If you work on an unsecured wireless internet network, beware. Someone right now could be moving around in the city looking for open WiFi spots for sending anonymous terror emails or accessing confidential information with almost no risk of being caught. Welcome to the dark world of wardriving.
A wardriver is a person who moves in a vehicle with a laptop — or a PDA like iphone BlackBerry — which has a software that detects WiFi networks. If an unscrupulous wardriver finds an "open" network, one that is not password-protected, he could use it for a range of nefarious activities.
The terror emails sent from the WiFi connections of an American in Navi Mumbai and Mumbai's Khalsa College could possibly be examples of such misuse. These networks can also be used for identity thefts and corporate espionage.
Unless caught in the act, it's virtually impossible to trace a wardriver. The wireless network can be accessed within a 25-30m radius of the point of installation. The malicious user can then piggyback on the network to send emails or access websites the owner's IP address, which when traced back leads to the owner of the network.
Says Sumit Grover, a vigilante wardriver, "I discovered many unprotected networks, observed their misuse. Over the past year, I tried to alert the ISPs involved, the Computer Emergency Response Team which analyzes threats to computers and networks in India, Trai, the ISP Association of India and even the IT ministry. Nobody took notice. Sadly, this was followed by a spate of terror attacks."
Software for wardriving — breaking into unsecured wireless internet — is freely available on the internet or even pre-installed in the device and such attacks are increasing with the rapid rise of wireless networks as laptop and broadband prices fall. The WiFi Alliance has estimated the WiFi market to be worth over $270 million and expects it to touch $900 million by 2011-12. Almost 90% or more of these networks aren't password-protected.
The month of August saw a surge in such activity. Terror emails linked to July's bomb blasts in Ahmedabad were traced to American national Kenneth Haywood's unsecured WiFi network. Another terror email sent in the name of Indian Mujahideen was traced to a computer in Mumbai's Khalsa College.
During the past year, hackers stole personal data worth an estimated $5 billion of up to eight million guests at over 4,000 hotels in 80 countries belonging to the Best Western hotel consortium alone. The data — which includes home addresses, phone numbers, places of employment and credit card details — was sold via an underground network operated by the Russian mafia.
What's most shocking is that this is quite easy to do. Open wireless networks can be accessed without any authentication and without attracting notice of the actual owner of the network. This is very different from hacking, which does not require physical proximity to the target network/computer. Cracking into protected networks, whether wireless or others, is a far more tedious process and can eventually be traced back to the hacker, while in the case of an unprotected wireless network, the intruder is virtually anonymous.
When done on a moving bicycle or motorcycle, wardriving is called warbiking. Then there's warwalking (or warjogging), which is done on foot. This is the ugly face of India's telecom revolution and the burgeoning demand for next generation smartphones and 24X7 internet access. Yet, the authorities appear either oblivious or unconcerned about its misuse and security
0 comments:
Post a Comment