The warballooning project demonstrated that a third of access points are still left unsecured, either by design or ignorance.
You've heard of wardriving
, warwalking, and I'm sure someone out there has done warcycling and possibly even warcanoeing, but how about warballooning?
reports that a team of hackers at the Defcon conference have successfully launched a balloon carrying a computer payload designed to seek out and map wireless networks on the ground via a high-gain antenna and GPS system, despite a few last-minute hiccoughs.
The team, lead by security consultant Rick Hill of Tenacity Solutions, designed the experiment as a longer-lived extension of a previous attempt to launch a model rocket fitted with WiFi-sniffing equipment. Despite having filed all the paperwork required, and having got approval from the Federal Aviation Authority for a launch close to the McCarran International Airport in Las Vegas, the balloon was nearly grounded when the management of the Rivera Hotel, site of the Defcon conference, pulled its permission for the launch to take place on its property.
With the permission slip from the FAA for a balloon launch depending on launching from the precise site detailed in the application, this could well have been a death blow for the project. Thankfully, Hill is a model rocketeer in his spare time, and well familiar with FAA regulations – in particular the part that states permission for a launch is only required within a five mile boundary of an airport. By hiring a van and clandestinely moving the now-technically-banned balloon outside the critical boundary – although Hill isn't saying exactly where – the launch was able to go ahead almost as planned.
The results of the experiment show that no matter how many examples of high-profile cybercrime perpetrated over badly secured wireless networks hit the news, there is still a worrying percentage of people who leave their access points completely unencrypted – either by design or through ignorance. Around a third of the wireless networks spotted along the famous Las Vegas strip were unencrypted and open for anyone to access.
We know that one of our own forum members has direct experience of the shady wardriver
type, but is anyone willing to admit to 'piggybacking' onto a badly configured connection when you need 'net access in a pinch? Share your experiences over in the forums