Home: www.packetnexus.com
http://www.securityfocus.com/news/192 War driving by the Bay Wireless network hacking turns cyber attack into street crime. By Kevin Poulsen Apr 12 2001 4:57PM PT SAN FRANCISCO--In a parking garage across from Moscone Center, the site of this year's RSA Conference, Peter Shipley reaches up though the sunroof of his car and slaps a dorsal-shaped Lucent antenna to the roof-- where it's held firm by a heavy magnet epoxied to the base. "The important part of getting this to work is having the external antenna. It makes all the difference" says Shipley, snaking a cable into the car and plugging it into the wireless network card slotted into his laptop. The computer is already connected to a GPS receiver -- with its own mag-mount roof antenna -- and the whole apparatus is drawing juice through an octopus of cigarette-lighter adapters. He starts some custom software on the laptop, starts the car and rolls out. Shipley, a computer security researcher and consultant, is demonstrating what many at the security super-conference are quietly describing as the next big thing in hacking. It doesn't take long to produce results. The moment he pulls out of the parking garage, the laptop displays the name of a wireless network operating within one of the anonymous downtown office buildings: "SOMA AirNet." Shipley's custom software passively logs the latitude and longitude, the signal strength, the network name and other vital stats. Seconds later another network appears, then another: "addwater," "wilson," "tangentfund." After fifteen minutes, Shipley's black Saturn has crawled through twelve blocks of rush hour traffic, and his jury-rigged wireless hacking setup has discovered seventeen networks beaconing their location to the world. After an hour, the number is close to eighty. 'People don't believe there's a security problem if you don't prove it to them.' -- Peter Shipley "These companies probably spend thousands of dollars on firewalls," says Shipley. "And they're wide open." "Absolutely huge" Dramatic drops in hardware prices over the last year have made it enormously attractive and convenient for corporations and home user to go wireless, in particular with equipment built on the 802.11 standard - which was popularized with Apple's AirPort, and is now widely used on PCs. But computer security experts say that in the rush towards liberation from the tethers of computer cable, individuals and companies are opening the doors to a whole new type of computer intrusion. "It's absolutely huge," says Chris Wysopal, also known as ""Weld Pond," director of research and development at Boston-based @Stake. The company added wireless auditing to their consulting menu approximately two months ago, after months of laboratory research convinced them that it was a grave problem. "802.11 is inherently less secure than other wireless technology, Wysopal says, "and the way it's being deployed makes it worse." The 802.11 cards and access points on the market implement a wireless encryption standard, called the Wired Equivalent Protocol (WEP), that in theory makes it difficult to jump onto someone's wireless network without authorization, or to passively eavesdrop on communications. But in January, researchers at the University of California at Berkeley published a paper revealing a number of severe weaknesses in WEP that allow attackers to crack the crypto with sophisticated software, and ordinary off-the-shelf equipment. "Hardware to listen to 802.11 transmissions is readily available