Wardriving Worries Residents 530
sphynx99 writes "This article describes how residents of an upscale neighborhood in Arizona are worried about wardriving, a "new method of privacy intrusion and identity theft". Nothing to worry about, though; "The Scottsdale Police Department plans to create a cyber-crimes unit next year."
In other news (Score:5, Funny)
Re:In other news (Score:3, Insightful)
Re:In other news (Score:3, Funny)
Attempts for 'fr1st m0d'?
SBC/Yahoo, and their un-holy marriage. (Score:5, Informative)
I post my wireless research here. http://mb.citiwireless.com/ [citiwireless.com]
If you liked what I had to say, please show you appreciation by making a contribution to the FreeNet project.
http://freenet.sourceforge.net/ [sourceforge.net]
Have Fun,
-Steve
Huhhhh, I said marriage. http://www.archive.org/search.php?query=marriage%2 0AND%20mediatype%3Amovies [archive.org]
Re:In other news (Score:5, Insightful)
The Scottsdale residents have UHF video cameras in their bedrooms, and are concerned with people driving around with portable UHF TV's and watching them have wild monkey sex.
Protecting against wardriving is as simple as not using wifi, if you're too stupid to secure it.
Re:In other news (Score:5, Insightful)
Scottsdale residents are actively broadcasting wild monkeysex. But want to arrest and sue anyone who actually looks at it.
If you open up your home and invite people in (and that's essentially what an unsecured wireless network IS), don't be surprised if they see something you wouldn't want them to see.
Now if they crack your WEP key, etc. THEN you have a right to bitch.
Otherwise STFU!
Re:In other news (Score:3, Insightful)
Because you don't go around screaming "MY DOOR IS UNLOCKED! COME ON IN!", which is what broadcasting an unsecured wireless signal is.
You're pushing signal out into public airspace. So don't be offended when someone actually makes use of your "exhibitionism".
Re:In other news (Score:5, Informative)
Re:In other news (Score:2)
Re:In other news (Score:4, Interesting)
Re:In other news (Score:3, Interesting)
Re:In other news (Score:2, Flamebait)
If protecting against wardriving was as simple as closing your blinds, then it wouldn't be an issue.
Your analogy is false; someone would have to go to considerable effort to foil a thermal imaging camera. With wardriving, however, one can enable WEP and the problem is solved.
And don't tell me that this is beyond the savoir faire of Joe Sixpack. Enabling WEP involves checking a box, and entering a passphrase, on a web admin page. About the same level of difficulty as sending an email.
Re:In other news (Score:5, Informative)
If only that was true....
Setting up WEP at the router is that simple. However, if you're relying just on the passphrase, then all of your 802.11x equipment had better come from the same vendor. If not, you have to realize that the passphrase is converted into four key strings, and type that randomly generated key into each computer on your WiFi system.
For some reason, non-geeks just can't make that connection and all they know is that when they turn on WEP, things don't work.
Re:In other news (Score:5, Interesting)
If these are the problems I, as an IT professional, am having, I only cringe to think of what that non-geek is going through.
Re:STOP blaming the user (Score:3, Informative)
Have you bought a Linksys, Dlink or Netgear product recently? If you did or plan to, RTFM, and you'll see that they offer next to no technical information any more.
Even their included
Re:In other news (Score:3, Informative)
I think maybe ehack doesn't completely understand that the purpose of a lock isn't to keep everyone out. It is to *deter* theft. If a thief really wants to get into your house (or into your computer), they will find a way. But if you raise the level of difficulty or the chances of getting caught, most thieves will look for an eas
Finally (Score:2, Insightful)
Maybe I am in the minority but I see stealing bandwidth, the same way as stealing movies off line, it seams like you hurt no one, but you are still stealing, no amount of justifying is going to change that
Re:Finally (Score:4, Insightful)
Some people intentionally set up APs and leave them open because they want to. SOME of the open APs out there were intended to be used. If you don't want anyone to use your connection, don't leave it open. You're broadcasting signals into public areas. If you don't secure your network, you have no grounds to complain if someone uses the signals that you broadcast into public areas.
I use WEP and MAC filtering on my network. It took 2 minutes to set up. There is no reason why other people can't.
Copyrighted material is never intended to be downloaded from the internet without the permission of the copyright owner.
BTW, how many fucking times do we have to say it? Copyright infringement is not "stealing", it's illegal, it's wrong, but it's not "stealing".
LK
Re:Finally (Score:5, Insightful)
Re:Finally (Score:5, Insightful)
Obviously PigPen could have ignored me. Or told me to go check myself. There was no requirement he answer my query. Same goes for any transaction that happens on the public airwaves -- like the wireless networking bands. I'll go so far as to say that MAC spoofing, or hacking the WEP key is definately wrong... But unless an open network is considered to be open am I liable if my linksys wireless nic connects to your default-settings linksys wireless hub instead of my default-settings linksys wireless hub?
Re:Finally (Score:3, Insightful)
If I hang a big neon sign on my garage, shining down on my driveway that flashes PARK HERE periodically, what am I doing except granting explicit permission to everybody who sees it to go ahead and park in my driveway?
Nice for YOU to be the judge of what is stealing (Score:3, Insightful)
Of course we're wardriving, you dolt! (Score:3, Funny)
[pause while cybercrime squad relaxes]
D'ya know of any we could join?
<G/D/R> (-: Grin/Drive/Rapidly
Re:Finally (Score:5, Interesting)
Re:Finally (Score:3, Funny)
Re:Finally (Score:3, Insightful)
I agree that it _sounds like it to you_. I and countless others have tried to explain the actual difference which is enshrined in the law of your country for _how_ long now?
Honestly, it's like trying to teach quantum physics to a guppy.
Stupid people (Score:5, Insightful)
Re:Stupid people (Score:5, Interesting)
A buddy of mine just had his neighborhood incorporated in the local city, they put in sewers, lights, and he can now use the local firedepartment and police, but his property tax went up. Was it worth it? Septics only cost a couple hundred to empty. Now, they charged him 20K, and he HAD to pay it. (And not including the money to hook upto the sewer, another 10K for pipe work.)
OT, speaking of Scottsdale, I almost hit a freaking Gatsby [gatsbycars.com] that ran a red light. And the lights are backwards compared the reset of phoenix. What a freaking wierd city.
Hmmm... WEP Anyone? (Score:5, Insightful)
Re:WEP? HAHAHAHAHAHAHAHAHA (Score:5, Interesting)
The only risk you have is your neighbour (no sane person will wait for a gig outside your house).
MAC-filtering can also be effective, although you could still suffer a DoS attack from someone who has cracked your WEP, but that's just a friendly remainder to change your WEP.
Of course, the best would be to use WPA[2] combined with a logon service like NoCatAuth, where you effectively kill all routing unless they authenticate.
For Joe Schmoe WEP suffices.
Re:WEP? HAHAHAHAHAHAHAHAHA (Score:5, Informative)
Re:WEP? HAHAHAHAHAHAHAHAHA (Score:5, Insightful)
Do you lock your door? (Score:3, Insightful)
Re:WEP? HAHAHAHAHAHAHAHAHA (Score:3, Interesting)
I think that eventually I'll set up firewall rules such that people without a VPN key will be able to websurf at very low rates, which should keep people from fucking with my wireless network entirely. As it is, I have it set up such that only VPN connections are allowed so no one can use it
Re:WEP? HAHAHAHAHAHAHAHAHA (Score:3, Informative)
Not sure about US law (or realy even the local ones) but they tend to distinguish between stuff the owner has / has not attempted to secure.
ie if the doors and windows are locked, and you bypass them to get in, it is break-and-enter, but if the door is not locked, it's different.
Turning on WEP could be seen as locking the door - if you are determined to get in it won't really stop you, but it is illegal to enter because the owner has tried to stop you/informed you they do not want you to get in.
repeat after me (Score:5, Informative)
now connecting to their access point and using their internet/network for whatever... that might be, i am not a lawyer, so i cannot say. what i do know is that RF signals are not owned, for if they were i could sue for criminal trespass when the other guy's signals cross my property.
Re:repeat after me (Score:2)
Just monitoring beacon packets? Yes, that's legal.
Monitoring all traffic (e.g. running kismet with logging on), not legal, it's a violation of the Federal wiretapping laws.
it's called eavesdropping (Score:2, Interesting)
"ownership" has nothing to do with it; its whether the communication is conducted via a method the user has a "reasonable expectation of privacy" using. "That someone isn't going to go park outside my house with a cantenna, and a laptop equipped with software specifically configured to listen for and capture traffic" is most certainly "reasonable", nevermind they have to be fully aware it's possible for others to very easily listen in. If you're intentiona
Re:it's called eavesdropping (Score:3, Insightful)
In all cases, including "wardriving", there is no legitimate reason to collect the information or listen in. It's none of your goddamn business.
That's an opinion, not a fact.
the law is not based on whether or not they think their little "hobby" should be legal or not- it's based on decades of case law.
Certainly; but the law, in a roundabout manner, is a representation of what the people deem acceptable behaviour. Therefore, what the law should be is very germane for discussion. To argue otherwise
Re:it's called eavesdropping (Score:3, Insightful)
The whole issue would probably be moot if they had just set up encryption in the first place. People need to be educated on this. I'm not sure how much of a part the wireless makers are taking, I don't remember much in the documentation, it should be on the "quick start" pages, but it usually isn't.
Re:it's called eavesdropping (Score:5, Interesting)
That's a standard that the existance of the concept of wardriving shoots a nice big hole through...
A wide-open 802.11x access point can be seen as an open invitation onto that network. Afterall, there are many public places that intentionally set their networks to be wide open in order to encurage use by visitors/customers.
The lack of intent doesn't have much to do with it... if you set up a wide open network, you're giving an internationally recognized signal. One should know the customs of what they're dealing with lest they unintetionally make such a signal.
Re:it's called eavesdropping (Score:3, Insightful)
Re:it's called eavesdropping (Score:3, Interesting)
> listen in. It's none of your goddamn business.
I operate a bunch of 802.11b 2.4ghz access points in my area ( somewhere in the order of 6 ), a couple of connections commercially but mostly for employees / acquaintances of our company with an assortment of antennas and gear.
We also operate a fair bit of Trango gear in the 5.3Ghz and 5.8Ghz spectrums, the fundamentals are the same.
Scoping out who
Re:it's called eavesdropping (Score:3, Informative)
...we disagree with the trial court's reasoning that the cordless telephone conversations were not private because of the ease of their interception. Such reasoning would erode the right to privacy as technology advanced to create simpler ways to intercept private communications of all types. ... "[f]undamental rights should not be sacrificed on the altar of advancing technology."...we do not believe that Joanne Stone's use of a cordless telephone clearly and unequivoca
Re:it's called eavesdropping (Score:3, Insightful)
Re:repeat after me (Score:4, Insightful)
Re:repeat after me (Score:3, Interesting)
Re:repeat after me (Score:3, Insightful)
Re:repeat after me (Score:3, Interesting)
Re:repeat after me (Score:4, Interesting)
Re:repeat after me (Score:3)
It is perfectly reasonable to assume that you do have permission to use their "private" equipment if said equipment is wide open to the world and broadcasting its presence on public airwaves, since many people set their equipment up this way intentionally.
Re:repeat after me (Score:3, Insightful)
No you're not. You're legally making a regulation-compliant transmission on a public frequency, and legally receiving a reply on that frequency. Not only that, but the reply was specificly addressed to you, so you aren't even eavesdropping.
The probe request itself that you are talking about isn't even an attempt to gain access to anyt
Bleigh (Score:5, Interesting)
Why should the poor pay taxes to subsidize all these extra expenditure made for the sake of those who are wealthy?
I'm talking about those in the bottom of the scrap heap here. Those who don't even have computers, Joe Sixpacks.. like.. Homer!
Now, why would Homer have to pay more taxes so that Burns can have a safe wireless lan?
Those people who buy a wireless router should pay for a tax at time of purchase!
Re:Bleigh (Score:2, Insightful)
Re:Bleigh (Score:2)
Because that's how America works. It's the same reason my tax dollars go to those idiots who live in hurricane alley and need to rebuild their house for the 4th time.
'tampering' wifi signals? (Score:3, Interesting)
So on what basis are the residents reporting incidents? Or is it just upscale residents reporting scruffy people in beat up cars? (which is not necessarily a bad thing)
Re:'tampering' wifi signals? (Score:2)
Re:'tampering' wifi signals? (Score:3, Informative)
Re:'tampering' wifi signals? (Score:2)
Re:'tampering' wifi signals? (Score:5, Interesting)
It's ridiculous, and wireless router manufacturers should make it mandatory to choose passwords and security phrases. Simply resolve all internet access to the internal configuration page until the router has been successfully configured.
Fools... (Score:5, Insightful)
Re:Fools... (Score:2, Insightful)
Take for instance I lock my car doors all the time, at night I park in my churches lot (you think people would have a bit of respect for a house of worship) well 2 Sundays ago I find that over night my car radio was stolen, they brock into the car via the close window, while the car was parked in the churches lot. People who want to break the law are not going to be stopped by locks or web and mac address filte
Re:Fools... (Score:5, Funny)
I suppose the police chief could get into trouble for it, but it would be really funny if an officer went around to each complainant with a 10-year-old kid and told them, "We're here to help secure your WiFi." "Sure, officer, but why's the kid here?" "Oh, he's the WiFi security expert. I'm just driving him around because he's too young to drive himself..."
maybe... (Score:5, Insightful)
Maybe they could actually set up their access points properly. It's not hard. Even WEP is far from trivial for a wardriver to get past- they'd have to camp out and wait for "weak" packets...except for certain specific AP's that have faulty WEP key generation. The owner's manuals now cover turning on WEP/WPA quite nicely, have for years, and most of the glaring problems have been fixed long ago as well.
What's next, people complaining about all the crime in their neighborhood but not locking their goddamn front doors? Oh...check [metrowestdailynews.com].
Re:maybe... (Score:3, Insightful)
The entire idea of WEP is horrible from a user-friendliness point of view. Here's just 1 example of how it could work better. I'm sure an actual HCI person could come up with something much better:
1) Plug in router.
2) Read instructions, which is a sheet of paper with minimal steps to get Windows to connect to the router. The *unique* name of the router is mentioned on the paper. (perhaps deter
A better way... (Score:2)
Get to work, geeks! (Score:5, Interesting)
Geeks living in that area should consider advertising their services. Improving computer security and making money while doing it sounds like win-win situation to me.
If... (Score:2)
Police business? (Score:2, Insightful)
A quick look at the Scottsdale yellow pages reveals a great many business that offers such a service... and the costs would not be large.
To think that the concern is coming from "residents of an upscale neighborhood" is especially humourous.. or bothersome, depending on how you look at it. I'm betting that they are spending big $$$ securing their homes.. but would balk at payi
Is it illegal to tell people? (Score:2)
It'd be hard for them to say no, so... kinda easy money, or is there some kind of law that states I have an obligation to tell someone if something is wrong (although I'm sure there isn't.. for techonlogy.)
Re:They'd probably call it extortion (Score:2)
Hm, nope. I didn't say that. I'd simply walk away and say with a smile, "have a nice day!"
How are people supposed to know? (Score:3, Insightful)
If wardriving is a crime, how are people supposed to know which AP is the place offering free wifi and which is an ignorant home user? (other than the ESSID, which if the home user knows how to change, will probably be able to prevent it in the first place)
This seems to me to be another case of the naive shifting responsibility to others...
Simple solution (Score:2)
Why worry? (Score:2)
Aside from breaking into network shares, I do not see a major threat really -- wouldn't want any bad hackers to have access to the shared Music drive
All financial transactions done over the Internet use some form of data encryption, so someone sniffing in on the network would just get a bunch of garbage.
Whatever man.
The roots of wardialing... (Score:2, Informative)
http://en.wikipedia.org/wiki/Wardialing
While Wargames popularized the practice (among geeks anyway) it was not the origin of it.
So we've established (Score:2)
Are we going to start seeing lawsuits against the manufacturers of WiFi hardware that ships with weak security configurations? That's about the only eventuality which will trump the need for companies to cater to the stupidi^Wlowest common denominator.
A better approach.... (Score:5, Insightful)
A community service, for sure. And since it's offered by the local PD, it would make the average user realize how important it is...
-ch
-1 Redundant Legislation (Score:2)
Federal prosecutors in Charlotte, N.C., said the men found an unprotected Wi-Fi access point at a Lowe's home-improvement store parking lot in suburban Detroit, using wardriving tactics to steal credit card numbers from the retailer.
So we need these laws because the credit-card-fraud lobby has kept the practice of stealing people's card info perfectly legal for far too long...
buzzword FUD (Score:2)
Seeing as how they were in the parking lot, I don't reckon they were using "wardriving tactics", eh? I think they were just plain hacking at that point, but I guess that doesn't sound scary enough.
Good Lord... (Score:5, Insightful)
Yes, it's so impossible to look out in front of one's house! Whatever will we do?
Really, I see how this can be a problem. But, that was possibly the worst way of detailing why it is one.
Re:Good Lord... (Score:5, Funny)
Yes, it's so impossible to look out in front of one's house! Whatever will we do?
I see your point, but you're forgetting that the canny wardriver doesn't set foot outside his garage without the cloaking device activated...
WEP encryption (Score:2)
Well, that's proof enough for me! (Score:2)
According to the Scottsdale police report, the Stonegate resident who granted access to a suspect in August noticed a charge to an online store on his American Express card.
I saw an EVIL HACKER using his computer on the corner, and then someone stole my credit card number!
It will be amusing or depressing to see how a prosecutor (and a j
Hire more police? Plenty of out of work coders. (Score:3, Interesting)
Technical explanation... (Score:5, Informative)
This is a radio transciever operating completely within legal regulations.
If you don't want me to listen to your router's packets, don't transmit them.
If you don't want you router to respond to my 'specially crafted' transmissions, then tell it to ignore me.
Of course, it's far more complex than that, but current law does not seem to apply to this on the surface. It may apply to your actions once you are using their resources, but only marginally.
-Adam
Several observations (Score:5, Insightful)
Words from a Scottsdale resident ... (Score:5, Interesting)
It's easy for us geeks to shout from the rooftops to just lock it down, but we are dealing with people who think putting a key inside a fake rock is a safe way of not getting locked out of their home. I am surrounded by Joe Sixpacks and Barbi Braindeads. They have no clue and no amount of education is going to fix it.
Here is an idea -- provide a USB port on the access point and configure them with a random WEP key, no SSID broadcast, and MAC filtering at the factory. Then take a USB key fob to the access point, automagically download the SSID and WEP key, and take it to each PC. The PC can install the SSID and the key, and then download their MAC. Take the fob back to the lan and plug it in to finish configure the MAC filtering. No fuss, no bother, no skills involved.
There, problem solved. No computer can connect until it's done, and the system is delivered secure. Leave the web configuration utilitiy so if someone want's to turn it off to deliver free access they have a choice. That will take skills, or at least someone who can RTFM.
Amazing assumptions (Score:5, Interesting)
Ponder how you might feel if you were a Regular Joe using your WiFi equipment. You read the confusing literature and try your best to secure your WiFi network. But you're not exactly sure if you go it right. Now you find out that there are people out there lurking around in your neighborhood whose sole purpose is to look for unsecure networks and... and you don't know what, but you're not exactly excited to find out what these wardrivers are going to do once they've gained access.
Will they gain access to your network? Maybe, mabye not. But it makes you nervous because unlike most Slashdot readers, technology is not your life. You're just doing your best with the stuff you bought at the local ComputerShack.
In many ways it is like using Windows. You try your best to secure it against malware and spam, yet the stuff still gets in. You've read the manuals and you do your best, but this stuff that was supposed to be easy is not only a pain in the ass, it now can potentially screw with your life.
The worst part is that the Internet is now so tightly intertwined with most people's lives that to do without it is a major inconvenience. True, nobody is forcing you to use WiFi, but you want convenience, and you don't want to be victimized by people who for all you know could have serious malicious intent. You don't know who these wardrivers are, but you do know that they drive around snooping for open networks. Now tell me honestly, if someone were driving around your neighborhood snooping for open telephone lines, and you had no idea whether your telephone line was secure or not, wouldn't be a bit nervous?
Bashing on regular computer users perpetuates the stereotype that technically-savvy computer geeks are elitist snobs who take every opportunity to trumpet their intellectual superiority while taking advantage of the less technically-inclined.
Re:Amazing assumptions (Score:3, Interesting)
Yeah, pretty much, as that's generally the response of J. Random Middle-Class user when regaled with stories of the SRFs crying out for the cops to protect $TOYs. (Say, increased patrols in the rich neighborhoods 'cuz the crime rate is up 3% -- let those ghettos go rot as those folks are all freeloaders and criminals anyway.)
Seriously, wouldn't t
The Unemploid Paranoid System Admin (Score:5, Interesting)
I hung out with him frequently because me and him got along. When he aboned his wifi and went back to ethernet. I asled him what that was about. He mentioned that he was unable to "absolutely secure his wifi network". My rhetoric to him was "Why the %^&** would someone want to sit out on the sidewalk and warjam your wifi? I mean.. what do you matter and why would anyone give a %^&%?". His answer? "The spammers man... they're everywhere and will take whatever they can get. And I run windows here as well as Red Hat". Right answer but wrong again. Sure, we'll be seeing that in says to come, wardriving for network access to attack and then spam
Re:The Unemploid Paranoid System Admin (Score:5, Funny)
Did he get fired for writing a firewall rule that blocked all incoming and outgoing traffic?
Stupid Users (Score:3, Funny)
Let them in (Score:5, Interesting)
Consumer WAP's should operate in this mode by default with a nice wizard to help people set it up securely and easily. Cringely would probably argue you should get a penny per megabyte they transfer.
Educating the public. (Score:5, Insightful)
Just think, people don't really know how to fix their own cars, but they know enough to know what sorts of problems might crop up, and more importantly, enough to do what needs to be done to maintain their cars reasonably well within the limits of what they, as nonexperts, can do. The only reason people know this is that there has been a culture passed from one person to the next of this kind of practical knowledge. Maybe some geeks should do their part to help disseminate the (frankly not very extensive) knowledge necessary to secure home wireless networks.
Geeks Understand Machines, Not People (Score:5, Insightful)
Here's the scoop: If someone's Internet connection is insecure, they will blame you -- the techies -- for not making it secure. Everytime someone starts to preach about "stupid users" getting what they deserve because they aren't running the right firewall or using some software du jour, those "stupid users" are hearing techies recommend cumbersome technical remedies for problems caused by techie failures in the first place.
People want this stuff to be secure when they plug it in. If it isn't, it's your fault, 'cause you make the stuff.
Wireless is insecure. That's not the users' fault. It's your fault. First one to make it secure makes a billion dollars.
Amazing quote (Score:3, Funny)
It's impossible to see, unless you open your eyes!
Re:That's why it's good... (Score:2, Insightful)
Re:That's why it's good... (Score:4, Informative)
if "privatized" = "stupid" then you're right
Re:That's why it's good... (Score:2)
Re:Take precautions... (Score:3, Interesting)
Wardrivers should respect that.
But an AP with no WEP or MAC filtering, and SSID broadcast on, looks like an invitation to use. This is reinforced by precedent: I know of multiple AP's around town configured like this intentionally by their owners for public use.