Wireless network mapping could pose enterprise risk

US federal law enforcement officials have warned companies throughout the Pittsburgh area of a systematic effort to mark and map...

US federal law enforcement officials have warned companies throughout the Pittsburgh area of a systematic effort to mark and map nonsecured Wi-Fi 802.11b wireless access points throughout many of the nation's major metropolitan areas.

Bill Shore, a special agent with the US Federal Bureau of Investigation (FBI)'s Pittsburgh field office, sent an e-mail last month to private-sector members of the local FBI Infragard chapter, warning them of a process known as "warchalking", the physical marking of a building or facility to denote an open wireless access point.

Infragard chapters are local partnerships between the FBI and businesses in particular geographic areas focused on cybersecurity information sharing. There are 56 such chapters in the USA.

Shore likened warchalking to tramps marking public places that are willing to provide a hot meal, or the way spies mark dead-drop locations to exchange packages. Although the markings can be used for legitimate purposes, such as denoting a free public access point, officials fear that markings are being made on corporate buildings - enabling hackers, and possibly even terrorists, to more easily locate vulnerable wireless LANs.

The threat posed by warchalking, however, goes far beyond what might be considered isolated incidents of scanning for the presence of wireless networks.

"In Pittsburgh, individuals are essentially attempting to map the entire city to identify the wireless access points," Shore said in an interview. Although he said there have been no reports of buildings in Pittsburgh being physically marked as they have in other parts of the country, Web sites have popped up that provide interactive digital maps denoting the precise locations of dozens of Wi-Fi access points in cities such as Pittsburgh, Philadelphia, Boston and Berkeley, California, as well as regions in northeast Texas and various college campuses.

For example, a Web site called Zhrodague Wireless Maps (ZWM) allows war drivers - those who go around looking for wireless networks - to submit output from their war-driving adventures and then creates digital street-level maps that show the location and signal strength of 802.11b access points. In some cases, satellite photos are used.

The site, which advertises itself as a service that puts "Wi-Fi on the map," includes more than 28,000 entries from war-driving results in Boston alone. It also provides maps for Germany and Okinawa, Japan.

Another Web site, Warchalking.org, includes a message board where computing enthusiasts often post messages about their warchalking plans. One user bragged about his warchalking excursion in Santa Monica, California, where he marked the "corrugated metal wall of an art gallery".

Shore acknowledged the threat such markings and Web sites pose to ongoing criminal and counterintelligence investigations, especially antiterrorism investigations. The ability of criminals and terrorists to spot these markings while simply walking down the street and then using vulnerable corporate wireless networks for anonymous Internet access "poses a real problem" for law enforcement, he said.

But William Harrod, director of the Investigative Response Division at TruSecure and a 14-year veteran of the FBI, downplayed the security significance of warchalking, saying that terrorists or serious criminals are unlikely to rely on it for identifying access points.

Harrod, who served at the FBI as a supervisory forensic computer specialist and a rapid start team leader, also downplayed the utility of having online interactive maps for terrorist activities. "It's not terribly hard to find access and gain that access," he said.

Read more on Wireless networking