January 30th, 2005, 09:01 AM
a tip for the windows wardrivers out there
I have a little story for you, covering both a bit of advice and security at the same time. However, this isn't Access Point side security, it's the security you have as a wardriver
As a greyhat, I wardrive for the fun of locating what exists within cities and streets and to protect my city against blackhats and scripties. Sometimes actively scanning in windows, sometimes passively scanning in Linux. One I find an unencrypted (and thus unprotected) WAP, I pinpoint the location of the AP and thus the store/homeowner/company that is running it. My contact with them is brief, as I just notify the CEO/head of household that their network to the outside world is wide open. After handing them a summary of how to secure a WAP and who they should send this memo to in their company, I leave.
This way their network is secured, and it's one less WAP that idiots can use against the company. Greyhat == "lord of the ring" type rangers of the internet. Nothing illegal preformed.
I told you that to tell you this, so bare with me. There are some things you never want to access, or test. Even if you come across them, there are some things that are just better left alone. This also applies for unintentional access. Allow me to explain. You see, in Windows you have the unfortunate problem of the wireless card autoapplying the TCP/IP and dhcp settings to automagically attempt connection to the closest WAP it can find. This is bad, as you don't want to try (not even in a sense of password usage, but just the beginning handshake with the WAP) to connect to a WAP that you do not have legal access to. I relearned this the hard way.
While scanning a main street in my city, I came across the local police station. As always, their wireless network remains unencrypted (I know they know better, so I assume it may be a honeypot, but none the less) and thus instally throws a redflag on netstumbler. No big deal, I've documented them before. But wait... what's this? I see the wireless icon in my systray start moving. It's attempting to connect... to what? Low and behold, windows was trying ruthlessly to get a connection to the police-station's WAP. Not in a brute-force sense, but requesting an IP from it over and over again. Whoops :X I quickly shut off my NIC, renamed the network name for my laptop, and sped off. Scared shitless that their admin may have caught my consistant broadcasts to connect to them that may have been going on for a minute or two. You see, I had done a reformat just yesterday, and had forgot to turn off TCP/IP on the wireless card settings while wardriving.
Moral of the story: While wardriving in windows, unbind TCP/IP from your NIC until you plan to actually connect. That's the ONLY time you need it, as it's unnessessary for just the detecton of networks. Not only could this raise an eye or two, but could be viewed as highly illegal due to how Windows demands over and over WAP access. To disable TCP/IP on your nic card, go into your control panel and into network connections. Right click on your wireless nic connection and choose properties. Once in properties, uncheck the TCP/IP box, and apply/ok it. There, you are now set to wardrive without the worry of windows banging on everyone's door.
Have fun, be safe, and try your best to keep this in mind when heading out to wardrive.
January 30th, 2005, 03:06 PM
I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.
January 30th, 2005, 03:59 PM
There's nothing illegal about connecting to an unsecured wireless network, police station or not:
The ECPA (Electronic Communications Privacy Act, United States Code Title 18, Part I Sections 2510-2521, 2701-2711, 3121-3127) rules that it is not unlawful to
And that's exactly what the case was in your umm... case. This part of the ECPA talks about unlicensed bands/frequencies, which is exactly what wireless networks are.
intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.
If someone less knowledgeable than you would be living next to that police station, and that person would have a wireless network installed, his wireless client may instead connect to the police station's network. The ECPA is there exactly to protect people like that: the police station's signals are "readily accessible", and there is no way for someone not knowledgeable to even prevent his client from accessing the police network - the person probably wouldn't even know.
January 30th, 2005, 06:34 PM
What in the... Why?
edit: Seems theentropy deleted his post about wanting me to crash in the car and die next time. So disregard the above.
Negative, thanks for the insight on that Was not aware that Access Points that were improperly configured to allow full outside access could be viewed as legal. Does it cover just the ignorance of the user accidentally connecting, or also the one who knows it shouldn't be open?
January 30th, 2005, 07:16 PM
January 30th, 2005, 09:49 PM
Thanks for the clarification here, Neg. I always was kinda wondering if the 3-way handshake was allowable or not. Now I know.
The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare
January 31st, 2005, 10:13 PM
Better safe than sorry.
"Timmins, who works as a network engineer, and his then-roommate Adam Botbyl, now 21, initially stumbled across the unsecured wireless network at the Southfield, Michigan Lowe's in the spring of 2003, while driving around with laptop computers looking for wireless networks - the geek sport of "wardriving".
Timmins immediately used the network to check his email, not knowing that it wasn't intended for public access, he claimed in an a telephone interview with SecurityFocus on Thursday. Then when he tried to surf the Web, and found himself connected to a Lowe's corporate portal instead, he realized it was a private corporate network, and he disconnected"
Cyberlaw lawyer Jennifer Granick, director of Stanford Law School's Center for Internet and Society, agrees with the government that Timmins' is likely the first wardriving conviction. But she isn't convinced that he actually committed a crime.
"Using an open wireless access point isn't the same thing as using a computer illegally," says Granick. "Convictions for this type of thing are possible where it's part of a larger criminal case, but it shouldn't happen in the absence of some other criminal purpose, like stealing credit cards, or knowledge that the network is closed. Wardriving isn't criminal."
"All he did was check his email and try to browse the Internet," said Botbyl. "That's the only connectivity he had with their network. He didn't do anything at all... I think the only reason they charged him is because they arrested him."
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
January 31st, 2005, 10:42 PM
And he's supposed to be a network engineer. Holy f***. More like he didn't think it belonged to someone who would notice or catch him.
Timmins immediately used the network to check his email, not knowing that it wasn't intended for public access,
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
January 31st, 2005, 10:56 PM
According to the local stories, (I live just up the street), they did a lot more than check email.... The stories state that they were messing around in the Lowes system and that the type of activity would be considered criminal and had done it over several connection periods, (I forget exactly what they had been thought to be doing).
Now, if Lowes finds itself in the position of not being to produce logs or any other evidence of what these two did or that these were the same two that had made previous connections where criminal activity took place, (I'm led to believe that might be the case since these two seem to be making a case that they did nothing but collect email), then I have no sympathy whatsoever for Lowes. Lowes counts it's worth in terms of Billions and has significant assets to protect - even if it is only my CC number - Yet they managed to implement a completely open WAP???? I work for a non-profit and we have NO cash but i would be able to show the LEO's when, where and how the criminal activity came from..... It's all in the logfiles and my logging system is all open source.... How hard is that.....
Lowe's, if you are reading this I will accept employment as your Computer Security Officer.... Salary is negotiable though far from "cheap".... But you won't be walking into a courtroom with no evidence....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
January 31st, 2005, 11:34 PM
I think the other key item that could be used against the kid who only checked email was 'use of service'. Lowe's doesn't pay for bandwidth for other people to use. Did they fail to protect themselves? Certainly. But do we all realize the case laws behind those Security Warnings we all get popped with when we log on to corporate systems? "This system is solely intended for the use of Acme Corporation employees blah blah no expectation of privacy blah blah approved acceptable use only." By the letter of the law/policy, you could possibly lose your job just for posting on AO from work, if it's prohibited, for improper use of company resources. No wonder people want to string up all the lawyers.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore