KPMG honeypot lures London’s wardriving commuters

Out-Law News | 31 Mar 2003 | 12:00 am | 2 min. read

A wireless 'honeypot' set up by KPMG to monitor wireless hacking and so-called 'wardriving' activity has revealed that the most popular time to try to access wireless networks is on the way to and from work.

Wardrivers drive around with normal laptop computers, running freely available software, which can detect accessible wireless, or Wi-FI, networks. By simply clicking a mouse button they can access the detected network. Often, chalk marks are put on buildings or pavements where the wireless node is detected – known as warchalking – as a marker for others. Most do it as a hobby, often just to get free access to the internet. Others do it for more hostile purposes.

The dummy set-up, designed to appear as a legitimate corporate wireless network, recorded and analysed the activity of users trying to access it. The most popular time for wardriving was between 9-10 am, where 24% of probes took place, and 5-6pm where 18% of probes took place.

This, says KPMG, suggests that people scan for wireless access points while driving in cars, or while on foot or cycling. Virtually no activity was recorded at weekends.

Three separate wireless points were set up at different points around the Square Mile in London, and ran for a week each, aimed at establishing the prevalence of wardrivers and wireless hackers. An average of 3.4 'probes' were detected per working day.

Given that RSA Security recently recorded 328 wireless access points in just seven areas in the financial district of London alone, the research highlights the potential scale of unauthorised wireless access taking place.

Analysis of the probes revealed that 84% of those looking for wireless networks simply identified the presence of the network and moved on. However, KPMG warns that these individuals were possibly charting maps of wireless access points for future use.

Sixteen percent of probes ended in eventual network access, and three-quarters of those who did access the network undertook activity that would be described as hostile. Deliberately malicious behaviour included attempts to access systems and tamper with their set-up, and attempts to run computer commands that would damage the technology.

RSA's survey also found that only a third of the networks detected in their financial district research were running special security technology for wireless networks.

"The activity recorded is significant, given the proliferation of wireless networks now being used by companies, and could adversely effect a typical business," commented Mark Osborne, director of Security Services at KPMG. "The project dispels the myth that all unauthorised wireless activity is harmless. Risks include stealing bandwidth which slows the network down, or actual physical disablement of systems."

The research showed that hackers appeared to have "a less than basic knowledge of computers and networking," said KPMG. But whilst their attempts lacked sophistication, the firm is warning that it may only be matter of time before they become more literate.

It is emphasising that the risks of wireless intrusion include not only deliberate malicious attacks that paralyse systems, introduce viruses and result in data theft, but also 'free surfers' slowing the network, or gaining access to data that would breach the Data Protection Act, such as patient or customer records.

Tim Pickard, Strategic Marketing Director EMEA at RSA Security, comments:

"Once again we are seeing how security seems to have been overlooked in the rush to implement wireless solutions. This research clearly demonstrates the very real dangers involved in leaving wireless LANs wide open to potential hackers. CEOs, CIOs and IT Managers need to understand that any investments they have made in securing their infrastructure can be swiftly negated if the backdoor is left open through the introduction of un-secured wireless LANs."