SUPPOSED to be unsecured. They're probably open networks designed for free public use - like the ones you get around New York parks which have been installed by Google or the hotpots in coffee shops such as Starbucks.
In the UK, all BT Openworld public access hotspots are unsecured as well. You can't actually use them though, unless you log in as they have an HTTP intercept until you log in.
Unless they can differentiate between intentionally open public hotspots in Starbucks (etc) and unsecured home access points in naive people's houses, then any figures are totally meaningless.
At first glance my network would appear insecure. If you can find it (no SSID broadcast, though that's simple to get past) then the DHCP server will happily give your machine an IP address.
However, *which* IP you get depends on a lot of things. The DHCP-pool IP's are rather restricted: if I remember correctly the only thing they're serving right now are DNS and http requests through the proxy. When I'm bored I also "massage" the firewall/proxy rules so that it does fun things with the proxied http requests, like various manipulations of the images. I'm still trying to figure out a good way to just translate the entire page-text to a random foreign language via babelfish or whatever.
To really do anything useful, you need to have a valid IP in the static net, then you need to VPN via OpenVPN, which at the moment I believe is more secure than current WEP/etc encryption, and seems less buggy as well (anyone notice that XP and certain routers like to randomly crap out then reconnect when using WEP... seems OK on 'nix though).
There's other methods for securing a wireless network that many of us have seen... You can:
- use MAC filtering. Easy to get around, but is as much of a deterrent as using WEP or WPA, and so I'd say equally secure.
- force all traffic through authenticated proxy. many many hotels use this method.
- require domain login
- require VPN
- require access to come from terminal servers, providing open wireless access only so that you can log in to a terminal via rdesktop or xdmcp, or ssh w/ X forwarding (any of which can be configured to require an encrypted connection)
there's a host of other methods to secure a wireless network. Just because you're using an unencrypted wireless net does *not* mean that you're insecure.
If you believe everything you read, you'd better not read. - Japanese proverb
In America only old people know about North and South Korea.
Some bring out the best in others, some the worst. Some bring out far more.
I've wondered this before. If you don't secure your network somehow, and someone else uses it to commit crimes, can you be held liable? For all the police know, it was you using the network. Does this provide sufficient 'reasonable doubt' as to require the police/prosecutors to have to prove it was actually you using the network at the time?