Last week a few managers within Emagined Security, myself included, were discussing possible new consulting services that our company might offer. Although we currently offer wardriving services, I suggested that we also move into the area of warchalking. Then our CEO, David Sockol, did a little Googling and came up with all kinds of wireless war—- terms. Let’s take a look at them:
The most general war—- related term is netstumbling, which means “running into” a wireless network by receiving signals from the network, generally by using either a laptop that has a wireless network card or a Personal Digital Assistant (PDA). .However, a Pringle’s can and a metal coat hanger have also been used as antennas in netstumbling many times, and they work remarkably well. To the best of my knowledge, Howard Fuchs of Germany still holds the record for non-government spy agency-related netstumbling with a distance of 75 miles! (Howard was arrested by the German police afterwards, but then charges against him were dropped later.) Ministumbling is the same as netstumbling, except that in the latter only very casual, non-systematic attempts to discover wireless networks are made.
Wardriving is trying to find wireless networks by riding in a moving vehicle. Wardriving is a frequently performed activity that is often part of penetration testing. However, many instances of computer crime (such as the well-publicized Lowe’s and TJX data security breach incidents) have also begun with wardriving. oCmputer criminals favor wardriving to other types of netstumbling, because being in an automobile makes their illicit activity less noticeable.
Two kinds of activity, warbiking and warwalking, are closely related to wardriving. In warbiking one looks for wireless networks while riding on a bicycle or motorbike. In warwalking one simply walks around with a laptop or PDA to pick up wireless network signals.
Warchalking is a little bit like warwalking in that someone must walk around the area in which wireless signals are being transmitted to conduct this activity. The big difference is that in warchalking, the perimeter of the wireless network signals’ transmission is identified and a piece of chalk or a marker pen is used to physically mark this perimeter.
In the past I’ve engaged in some of these activities in connection with penetration tests or vulnerability assessments. It’s funny how sometimes chief security officers (CSOs) are so unaware of how far their organizations’ wireless network transmissions go and how many people could potentially gain access to them until simple netstumbling is performed by a third-party service provider. I have found that warchalking is particularly useful in that looking at the actual physical boundary of wireless transmissions often serves as a poignant wake-up call to CSOs, CIOs, and other managers within an organization. Seeing is believing. Drawing the boundary on an aerial view of a building and its premises is almost as effective, but not as effective as seeing a chalk line (the thicker, the better!) around the wireless network boundary and then walking around it.
With tongue in cheek I suggest “war whatever” as a general term to describe all these different types of activities. Somehow, I don’t think that this term is going to catch on. But whatever you call these warxxxx-related activities, you should make sure that they are regularly and systematically performed. After all, wireless networks have become one of the biggest and easiest to exploit targets of computer criminals.