X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
I went out “war driving” the other day. It’s fun. If you are ever in the neighborhood, stop by and I’ll show you. What is war driving? The term describes a new take on a technique called “war dialing” that early hackers used to penetrate computer networks. Using software called a war dialer, hackers randomly dialed phone numbers with a modem to find ones that would answer with computer tones, indicating an entry point for computer or telecommunication systems. In the days before the Internet, a war dialer was an indispensable tool if you wanted to penetrate a computer system. Today, war driving is just the wireless version of war dialing. Hackers are tapping into the rapidly growing number of wireless networks in homes and offices, gaining access not just to the Internet but to computers on those networks. Unless proper security measures are taken, companies may be exposing sensitive data to anyone within reach of a wireless signal. Wireless networks, which transmit on unlicensed radio frequencies, happen to be an excellent communications tool. Their popularity has skyrocketed as quickly as the price of installing one has plummeted. Current technology allows speeds approaching or exceeding those of a wired network, without the hassle and expense of laying cable. And wireless networks are cheap. You can pick up a basic wireless access point at BestBuy or CompUSA for as little as $100. Many laptop computer makers are integrating wireless networking capabilities into the latest products. You can find wireless networks installed at corporate campuses, in homes and also in large office complexes. Wireless networks are especially popular in workplaces where the work force never stands still, like in a hospital. The reason? Convenience. Who wouldn’t want to take their notebook computer to the conference room while still surfing the Web? Unfortunately, the same qualities that make wireless networks so attractive also make them dangerous. Unlike a wired network, a wireless network does not stop at a building’s outside walls. Using any wireless network card available at your local computer store, I can sit outside your office building with my laptop and suck data from your network, literally out of thin air. That’s war driving. And it’s not just me. Anyone with a wireless card and some free software downloaded from the Internet can do it. When I went war driving two weeks ago, I quickly found six access points less than a mile from my home. Several signals were so strong they could be picked up while I drove down the highway. I did not even have to go through the trouble of searching for these networks myself. At the same site on the Internet where you can download software to find wireless networks, you can also obtain free maps with precise locations of thousands of wireless network access points. Armed with such a map, war drivers simply attach a global positioning system receiver (another $100 at BestBuy) to their laptop and follow the map until they reach the signal. And what can you suck out of the air once you’ve found a signal? Pretty much anything. Wireless networking equipment usually comes with security based on the wired equivalent privacy protocol, or WEP. But many people who set up wireless networks fail to activate this security feature. In fact, some wireless networks come with WEP turned off by default. Without WEP, any information transmitted over a wireless network is up for grabs. Passwords, credit card numbers, trade secrets, you name it. Even with WEP, wireless network security can be shaky because WEP can be broken. There are free programs on the Internet that a sophisticated war driver can use to break WEP encryption and sniff passwords or other sensitive information. WEP has other problems, too. In some systems the encryption key used to secure wireless transmissions is stored “in the clear” on any computer system using the network. That means that even if I can’t break WEP, all I would need to do is look at your laptop for a couple of minutes during a meeting, copy down your encryption key, and I am in. A new version of WEP, called Dynamic WEP, is expected to solve many of the problems with the existing system. However, it is only beginning to come into use and it will be some time until Dynamic WEP becomes the standard. Until then, don’t expect that beefing up security patrols around the parking lot will solve the problem. It is very difficult to detect that someone is intercepting your wireless computer network signal. And besides, I don’t need to hang around your building if your telecommuting employees are using wireless networks at home to e-mail sensitive corporate data back to the office. Whether war driving is legal or not is a gray area at the moment. Federal wiretap statutes do not mention wireless networks specifically. However, it is illegal to intercept and record cordless telephone conversations, and these phones use the same frequency as wireless networks, so one would expect the same prohibitions would apply to the interception of wireless data. But war driving has two elements to it: Locate the signal and intercept it. Just locating the signal may not, in and of itself, be illegal. That may be why you can find maps on the Internet. Your building might be one of them. Whether it is illegal to intercept information traveling over these wireless networks has yet to be tested in court. But the big question is: Do you want to find out the hard way? Joel Rothman is a solo practitioner in Boca Raton, Fla., and general counsel to Technology Risk Solutions LLC. He welcomes questions or comments at [email protected] or (561) 989-9770.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.