Driveby Hacking on the Go

Right now, a lot of war driving is apparently still being done just for fun. Driveby hackers catch a bit of free Internet access, or eavesdrop on e-mail. However, if left wide open, the security holes in wireless networks carry the potential for much more serious consequences.

In one Internet newsgroup forum, a war driver recently pointed to wireless LANs, located within a certain retail giant’s distribution warehouses, as good “targets” for testing out driveby hacking equipment.

Lasell College in Newton, Mass., is one of many colleges and universities currently building wireless LANs. “We have one wireless network with two domains: one for faculty/staff, and the other for students,” says Deborah Gelch, Lasell’s director of information technology.

Lasell has used Bluesocket’s solution to give greater bandwidth priority to faculty/staff, as well as to provide them with more access to college resources.

Gelch claims to hold no particular qualms about war driving, per se. “But I’ve definitely had some concerns about students — particularly some of the students in our computer science program, and other sophisticated users. We host a summer computer camp, and this has made me even more concerned. The main reason we’re using Bluesocket is for security. We don’t want students to be able to hack into (the administrative network) through either the wired or wireless side of things.”

Other network administrators worry over the dangers posed by unauthorized wireless LANs on company property. The Gartner Group estimates that at least 20 percent of enterprises have rogue wireless LANs attached to their networks.

ReefEdge’s Gopal equates the rise of these wireless rogues to the wired LAN phenomenon of a couple of decades ago.

“Back then, some miscreants would decide to go out and buy a few 386es, and put up their own departmental LANs. Nowadays, with wireless LAN equipment so easily available, some people are saying, ‘Gee, I want one in my office.’ You, as network administrator, need to embrace wireless, before people inside your company get those rogue access points out there,” Gopal advises.

“Even if you (threatened to) fire them as a penalty, people would still set up unauthorized wireless LANs. All they need to do is pop a card into their PC, and plug an access point into their office wall. It can be very difficult for companies to detect rogue LANs,” agrees Bluesocket CEO Eric Janszen.

KPMG Consulting is one company that managed to find several rogues, although not on its own premises. At its Watford Labs in the UK, KPMG is now working with Microsoft and Compaq on solutions that will leverage Bluesocket technology, together with IPsec, for securing IPAQ PDAs. “WEP places a huge amount of overload on the network, so we’re looking for alternatives,” says Simon Thomason, CT architect for KPMG Consulting.

For the Microsoft TechNet show in Barcelona, Spain, KPMG was asked to set up a conference-wide wireless network supporting PocketPCs. “When we went to do so, though, we found that six of the exhibitors had already put up their own rogue LANs. Their networks conflicted with ours. In the end, their options were either to become part of our network, or not to do wireless at the show at all. Since our network was largely WEP, it took a big hit in performance,” Thomason recalls.

In smaller campus environments, network managers can track down wireless LANs from a central location, using a product like NetStumbler or Airsnort. Products supporting the 802.1x protocol can also be used, although at this point only with Windows XP clients. In enterprises with farflung branch offices, war driving can serve as another way of routing out the rogues.

“Detecting rogue LANs is very important. You shouldn’t try to discourage people in your organization from wireless technology, though. Obviously, wireless is valuable to employees, or they wouldn’t be using it. Instead, you should supply a simple way of plug in to the corporate network from the wireless LAN, while at the same time keeping the network secure,” Janszen recommends.

Jacqueline Emigh is a 12-year veteran of computer journalism. She is currently freelancing for several leading technology and business publications. She was previously a senior editor for Sm@rt Partner Magazine, and before that, a bureau chief for Newsbytes News Network.

Editor’s note: This article first appeared on CrossNodes, an site.