Frank Fiore – Novelist & Screenwriter

March 3, 2010

The WarDriving Scenario

Filed under: CyberKill — Frank Fiore @ 12:42 PM

The vulnerability of wireless connections plays a key part in my new novel CyberKill. WarDriving is one such vulnerability.

Date: March 2002

Place: Harris County, TX

Security Threat: County Computer Network

The District Clerk of Harris County, Texas was in for an unexpected surprise. Based on a demonstration by computer security analyst and upon the recommendation of Steve Jennings, head of the county’s Central Technology Department, District Clerk Charles Bacarisse shut down the wireless computer network in his office. The computer security analyst had met with Jennings and used a laptop computer and a $60 to $75 wireless card to show him how to tap into Bacarisse’s system by ‘wardriving’.

The security flaw in the County’s wireless network created a dangerous potential for vandalism – or even more serious problems. Someone with just an 802.11 device and sniffing software such as NetStumbler and using the practice of wardriving, could gain access to the county’s system and use it as a platform to hack other systems, including those of government agencies and businesses, leaving few traces of whom they were.

Once tapped into the county system, a hacker could conceivably send e-mails appearing to come from county officials that could not be traced to the true author. Just as worrisome was the potential for someone to crash county computers, re-route printers, change, alter or delete records, or post illegal material on one of the County’s network computer servers.

Anyone with a laptop computer can buy a wireless card, slide it into a laptop computer and use easily obtainable software to scan for and capture radio waves linking computers on a wireless system gaining complete, unfiltered access to the network.

The practice is called “wardriving”. Essentially, wardrivers use the wireless signals to ride into a computer network. What many organizations cease to understand is that the wireless signals emanating from their network are not confined to their offices. These signals can easily pass through their office ceilings, walls and floors. As many incidents have shown, an unauthorized user could gain access to a wireless network by simply standing across the street or from an office above or below the organization in the same building.

A perfect example is the large retailer Best Buy. Some Best Stores use cash registers with wireless networks that beam data — including credit card numbers — to a central computer elsewhere in the store. But a wardriver can sit in a store’s parking lot and “listen in” to the data. Once alerted to this security breach, Best Buy shut off wireless cash registers at its stores.

The practice of “wardriving” is simple: All a hacker needs is a device capable of receiving an 802.11b signal, a device capable of locating itself on a map, and software that will log data from the second when a network is detected by the first. You then move these devices from place to place, letting them do their job. Over time, you build up a database comprised of the network name, signal strength, location, and ip/namespace in use. The network is then open to illicit use.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: