A wireless ‘honeypot’ set up by KPMG LLP to monitor wireless hacking and so-called ‘war driving’ activity has revealed that the most popular time to try to access wireless networks is on the way to and from work. War driving is a real-life game where individuals intercept wireless networks. Most do it as a hobby, and in some case to use the network to access the Internet. Others do it for more hostile purposes.
The dummy set-up, designed to appear as a legitimate corporate wireless network, recorded and analysed the activity of users trying to access it. The most popular time for war driving was between 9-10 am, where 24% of probes took place, and 5-6pm where 18% of probes took place. This suggests that people scan for wireless access points while driving in cars, or while on foot or cycling. Virtually no activity was recorded at weekends.
Three separate wireless points were set up at different points around the Square Mile in London, and ran for a week each, aimed at establishing the prevalence of war drivers, free-surfers and wireless hackers. An average of 3.4 probes were detected per working day. Given that RSA Security recently recorded 328 wireless access points in just seven areas in the financial district of London alone*, the research highlights the potential scale of unauthorised wireless access taking place.
Analysis of the probes revealed that 84 percent of those looking for wireless networks simply identified the presence of the network and moved on – typical behaviour of the ‘war-driver’. However, KPMG warns that these individuals were possibly charting maps of wireless access points for future use.
16 percent of probes ended in eventual network access, and three-quarters of those who did access the network undertook activity that would be described as hostile. Deliberately malicious behaviour included attempts to access systems and tamper with their set-up, and attempts to run computer commands that would damage the technology.
RSA’s survey also found that only a third of the networks detected in their financial district research were running special security technology for wireless networks.
“The activity recorded is significant, given the proliferation of wireless networks now being used by companies, and could adversely effect a typical business,” commented Mark Osborne, director of Security Services at KPMG. “The project dispels the myth that all unauthorised wireless activity is harmless. Risks include stealing bandwidth which slows the network down, or actual physical disablement of systems.”
The research showed that hackers appeared to have a less than basic knowledge of computers and networking. But whilst their attempts lacked sophistication, KPMG is warning that it may only be matter of time before they become more literate. It is emphasising that the risks of wireless intrusion include not only deliberate malicious attacks that paralyse systems, introduce viruses and result in data theft, but also ‘free surfers’ slowing the network, or gaining access to data that would breach the Data Protection Act, such as patient or customer records.
War drivers and hackers use normal laptop computers, running freely available software, which can detect accessible wireless networks. By simply clicking a mouse button they can access the detected network. Often, chalk marks are put on buildings or pavements where the wireless node is detected – known as war-chalking – as a marker for other war-drivers.
Tim Pickard, Strategic Marketing Director EMEA at RSA Security, comments, “Once again we are seeing how security seems to have been overlooked in the rush to implement wireless solutions. This research clearly demonstrates the very real dangers involved in leaving wireless LANs wide open to potential hackers. CEOs, CIOs and IT Managers need to understand that any investments they have made in securing their infrastructure can be swiftly negated if the backdoor is left open through the introduction of un-secured wireless LANs.”