Just driving by
- 21 November, 2001 13:02
Strolling through Sydney's IT corridor with a laptop in hand, not even Sherlock Holmes would have suspected we were peeking into surrounding computer networks, even collecting user passwords on the way.
The easy-to-carry laptop can become more like a concealed weapon if used against companies without encrypted local area networks (LANs). I soon realised this so-called investigative assignment', to engage in drive-by hacking, could have been undertaken by a rebellious adolescent as a school-yard prank because the level of IT skill required was minimal.
We were on a mission dubbed war driving'; basically we were engaging in the practice of cruising the streets looking for wireless LANs. A laptop-carrying hacker just needs to be in the vicinity of a network's access points to hook up.
It's difficult to term the assignment a success, because while we managed to scan 43 access points with very little effort, it also revealed real negligence on the part of the system administrators charged with protecting these networks.
We stopped for coffee to check the hit rate, and with the laptop nearby I expressed concern about being noticed, but the hacker assisting with this assignment assured me we were totally anonymous, and who would question us anyway?
Indeed, we were inconspicuous, just sipping coffee and talking, an unremarkable event these days to be carrying a laptop or even using it in a coffeeshop; many business meetings are conducted in just such a way.
And there was little else to do, while we waited for the laptop to scan for access points. All the real work was completed before we stepped out onto the street. This included obtaining a laptop with a wireless LAN card, downloading free software from the Internet and adding a Magellan GPS tracking device just for good measure.
Off the street and into the car it was even easier - our hit rate was much higher and the signals even stronger. Reporters' notebook in hand, I tried to record each hit as the back-seat, war driving hacker kept up a running commentary of connections.
His repeated announcement that "we've got another one" showing on his laptop screen soon became a chant to the point that I was unable to keep up with the speedy success' of our assignment.
We were collecting hits at least every 60 seconds, which made it a pretty fast-paced exercise. Surprisingly, these were not standard local businesses that permitted access, but some big-name IT companies and financial firms.
The hacker accompanied each announcement with either user password details or "encryption off so we don't have to do anything to get into that one except log on".
Alarmingly, only seven of the 43 access points scanned were encrypted.
To keep the assignment legal we refrained from going further, though this would not have been overly challenging, the hacker said. But the point had been made - the LAN was unprotected, we were able to go behind the firewall and were in a position to hack from inside the organisation.
Obviously, I have no intention of listing the vulnerable companies here except to say the assignment was a lesson in simplicity.
Even after we had proven our point, the software continued to record hits. There we were back at the office parking the car and from the back seat I could still hear "we've got another one". The exercise was too easy to believe it "doesn't happen", and as my partner in this assignment assured me it would be "naive" to think otherwise. We all decided to throw this assignment in the too easy' basket and agreed they do tell lies in Hollywood movies. Those exciting portrayals of hackers as the creative genius up against mighty, protected companies with diligent systems administrators are a far cry from reality, although it does make for good screen action.