War driving lets hackers take to the road

It used to be that it took a lot of brains and patience to be a hacker, but according to a KPMG LLP advisory issued in July, anybody with the slightest bit of computer knowledge can break into a wireless intranet.

While not, technically-speaking, hacking, “war driving” is a phenomenon in the hacker world that only emerged about a year ago. Based upon the idea behind “war dialling” where a computer is programmed to dial hundreds of sequential phone numbers in the hopes of finding another computer that will connect via modem, war driving is the act of driving around with a wireless-enabled laptop set to try to connect to any non-secure wireless network in the vicinity. Once connected, the war driver can easily launch a denial of service (DoS) attack or attempt to break into the corporate intranet.

And while war dialling, as seen in the 1983 Matthew Broderick movie War Games, could take countless days to find one open line, war driving only requires a fraction of that time. A recent demonstration by Ben Sapiro, senior consultant at KPMG in Toronto, picked up 14 wireless networks during a 10-minute drive along a major downtown Toronto street. Only three of them had encryption turned on. The other 11 networks could be considered prime targets for malicious individuals.

“A lot of people are deploying this wireless technology because of the benefits it offers to their businesses or their homes, but they’re not considering what risks it exposes them to,” Sapiro said.

According to Sapiro, there has not been a report of an attack being launched through war driving, but he added that most companies victimized in this way aren’t willing to come forward and look stupid to the world.

So how easy is it to engage in war driving? Sapiro said all it takes is a laptop computer outfitted with a wireless network card and an antenna. All of the equipment is available at any store that sells computer hardware. On the software end, a quick Internet search reveals no shortage of easy-to-use applications that can search out wireless network access points.

There is encryption available on wireless networks. Wireless networks have Wireless Encryption Protocol (WEP) encryption technology built in, but Sapiro said it is rarely turned on. He added that even if it is, WEP is very weak. People with a good understanding of cryptography methods could slice through WEP.

“Because the algorithm is so flawed, you have to look to the long-term, and that means extra protection on top of that network. WEP is not a long-term solution as it stands right now,” Sapiro said.

The lack of awareness about wireless network vulnerabilities means there could be an incident right around the corner, Sapiro said. On the other hand, this is something that is addressable and can be avoided by implementing proper security.

“The reality is that wireless networks were originally designed to allow you to get in easily,” said Kelly Kanellakis, director of technology for Enterasys Networks in Toronto. “So because of that design criteria, there’s actually an option in the standard that says you can leave your wireless network open to allow anyone to get on it.…It makes me very nervous to know that that option is in there.”

He added that Enterasys has designed its wireless networks to be closed. The company’s customers don’t have the choice to turn encryption off.

The dangers of war driving aren’t limited to small companies not in the technology trade that don’t know any better. According to Kanellakis, at a recent trade show, an attendee walked up to him and said he took a laptop with a wireless card installed and walked up and down the halls of the show. He managed to connect to quite a few of the vendors’ networks.

There are two ways that companies approach security, he said. From a vendor perspective, they can either put it in when they build the system originally, or they can bolt it on after it’s done. Too often in both the vendor and user communities, security is an after-thought, he said. One of the biggest reasons why people leave their wireless networks open is laziness. Kanellakis said it’s the same reason why so many people use the default password on their computer.

“War driving is just a matter of people taking advantage of the fact that people haven’t set any security up. It’s not even a matter of somebody trying to hack through security that’s set up. It’s just there is none there for them to get through,” said Kanellakis.

Many people rely on back-end security to protect their networks, he said. The problem with that is that a hacker doesn’t have to actually log into the server to launch a DoS attack.

“Once you’re on, you can do some pretty serious damage,” Kanellakis said.