Mapping Wireless Nets: Security Risk?

At some point, the quest for ubiquitous computing turns into a security nightmare.

That's the concern of some federal law enforcement officials who in July warned companies throughout the Pittsburgh area of what can best be described as a systematic effort to mark and map unsecured Wi-Fi 802.11b wireless access points throughout many of the nation's major metropolitan areas.

Bill Shore, a special agent with the FBI's Pittsburgh field office, sent an e-mail to private-sector members of the local FBI Infragard chapter, warning them of a process known as "warchalking"--the physical marking of a building or facility to denote an open wireless access point.

Infragard chapters are local partnerships between the FBI and businesses in particular geographic areas focused on cybersecurity information sharing. There are 56 such chapters in the United States.

Shore likened warchalking to hobos marking public places that are willing to provide a hot meal, or the way spies mark dead-drop locations to exchange packages. Although the markings can be used for legitimate purposes, such as denoting a free public access point, officials fear that markings are being made on corporate buildings--enabling hackers, and possibly even terrorists, to more easily locate vulnerable wireless LANs.

The threat posed by warchalking, however, goes far beyond what might be considered isolated incidents of scanning for the presence of wireless networks.

"In Pittsburgh, the individuals are essentially attempting to map the entire city to identify the wireless access points," Shore said. Although he said there have been no reports of buildings in Pittsburgh being physically marked as they have in other parts of the country, Web sites have popped up that provide interactive digital maps denoting the precise locations of dozens of Wi-Fi access points in cities such as Pittsburgh, Philadelphia, Boston, and Berkeley, California, as well as regions of northeast Texas and various college campuses.

Spreading the Word

For example, Zhrodague Wireless Maps allows war drivers--those who go around looking for wireless networks--to submit output from their war-driving adventures and then creates digital street-level maps that show the location and signal strength of 802.11b access points. In some cases, satellite photos are used.

The site, which advertises itself as a service that puts "Wi-Fi on the map," includes more than 28,000 entries from war-driving results in Boston alone. It also provides maps for locals as far-flung as Germany and Okinawa, Japan.

Another Web site, Warchalking, includes a message board where computing enthusiasts often post messages about their warchalking plans. One user bragged about his warchalking excursion in Santa Monica, California, where he marked the "corrugated metal wall of an art gallery."

Shore acknowledged the threat such markings and Web sites pose to ongoing criminal and counterintelligence investigations, especially antiterrorism investigations. The ability of criminals and terrorists to spot these markings while simply walking down the street and then use vulnerable corporate wireless networks for anonymous Internet access "poses a real problem" for law enforcement, he said.

But William Harrod, director of the Investigative Response Division at TruSecure and a 14-year veteran of the FBI, downplayed the security significance of warchalking, saying that terrorists or serious criminals are unlikely to rely on it for identifying access points.

Harrod, who served at the FBI as a supervisory forensic computer specialist and a Rapid Start team leader, also downplayed the utility of having online interactive maps for terrorist activities. "It's not terribly hard to find access and gain that access," he said.