Warchalking? I’m for it. I think it almost qualifies as a public service. No, I don’t trust the hackers who ride around with antennas made from coffee or snack-food cans, mapping out wireless access points to corporate networks. They’re looking for ways to connect to our networks without authorization, so by definition they’re not to be trusted.
But when those hackers mark the locations of wireless networks with chalk on the outside of buildings, that makes our work easier.
It removes any possible argument against better wireless network security.
Face it, security costs money. And like a lot of other things corporate IT departments should be doing, wireless network security isn’t in the budget this year. And CEOs won’t be in any rush to approve it for next year either.
That means far too many IT shops are depending on the time-honored strategy of “security through obscurity.” We all know how that kind of wishful thinking goes: Maybe, if we’re lucky, no one will notice any unsecured wireless access points in our networks.
Warchalking demolishes that strategy. Warchalking advertises wireless access points for all the world to see. And hosing off the chalked-up wall won’t even work as a stopgap measure, because if you leave the security hole in place, the warchalkers will return — again and again.
So, what do you do when you discover warchalking symbols on or near your company’s
facilities?
You get a camera — fast, before the maintenance guys get a chance to clean it off. You take lots of pictures: close-ups so the chalking is clearly visible, longer shots so there’s no doubt whose wall those chalk marks are on.
Next, you take those pictures to your CEO. You explain that this isn’t ordinary graffiti. You explain, as simply as possible, what it is — a sign letting hackers know that your networks are ready and waiting to be compromised.
You point out that cleaning it off won’t really help because the hackers already know where your wireless nets are — and if you don’t secure them, they will be hacked.
Then you bullet-point your plan for wireless security. That includes how you’ll inventory your site’s wireless nets, what tools you’ll need and what it will cost.
Finally, you ask for your CEO’s full support on this. You’ll need it, because there are probably wireless access points you don’t know about, and you’ll need clout to deal with non-IT managers and executives who really like the wireless nets they’ve slipped into their offices and warehouses below IT’s radar.
Will you get that support and the budget you need to secure those wireless networks? Maybe. But perhaps not at first. You’ll have to be prepared for denial, for blame, for anger. Even if you lay the situation out clearly, you may take a beating for bearing such bad news. This could be your ugliest meeting since the CEO finally realized that Y2k was real and was going to cost real money to fix.
And that’s why warchalking is a good thing. Wireless insecurity a hypothetical — maybe there’s a risk, maybe not. But those Polaroids of warchalked walls are real. The outsiders who made their marks on your facilities are real. And the message they’re sending to the world — “Here’s a ready-to-use hole in this company’s networks” — is very, very real.
When you discover warchalking on your buildings, there’s no longer any question of whether you have a wireless security problem. The only unknowns left are how much time you’ve got before you’re hacked and what you’ll do about it.
That really does make your job easier. It’s proof positive that you do need the extra wireless security budget before it’s too late. It’s a warning that’s impossible to miss and hard for even the thickest, most obstinate CEO to ignore or deny.
With warchalking, the writing is on the wall.
