Worldwide 'war drive' exposes insecure wireless LANs

Computerworld - Amateur wireless LAN sniffers detected hundreds and potentially thousands of insecure business and home industry-standard wireless LANs in North America and Europe during the past week in a loosely organized electronic scavenger hunt dubbed the "Worldwide Wardrive."
Security analysts and wireless LAN industry executives said the results of the weeklong Worldwide Wardrive posted to the Security Tribe Web site indicate that many wireless LAN users still fail to use the most elementary form of security to protect their systems.
The Worldwide Wardrive, conducted between Aug. 31 and Sept. 7, was an exercise in detecting wireless LANs using NetStumbler freeware available on the Web that was carried out by people who describe themselves as hobbyists. But malevolent hackers and industrial or foreign espionage agents could easily exploit the holes found, analysts said. The logs posted on the Security Tribe Web site include precise latitude and longitude data of the wireless LAN access points (AP) detected during the Worldwide Wardrive that could also serve as an intelligence tool.
The term war driving is derived from the "war-dialing" exploits of the teenage hacker character in the 1983 movie WarGames, who has his computer randomly dial hundreds of numbers and eventually winds up tapping into a nuclear command-and-control system.
The war-driving participants sniffed major technology and business centers such as Silicon Valley and Orange and San Diego counties in California, as well as Chicago, Cleveland and Denver in the U.S. and the province of Alberta in Canada. In Europe, the war drivers sniffed Barcelona, Spain, and Cologne, Germany.
Home installations accounted for the majority of APs detected in the Worldwide Wardrive exercise, which was easily determined based on the hundreds of systems broadcasting a Service Set Identifier (SSID) -- an ID of up to 32 characters continuously transmitted by an 802.11b or Wi-Fi AP operating in the 2.4-GHz band -- or a "linksys" SSID, which is used by Irvine, Calif.-based Linksys Group Inc. as the default for its line of low-cost home wireless LAN systems.
But the hobbyists also detected hundreds of potentially vulnerable corporate or government networks, according to analysts. That assumption is based on the discovery of many APs with an SSID of "tsunami," which is used as a default by Cisco Systems Corp. for its wireless LAN products.
Chris Kozup, an analyst at Meta Group Inc. in Stamford, Conn., said the use of a tsunami default SSID indicates that the wireless network is probably a business or government AP, considering the high cost of Cisco equipment (just under $1,000). In contrast, home