There’s war-driving, war-flying, war-walking and war-jamming. “Sniffing” for 802.11b, or Wi-Fi, wireless LAN access points (AP) seems to be gaining popularity among a small niche of hobbyists, who also enjoy posting news of their exploits online.
Since wireless LAN APs broadcast in the unlicensed 2.4-GHz frequency band, they are easy to pick up by anyone who shells out less than US$100 for a wireless LAN card at an electronic discounter and spends roughly the same amount on a Global Positioning System (GPS) receiver and free sniffing software from the Web.
Most wireless LAN sniffers are hobbyists who only like to engage in electronic scavenger hunts in their local area. But, analysts warn, the same tools used by hobbyists are now readily available to hackers and corporate or foreign espionage agents looking to exploit unprotected networks.
The result: a new vocabulary (with its roots in a 20-year-old movie) that enterprises would do well to learn. The new terms being bandied about now include the following:
Wireless LAN war drivers routinely cruise their immediate areas in cars equipped with laptops loaded with a wireless LAN card, an external high-gain antenna and a GPS receiver. The wireless LAN card and GPS receiver feed signals into freeware, such as NetStumbler, which detects APs and their identifiers along with their GPS-derived locations. NetStumbler also automatically detects whether or not built-in Wi-Fi Wired Equivalent Protocol (WEP) is turned on or off.
More malevolent war-drivers may use Kismet, a tool designed to crack WEP.
The term war-driving is derived from the “war-dialing” exploits of a teenage hacker in the 1980s movie War Games who has his computer randomly dial hundreds of numbers and eventually winds up tapping into a nuclear command and control system.
As recently as May, a U.S. Defense Department agency was found to be vulnerable by a “sniffer” who found a security hole in the agency’s wireless network.
Think of it as war-driving, but on foot instead of in a car. The NetStumbler Web site offers MiniStumbler software for use on Pocket PC hardware, saving war-walkers from toting around laptops. War-walkers like to use MiniStumbler and Pocket PCs to sniff shopping malls and big-box retail stores.
Just as the name implies, it’s sniffing for wireless networks from the air. The same equipment is used, but from a private plane. Just last month, a Perth, Australia war-flyer recently picked up e-mails and Internet Relay Chat sessions from an altitude of 1,500 feet on a war-flying trip.
Taking over a network connected to an unsecured AP and using it to inject spam into the Internet. Although there has been much speculation about wireless war-spamming in the hacker community of late, no egregious instances have yet been reported.
War-jacking or Air-jacking
Knocking out a real AP with a denial-of-service attack and then setting up a new AP that will serve as a new hub to devices that homed on the legitimate AP.
The systematic practice of marking and mapping nonsecured Wi-Fi 802.11b wireless APs throughout many of the nation’s major metropolitan areas. The FBI this summer sent an e-mail to private-sector members of the local FBI Infragard chapter in Pittsburgh, warning them of war-chalking — the physical marking of a building or facility to denote an open wireless AP.