With the technological advances in the way we transmit information over the past forty years have come new challenges for security experts. None of these challenges have been more complicated than that of securing information saved on a computer or a network of computers. It seems with every new security measure implemented to protect this information, there is someone who discovers a way of manipulating this new measure to gain access. One of the technological advances that have created a huge challenge for security specialists is the use of wireless internet connections.
Wireless internet connections began in the 1970’s with the creation a wireless network in Hawaii called the ALOHANET, which connected seven computers on four separate islands (Goldsmith). Comparing this system to the ones we use today would show many advances in technology since the creation of the ALOHANET. Though this is the first recorded wireless network put in use, the idea of the World Wide Web began twenty years earlier with a group of scientists in the United States who saw a need for such a network (Goldsmith). With the invention of wireless transmission came the dangers of information being corrupted and/or intercepted by people who did not have permission to access such information and the battle to prevent such actions began.
Today one of the dangers faced by anyone using a wireless connection without the correct security protocols is the act of war driving. War driving has a connection to war dialing which was seen in the 1980s movie, War Games. War dialing is a process of dialing all the telephone numbers in a certain area searching for those containing computer connections via a modem. As a research project, Peter Shipley showed the vulnerabilities in unprotected modems by war dialing phone numbers in the Bay Area of San Francisco in the late nineties (Poulsen). This war dialing experiment led to his discovery of many unprotected modems belonging to banks, hotels, and personal computers (Poulsen). Along with his war dialing project findings, Shipley is believed to be the person who introduced war driving to the world. In July of 1999, he presented the findings of his war driving experiment “to the wider hacker community at DEFCON 9 in Las Vegas” (Berghel).
The idea behind war driving is to locate wireless internet traffic on the 802.11 networking protocols which are used by most internet users and companies. This is accomplished by driving, biking, or walking a heavily populated neighborhood or city streets while using a wireless device such as a laptop computer utilizing various types of “sniffers” to search out vulnerable connections (Berghel). Upon discovery of an available unsecured network, the war driver (biker/walker) will be able to connect to the internet service of the unsecured wireless connection. Once entry is gained to the network, the war driver could have access not only to the internet but also the other computers using the connection. This presents a security risk to any personal information contained on the computer, and also a risk of the war driver performing illegal activities while connected to the wireless internet connection.
With the practice of war driving come the risk of having personal information such as social security numbers, credit card numbers, and banking accounts falling into the wrong hands. In August 2008, there was an indictment for eleven criminals charged with stealing bank card information from several large companies in the United States by the Justice Department (Molvig). The individuals charged were believed to have gained knowledge of the vulnerabilities of these companies using the war driving technique, thus enabling them to bypass security within the vulnerable computer systems and install programs which would gather bank and credit card information (Molvig). Most criminals conducting such an operation do not intend to use the information gathered for their personal use. Instead, the information is sold to other individuals or criminal organizations that will use the information for purchases and other fraudulent activities (Molvig).
This is not only a problem for companies within the United States, this is an international problem. The eleven people charged with the crime included a person from of an unknown citizenship, one person from Belarus, two Chinese, three Ukrainians, three United States citizens, and one from Estonia (“Card”). The estimated number of credit or debit card numbers stolen was forty million (“Card”). Consumers do not expect to have their information stolen when dealing with reputable companies such as these when purchases are made in person rather than online. This shows the need not only for individuals to take measures to ensure their own safety, but also the need for companies to have security measures in place to prevent such activities from happening.
Another way for war drivers to cause personal damage is by using vulnerable wireless internet connections for illegal purposes. One of these illegal activities is the transmission and receiving of child pornography. Greer McDonald of the Dominion Post states, “Thousand of Internet users are at risk of becoming embroiled in child pornography trafficking because of insecure security settings on their wireless connections.” In Idaho a man was charged with owning a laptop which contained child pornography, of which he admitted acquiring by the process of war driving while he was at work making deliveries (Gates). It is stated in Gates article that people use war driving as a way to “mask illegal activity.” Though the use of the internet by this criminal in Idaho did not directly affect the owners of the internet service he accessed through the unsecured wireless connections, it gave him a way of going undetected increasing the chance of future criminal acts.
The act of war driving is a criminal offense and prosecutable by law, but war driving could also be made use of by companies to ensure the security of their wireless connections. For example, a chain of convenience stores that may use wireless internet connections to monitor inventory, sales, employee time cards, and other miscellaneous operations associated with business may benefit from the use of war driving by the information security officer ensuring that their various locations are not accessible by someone unauthorized. While not all war driving operations conducted are of a malicious intent, the examples of credit fraud and child pornography are strong reminders as to the importance of wireless security measures.
There are steps one can take in attempt to prevent such activities from occurring. The first step to take in securing a personal wireless connection would be to follow the instructions set forth by the wireless modem manufacturer (“Criminals”). By following the manufacturer’s instructions you are ensuring not to alter any of the set protocols made at the factory. With most setups, there will be a step involved in which the user will enter a password for accessing the connection that uses WEP encryption. When choosing a password, choose a random array of numbers and letters using both large and small case. Second, disable the SSID (Service Set Identifier) and the feature which broadcasts your SSID to the internet, or if used, do not use any easily searched names or passwords such as family pet, your child’s name, etc. (“Criminals”). By disabling the SSID or using a random network name, you are making it more difficult (if not impossible) for criminals to identify your connection and acquire such information.
The third step in attempting to secure your wireless connection is ensuring that firewalls are in place for both your router and computer (“Criminals”). A firewall restricts or blocks inbound traffic by monitoring network ports. Another useful step you can take to ensure the security of your system is to monitor its usage. By estimating the amount of time you utilize the system in a month, you will be able to recognize any increases (“Criminals”). Along with taking these steps, another way of protecting personal information on your computer is by disabling file sharing. If file sharing is enabled, any attacker that gains access to your wireless connection could possibly access the information on your computer including usernames and passwords.
The invention of wireless communications has propelled us into the twenty first century, while at the same time presenting a risk to the protection of our personal information. By taking the appropriate steps in setting up a wireless connection, making sure of updates to your computer and antivirus software, and monitoring your systems usage, you can minimize the risks of unauthorized use of your wireless connection as well as access to your personal information. As the old saying goes, “an ounce of prevention is worth a pound of cure”, but in this case it could be worth a lot more. Identity theft is a growing concern in the world we live in today, not only for adults but also for our children. It is our responsibility to make every attempt at protecting this valuable information.