Uh, what am I missing here? The Fed's message strikes me as factual and entirely reasonable. He isn't suggesting tailing warchalkers or erasing symbols. He isn't even spinning scare stories (e.g., "Hackers could use your network to peddle kiddie porn and blame you for it!")

Why is it so offensive to suggest that people and businesses running wireless networks take appropriate safeguards? Is their an equal access rule for privately run wireless networks that I haven't heard about?

I'm the kind of guy who'd *set up* a wireless network for the benefit of the neighborhood. I'd advocate community networks for public use, and encourage businesses to sponsor them. But the notion that each and every wireless node is a public commons is wack.

Have wardrivers and warchalker come up with a code of ethics for themselves? You know, a self-defined Law of the Noosphere? Maybe "live lightly on the net" and "don't abuse trust" and maybe even "ask permission?" Eh? Eh?

It's no more offensive than my reply. Imagine a warning to the effect that people are hanging around banks of pay-phones, gathering business intel through eavesdropping on businesspeople making phonecalls. It's the duh factor that makes this alarmist.

The problem is that until the current FBI Director, the leadership was computer hostile. We are now in a national crisis and the FBI is not exactly computer literate.

We computer literate people should be giving seminars to our local FBI offices to let them know what is going on and what the Internet is capable of.

I posted to FBI web site and to Secret Service web site detailed step by step instructions how a body can get weapons of mass destruction onto any commercial airliner in the USA, through the current system of Airport Insecurity, and also mentioned that I had received 15 communications from the Nigerian Scam in the last month, 3 of them from the identical return e-mail address, and should I be sharing this stuff with any law enforcement place or could y"all care less. I figure that they treated my post much like some form of Science Fiction.

I am not going to tell anyone else, outside the law enforcement community, precisely what that hole is in Airport Insecurity that Weapons of Mass Destruction can walk through. I will let the bad guys figure that out for themselves, and hope that in the meantime it dawns on someone that our leadership needs a crash course in computer literacy.

Wardrivers nothing new, just new name. People have been able to intercept Cellular phone calls, all kinds of consumer electronics for quite some time. When I got my first portable phone, I could hear taxi cab dispatching over it. I read somewhere on www.AirDisaster.com (sorry I forget which thread) that people have used radios in Britain to listen in on Air Traffic Control broadcasts to aircraft, then try to join in the conversation.

Edited by author 08-14-2002 10:31 AM
Hmmm. What could the hole in airport security be... let me see... oh yeah: FedEx!

Funny... I blogged this a while ago. I work for an database solutions company (Oracle shop) in Pittsburgh, and we've worked with Bill Shore before, and he's spoken at the Pittsburgh Oracle Users Groups meetings we host... even for an FBI agent, I think he's pretty paranoid.

The duh-factor? That's as may be, but some people don't listen unless it comes from official sources. The message wasn't aimed at the already-gots, it was aimed at the gonna-haves and the think-i-mights.

(ohmigod, did I actually write that? shoot me. shoot me now.)

Cory-

Your reply was way off kilter and utterly inane. Wardriving, for the most part, wouldn't even exist if people took the proper precautions and secured their connections. So here you have an FBI agent - making perfectly valid and timely statements regarding the practice of wardriving and the precautions businesses and individuals should take if they don't wish to share their bandwidth or be victimized because they didn't lock the door.

No wait your right... Screw the FBI. They shouldn't be out there trying to educate and enlighten people. Why the hell don't they go back to beating hippies and destroying anything that bends slightly left? ... since I'm sure that is what you see them as all about anyway.

Starbreiz, I read Cory's blog and yours and I think I need a computer world morality explanation. I can't quite understand why borrowing a business's bandwidth to access my email is stealing. It doesn't hurt them, slow them down or in anyway impede their computers' connectivity, correct? Doesn't that make warchalking about the same as checking make-up in a business's shiny windows or leaning against someone's car to tie one's shoes?

I can certainly understand why this would be a problem if the warchalker were trying to steal data, but in general that's not what they're doing, correct?

> Your reply was way off kilter and utterly inane.

And your message is flamebait, using unnecessarily insulting phrases like this one.

> Wardriving, for the most part, wouldn't even exist
> if people took the proper precautions and secured
> their connections.

Every business I've worked at since the Airport was released has had open wireless APs as a public service. Wardrivers have no means of distinguishing among deliberately open and accidentally open APs, and neither do you. On what basis do you make this ridiculous assertion? When I go out looking for open APs, I'm doing so on the assumption that the ones that I find are left open for the same reason I leave mine open. Are you saying that wardrivers (i.e., people who map out open APs and publish them for community benefit) wouldn't do so if there were no accidentally open networks, just deliberately open ones?


> So here you have an FBI agent - making perfectly
> valid and timely statements regarding the practice
> of wardriving and the precautions businesses and
> individuals should take if they don't wish to
> share their bandwidth or be victimized because
> they didn't lock the door.

Or spreading alarmist FUD that causes people to equate wardriving and open APs with insecurity and hacking.

> Why the hell don't they go back to beating hippies
> and destroying anything that bends slightly left? ...
> since I'm sure that is what you see them as all about
> anyway.

It's an ad-hominem attack *and* it's a strawman. Troll.

Edited by author 08-14-2002 01:42 PM
FedEx is a pin prick compared to the hole I was referring to.

Is the bandwidth of Internet connections infinitely large, or can unauthorized use lower the performance for the people the connections were built for? This is like the early days of breaking into computers by telephone connection. The intruders would say that they are not tampering with data bases, they are not stealing copyrighted material, they just using some of the computer time and resources for their own purposes, but this is not infinite, and it has perceived value, and is a doorway for more serious threats.

Perhaps the FBI should hire some wardrivers to give out e-traffic tickets to businesses that are putting the nation's infrastructure at risk by operating without proper security.

Al, am I putting the national plumbing infrastructure at risk by using the lady's room in the lobby of a major corporation? I'd wager not. Same with using their grass for a picnic. Heck, the local major corporation provides benches and a pretty foundtain for the citizenry. I'm sure it costs them a few extra pennies in liability insurance, but the good will they get is well worth it. We clean up after ourselves and they're quite happy.

However, I'm ready to be convinced otherwise. IS the i-net or any one company's wireless line at risk when a person taps into it to do a bit of surfing? Is my home wireless connection damaged by someone parking in front to check their email on it? I can't see it.

al: I'm sure there are bigger holes. I just keep having nightmares over the fedex/container ports thing. Unfortunately, a pinprick is all they need. As the bumpersticker says: one nuclear bomb can ruin your whole day.

pat: bandwidth is not free. neither is the water you took from the restroom. a restroom in a store is not a free public convenience for you. it's put there as a value-add for the stores customers (perhaps). Same thing with the lawn. open space benches and what not are typically not put there out of altruism but because some planning commission forced the company to create Open Space in order to get zoning for their project.

I read in infoworld once a good analogy: public rest stops on highways provide FREE paper towels and toilet paper. (yeah yeah, it's not really "free", it's tax dollars yadda). It's going to stay free as long as everyone just uses it as they're doing now. But as soon as people start loading up their cars with it and taking it home to heat their houses, well then it's not going to be provided anymore. Same as with bandwidth. Which is why we'll eventually be paying for email by the byte. There's no such thing as a free lunch.

Robertl30: In fact, bandwidth is often free. When two network providers peer (i.e., where PSINet and UUNet meet at an interchange like MAE West), no incremental charge is incurred when a packet is passed from one peer to the other. At the "center" (metaphorical center -- the Internet has no center), bandwidth is free. Most packet-transactions on the Internet are free. In this example, who would pay whom? Would PSINet pay UUNet for relaying packets to its customers, or would UUNet pay PSINet for making its customers' packets available to UUNet's customers?

Per-bit pricing models are not an artefact of actual network costs. Rather, they reflect a way of recouping sunk costs for network infrastructure and a way of covering recurring costs for maintaing and operating network infrastructure.

It's true that the further away you get from an interchange, the more likely you are to encounter a bizmodel that involves per-bit pricing; but it's important that we don't regard this as an immutable law of network operations. Rather, it reflects one of many business models that have beeen tried by network operators.

Many network operators are pleased to provide unmetered connections (i.e., Earthlink). There is no implicit "theft of service" in the usage of network services on someone's network, as there is no implicit costs associated with that usage. Any costs are circumstantial, not universal.

This bit about bandwidth costs is very interesting, Cory. Still, bandwidth is not infinite, as popular web sites discover frequently, even to the extent of being shut down. I do wonder to what extent a wireless node could be clogged by passing users of warchalks, if wireless becomes popular enough. And how practical shielding is for those who want their wireless network to be used by themselves but not by passersby.

Edited by author 08-14-2002 09:04 PM
No, bandwidth is not infinite, but those who choose can put limits on what they make available. Traffic shaping and QOS flags are ways around worrying about whether or not wireless users are hogging your network. I have a wireless node at home, even though I have no wireless devices I use at home - I put my laptop on ethernet since 100Mbps far exceeds anything wireless can do. I run all the wireless access through a proxy and limit what types of service are available. If enough people 'get it', we can all share bandwidth and have constant wireless access as soon as you walk out the front door.

Fedex is a separate topic than the container ports thing.

You or I can go to Fedex or UPS or one of those other places and DECLARE what is the content of a package, and our declaration can be wrong. There was a Value Jet plane crash in Florida because of a wrong declaration. The company involved is up on charges for their negligence involved. A terrorist could get a job at one of these companies that ships stuff all over the nation, then send out some weapon of mass destruction in a package, then cause it to explode where it will do the most harm.

That is what I call the Fedex pin prick, and I consider it to be a pin prick, because the terrorist can do a whole lot more damage by taking the same weapon of mass destruction in a U-Haul truck, and blowing it up on a bridge over the Mississippi river, Ohio river, or further up our water ways infrastructure. Think contamination to drinking water supplies, and lots more chaos. And what does it do to our civil liberties to block this kind of vulnerability?

The container ports thing is much more important because if the nation can control the borders, and account for dangerous stuff inside the borders, then there is no need to erode civil liberties for the non-dangerous occupants inside the borders.

It seems to me that the government is doing Homeland Security much the same way that most people do Stock Market Investment, navigating by looking in the rear view mirror at what has happened in the past, but totally blind to what might happen in the future. More than ever, I think there is a need for Wargame simulations.

In wargame simulations, there is some international challenge and various different sub-commands are assigned tasks. Everyone wants the 82nd airborne, or some other unit to do THEIR task, and pretty soon the simulation shows where there is a lack of right units, or transportation capacity, or ability to process the intelligence information in a timely fashion, and from the experience, there is a learning process how to craft a better infrastructure.

Simulations work great when there are real people with real know how knowing where the problems are, and incorporating them in the game.