Printer Friendly

Chalk it up to experience. (Tech Talk).

A network administrator arriving at her office building notices a strange chalk drawing on the sidewalk. She dismisses it as graffiti, not realizing that it is actually a sign-called warchalking--that identifies an unprotected wireless connection emanating from her company network.

Once a company's wireless node is publicly identified, anybody with a laptop and a wireless networking card can use it to access the Internet. While most warchalkers are just trying to get free Internet access, that access goes through the corporate network, thus endangering the network itself--and any sensitive information it contains.

Many companies have wireless nodes that could be similarly hijacked, according to John Bumgarner, CISSP, CEO of Cyber Watch, Inc., who has located hundreds of wireless nodes in Charlotte, North Carolina, although he says that he hasn't seen any warchalking evidence yet. However, Web sites dedicated to warchalking show that the phenomenon has caught on from Berkeley, California, to the United Kingdom.

Bumgarner says that wireless nodes are often created by office workers who, without permission, install hardware on the corporate LAN that allows them to connect to the network in a meeting room or cafeteria, or, with a simple antenna, from even farther away. Wireless signals from legitimate wireless networks also simply "leak" through walls and floors, allowing those in neighboring floors or buildings to access the nodes, he says.

If warchalkers are helping potentially malicious users find unsecured networks, are they committing a crime? Possibly, say cybercrime legal experts, but one that will be very difficult to prove. According to Arif Alikhan, assistant U.S. attorney for the central district of California and chief of that office's computer crimes section, "If you're [warchalking] just to mark where the access points are, in and of itself, it may not be illegal. But if it's done with the purpose of trying to aid and abet or assist other people to illegally gain access to a system, then it could be problematic." He says that prosecutors would have the difficult task of proving that the warchalker had the specific intent to aid and abet, or enter into a conspiracy with, somebody who later commits a cybercrime.

Marc Goodman, a former police officer and now senior managing director of digital security and investigations with investigative firm Decision Strategies LLC, agrees that trying to hold a warchalker accountable as a hacker's accomplice "would be a very tough case. It's very similar to people who publish on the Internet various security flaws for Microsoft products; it's a freedom of speech issue."

So how should a company react if it becomes a target of the scheme? After first erasing the symbols that are exposing the network to the world, there are a few steps that can be taken to more tightly secure a wireless network, says Larry Rogers, a senior member of the CERT technical staff.

The two most common solutions are using WEP (wired equivalent privacy a wireless security protocol) and MAC addresses (the media access control numbers that identify a device's network card); the former allows a measure of encryption, while the latter allows only known and trusted clients to connect to the access point. However, Rogers points out that these options only discourage casual snoops; they don't make the network highly secure against the more sophisticated criminals who might want to tap into the company's wireless network.

For more secure wireless networks, Rogers advises using VPN, or virtual private networking, software. "VPN offers encryption and some form of ancillary authentication (such as passwords or biometrics)," Rogers says. VPNs create a secure tunnel across the shared public infrastructure, encrypting data (with a stronger algorithm than that used by WEP) at the sending point and decrypting it at the receiving point. Bumgarner adds that other steps that can be taken to lock down wireless networks include disabling the wireless access point from broadcasting its identification number and installing shielding to prevent wireless signals from leaking out of a building.

@ See a chart of warchalking symbols by visiting SM Online.
COPYRIGHT 2002 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2002 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Plazza, Peter
Publication:Security Management
Date:Nov 1, 2002
Previous Article:How can process plants improve safety? Plants that handle hazardous materials need to implement better security despite the lack of guidance from...
Next Article:Response team guide series. (Tech Talk).

Related Articles
Kids camping takes the challenge!: Use healthy messages to make the camp experience AWE-some!
Feeling of family marks Oakridge school.
Security Management 2002 Index.
Marvelous marbled underwater scenes.
Darkness rules `White Chalk'.

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters