Hackers wardrive into wireless
August in Las Vegas is always hot, but the airwaves will be burning when DEFCON kicks off August 1-3, 2003, at the Alexis Park Hotel.
Eleven years and still kicking, DEFCON is the world’s most notorious computer hacker convention. Presentations range from philosophical discussions on hacking to detailed information on the latest security holes in desktop computer operating systems. A remarkable mix of security professionals, talented amateurs (who sometimes know more than the professionals), and government officials turn out to exchange information on the latest security techniques.
With the proliferation of 802.11b 2.4 GHz technology, Wi-Fi has emerged as a hot topic at DEFCON. A number of wireless events are scheduled to take place at the conference, including a contest to demonstrate the longest-distance 2.4 GHz link, a search for WiFi hot spots across Vegas, and plenty of 802.11b security presentations.
The Wi-Fi long-distance competition is already attracting a lot of attention. Inspired by a Guinness World Record set last year in Sweden, the competition has five categories ranging from commercial off-the-shelf equipment to homemade antennas with enhanced power. No one expects to beat the world record of 310 kilometers, set between a ground station and a balloon-mounted unit that drifted nearly 30 kilometers into the atmosphere with a high-powered amplifier for weather reporting — not exactly a standard configuration. Contestants will only be allowed to use 802.11b in a point-to-point setup; no relays will be allowed. One end of the relay must be on the roof of the hotel and winners must disclose the technologies they used.
Wardriving activities are also bound to attract notice. Derived from the original practice of methodically dialing up phone numbers looking for modem tones, today’s hackers drive around with a Wi-Fi enabled laptop looking for open wireless networks, with locations logged to GPS coordinates.
In a DEFCON event, up to 12 teams will drive around Las Vegas in a designated area in two-hour blocks on Friday and Saturday afternoon. The team that logs the largest number of wireless access points and most unique wireless access points wins.
To make sure teams play fairly, the event planners have incorporated certain surprises, including “false flag” access points that will be turned on before the event.
For other wardrivers, Vegas is only one spot on the map. The WorldWide WarDrive (WWWD) is an international effort to discover and log wireless access points around the world.
Chris Hurley, a Washington D.C.-based information security engineer, will present both results of the data collected as well as a statistical analysis at DEFCON.
IT managers operating wireless networks may wish to visit www.wigle.net or www.netstumbler.com for information and technology to inspect their corporate wireless security.
Attendees who are less inclined to tinker with Wi-Fi hardware or software will have plenty of informational sessions to whet their appetites. Security weaknesses of 802.11 LANs will be addressed in three separate sessions, and include ways to defeat wireless encryption protocol (WEP), detecting attacks against 802.11 networks, and installing rogue access points in existing LANs.
In addition, information is provided on techniques and technologies available to harden wireless networks against intruders.
Finally, if one has overdosed on Wi-Fi, there’s a primary tutorial on satellite television.
DEFCON 11 is taking place at the Alexis Park Hotel, Las Vegas on August 1-3, 2003. Admission is $75 in U.S. currency at the door, cash only; no checks, credit cards or foreign currencies.
More information on DEFCON events can be found at www.defcon.org