Secret Service Goes War Driving 142
JSC writes "Looks like the Secret Service is taking a page from the WarDriving handbook. Your tax dollars at work includes springing for the Pringles can for the antenna."
Work continues in this area. -- DEC's SPR-Answering-Automaton
wardriving (Score:1)
Its Warchalking.... (Score:4, Informative)
Counterattack (Score:1, Insightful)
They aren't doing it to get free bandwidth (Score:3, Informative)
Re:They aren't doing it to get free bandwidth (Score:2, Insightful)
So my tax dollars are being spent on sending the secret service to do a private business's job for them?
What's next? Do I have to pay the government to go in and help companies decide what pleasing colors to paint their hallways and do ergonomics checks?
Re:They aren't doing it to get free bandwidth (Score:1)
Why is this coming from taxes? (Score:3)
Re:Why is this coming from taxes? (Score:1, Insightful)
Re:Why is this coming from taxes? (Score:2)
I'd rather make my own decisions on what my money is spent on, kthx.
Re:Why is this coming from taxes? (Score:3, Insightful)
Business that can't survive in a free market doesn't deserve to survive. You might as well write "your democratic government is killing monarchy."
Re:Why is this coming from taxes? (Score:2)
Corporate welfare is killing America.
Re:Why is this coming from taxes? (Score:2, Funny)
I believe al-Quada has a secret lab developing their own pringle can antenna to war-camel-ride the D.C. area.
Re:Why is this coming from taxes? (Score:4, Informative)
MM
--
Re:Why is this coming from taxes? (Score:1, Interesting)
By having an investigation of this type, informing leaky network owners of their problem and of possible solutions, you mitigate the Starbucks-hacked panic.
Re:Why is this coming from taxes? (Score:2)
Re:Why is this coming from taxes? (Score:1)
Re:Why is this coming from taxes? (Score:1)
It seems to me that it is not a stretch to imagine that a serious assasin might find information of interest from George Washington hospital if Cheney were to be re-admitted.
Also, you didn't propose an alternate explanation for their motivations.
Also also, with all the pork-barrel politics that we have, I would think that government spending watchdogs could find something more important to worry about than secret service agents doing a little war driving.
MM
--
Re:Why is this coming from taxes? (Score:2)
grumpy old man rant about your tax dollars (Score:4, Funny)
Re:grumpy old man rant about your tax dollars (Score:2, Funny)
Re:grumpy old man rant about your tax dollars (Score:2)
Re:grumpy old man rant about your tax dollars (Score:1)
Re:grumpy old man rant about your tax dollars (Score:2)
Re:grumpy old man rant about your tax dollars (Score:2)
The equal allocation method calculates prices for large numbers of items in a contract by assigning "support" costs such as indirect labor and overhead equally to each item. Take a contract to provide spare parts for a set of radar tracking monitors. Suppose a monitor has 100 parts and support costs amount to a total of $100,000. Using the equal allocation method each part is assigned $1,000 in such costs, even though one item may be a sophisticated circuit card assembly, which requires the attention of high-salaried engineers and managers, and another item may be a plastic knob. Add $1,000 to the direct cost of the part and you get a billing price.
"An agent from the Defense Criminal Investigative Service, who grasped the equal allocation method better than FBI and GAO auditors had done in an earlier investigation, used a blackboard to persuade an official in the U.S. Attorney's office in New York that no charges should be filed against Gould for billing the government $435 for a hammer."
You would think that auditors would be smarter than that!
So? (Score:4, Funny)
Why should I care if the SS does it
Right Kyle?
Re:So? (Score:1)
Because your tax dollars paid for a can of pringles! Where's your outrage, damnit?!
Re:So? (Score:2)
Also it helps the Cincinnati economy.
Re:So? (Score:1)
Re:So? (Score:2)
Live in the southern removed part of the state now?
The article got this one right (Score:4, Funny)
Actually, most vendors advertise WEP as a security mechanism for these wireless networks, but as we all know, it is pretty much useless [sourceforge.net]. I wonder if the writers of the article wrote the above statement knowing this fact, or if they just got lucky.
Re:The article got this one right (Score:3, Informative)
I have yet to find anyone who has really been able to bust a WEP key in a period of less than 4 hours...and this is in a high-traffic lab environemnt. I tried for 2 days in my home lab without success...then gave up.
Several vendors have patched their firmware so no FFs appear in the initialization vector, so Airsnort's use is somewhat limited on those networks to transmissions from other notebooks...and if the site is running Cisco hardware with LEAP, forget about it.
Unless you plan to put a laptop in somewhere and leave it for a few days, don't get your hopes up too much on getting enough packets.
Re:The article got this one right (Score:1)
I wrote it, and I know how insecure WEP is. I don't even bother with it for my home network, so I didn't consider it a viable security measure. I prefer MAC filtering, and that's what the Secret Service suggests. But MAC filtering is a bit too techie to get into an article for the intended (non-Slashdot) audience.
Not to say I've never gotten lucky.
Check the Lottery (Score:5, Interesting)
I know of someone who drove downtown in my hometown and picked up many wireless networks. This included 4 laptops with pringle can antennas. Among one of these networks he noticed the name was the state Lottery, thats right, the lottery. As he looked up, he was passing the building for the state lottery. It is interesting to see how many open wireless networks that there are in a town.
He also informed one company of the open network (he knew the network admin) and immediatly lost his ip for that network.
Is it illegal to pick up the wireless network as you drive by, if you don't do anything with it? Or is it illegal to pick it up and browse the net or both?
Neighbourhood Watch - Re:Check the Lottery (Score:1)
Re:Neighbourhood Watch - Re:Check the Lottery (Score:1, Insightful)
Re:Check the Lottery (Score:2)
I don't know. But I'm sure it is illegal for the person's email you just forged over their wireless network. With all the things you could do to someone, this type of revenge appears to be the most evil things a person could do...
So when the SS does it now it's okay? (Score:4, Insightful)
Re:So when the SS does it now it's okay? (Score:1)
Re:So when the SS does it now it's okay? (Score:3, Interesting)
Re:So when the SS does it now it's okay? (Score:1)
it's ok Because They Can. (Score:2)
Let's get realistic about this - The SS is doing this because they can. They have a huge budget and lots of nifty toys. They're supposed to know "what's going on" around DC, so they have license to snoop around to an extent. Their basic job description probably leaves many of them plenty of free time. Someone probably read an article in Wired, and thought it was cool. That's kind of what happens when you empower virtually unaccountable branches of the government; in this dept the SS has nothing on the CIA, for example....
Re:So when the SS does it now it's okay? (Score:3, Insightful)
I know these analogies are flawed, but so is yours. A police officer (at least around here) isn't allowed to go 90mph or fly through a red light unless he's responding to an emergency call or pursuing a known felon. I don't believe anyone called up Agent Peterson and asked him to come check out their WAP on the double; it seems much more to me like he's just poking around. He's doing it under official directive, without a doubt, but that doesn't necessarily make it right.
Why is it that it's OK if Agent Peterson goes wardriving and maybe does a bit of snooping to probe a network, but if we do it, we could be sued or perhaps even branded as hackers (or terrorists, or whatever word they're using nowadays) and tossed into the clink? Why is that Agent Peterson can throw together a decent gain antenna made out of a Pringles can and look like a genius for using limited resources, but if we do that, we're frowned upon since we used a few raw materials for something other than their obvious purpose? Why is it that Agent Peterson is likely praised among his peers and the D.C. community for "protecting" government and corporate interests, yet you or I would wind up facing stiff penalties under the DMCA for using the Pringles can as a "circumvention device" to gain "unauthorized access" to this or that network, even if we had the same basic ideals (improving security) in mind?
"Because he works for the Secret Service" is not really much of an answer IMO. I can't go around murdering people I don't like, but neither can Secret Service agents; membership in the law enforcement community is not a carte blanche. If it had been a Secret Service agent who discovered and pondered publishing the flaw in HP's Tru64, would HP still have threatened with the DMCA [slashdot.org]? You're damned right they wouldn't have.
My point is that it's all perception. If ABC Corp. gets a call from the Secret Service saying "Your wireless network is insecure, I could use it to do something nefarious," the IT goober is notified; and either the network is locked down or the incompetent IT manager is fired, tout de suite. If ABC Corp. gets that same phone call from a curious layperson, ABC Corp. gets on the phone with its legal team, subpoenas the phone records, and files suit against the "terrorist hacker perpetrator."
This is wrong, and the underlying perception is one that we're going to have to work very hard to change.
Shaun
P.S. Hi USSS, are you still reading? My homepage hasn't had any hits from eop.gov lately, I feel neglected
I find it fascinating (Score:2)
Pringles Can Antenna (Score:5, Informative)
Re:Pringles Can Antenna (Score:2)
Re:Pringles Can Antenna (Score:3, Insightful)
Re:Pringles Can Antenna (Score:2)
Re:Pringles Can Antenna (Score:2)
FCC??? (Score:1)
Re:FCC??? (Score:2)
Personally im glad... (Score:5, Funny)
Re:Personally im glad... (Score:2)
Of course, I'm Canadian. I think the government here still thinks a toilet costs $9000 - phorm
Re:Personally im glad... (Score:2)
"Peterson's tools are a laptop, a wireless network card and one of three antennae mounted on his car. One is a small metal antenna; the second is a large, white, 2-foot-tall tube; the third is a homemade antenna made out of a Pringles can"
The FUD is working!!! (Score:4, Funny)
-a
Network Security (Score:3, Interesting)
Re:Network Security (Score:1)
I can see the headline now:
"Procter & Gamble, Cisco Systems form strategic alliance."
Re:Network Security (Score:2)
The Article. (Score:1, Informative)
Search for Advanced
Agency Probes D.C. Wireless Network
Sun Sep 29, 1:37 PM ET
By D. IAN HOPPER, AP Technology Writer
WASHINGTON (AP) - Secret Service agents are putting a high-tech twist on the idea of a cop walking the beat. Using a laptop computer and an antenna fashioned from a Pringles potato chip can, they are looking for security holes in wireless networks in the nation's capital.
The agency best known for protecting the president and chasing down counterfeiters has started addressing what it calls one of the most overlooked threats to computer networks.
"Everybody wants wireless, it's real convenient," Special Agent Wayne Peterson said. "Security has always been an afterthought."
The effort is part of a new government plan to build relationships with businesses so that they will feel more comfortable reporting hacking attempts to authorities. Recent anti-terrorism legislation gave the FBI ( news - web sites) and Secret Service joint jurisdiction over electronic crimes.
Wireless networks are cheap; a small one can start at less than $200. They make it easy for workers to wander around with their laptop or handheld computers and for visiting employees with their own computers to get on to the local office network.
These networks are becoming common in airports, universities, coffee houses, businesses, homes and even some public squares. But they are sold with no security measures, and protecting a wireless network from hackers takes more knowledge than what network installation guides typically offer.
Because of security concerns, the White House recently proposed banning some wireless networks in federal agencies. Faced with industry protests, the administration dropped the idea when it released a draft version of its cybersecurity plan this month.
That has led some independent security researchers to drive -- or even use a private plane to fly -- through cities to map networks. Those maps, which are usually posted on the Internet, show where a person can get a free Internet connection on a private network.
The Secret Service ( news - web sites) wants to let businesses know that their Internet connections and private networks might be at risk. Companies informed about security holes can reconfigure their networks to make them more secure.
Peterson's tools are a laptop, a wireless network card and one of three antennae mounted on his car. One is a small metal antenna; the second is a large, white, 2-foot-tall tube; the third is a homemade antenna made out of a Pringles can. They boost the reception of his wireless network card, allowing the agent to point them in different directions to get the best signal.
A Pringles can is ideal because of its shape -- a long tube that lets someone to point it at specific buildings -- and its aluminum inner lining. It acts like a satellite dish, collecting signals and bouncing them to the receiver, which is then wired into a laptop.
Peterson recently drove down a major Washington street and found over 20 wireless networks, many of which had no security at all. Peterson said his probes are part of good police work, like a patrolman driving through a neighborhood.
"I feel it is part of crime prevention to knock on the door," Peterson said.
The act of "wardriving," a term taken from older "wardialing" programs that called random telephone numbers looking for unlisted modems, has become so prevalent that enthusiasts are using chalk marks on streets and sidewalks to point out networks in public places.
Peterson said there has not been any reported "warchalking" in the Washington area yet, but if one was found agents would alert the network owner.
Chris McFarland, head of the Secret Service's Electronic Crimes Task Force, said his agents have begun evaluating computer security along with other concerns when they scout out a place where the president or other protected dignitary will go.
McFarland said, for example, that agents have had extensive discussions with officials at George Washington Hospital about improving its wireless network security.
While the agents plan to offer their expertise to anyone who asks, they are focusing on places most important to their mission of protecting public officials. The hospital is several blocks from the White House and treated Vice President Dick Cheney ( news - web sites) during his heart problems.
Agents also checked out computer systems at the Salt Lake City Olympics, last year's Super Bowl and the World Bank ( news - web sites) in advance of weekend protests.
"People can wreak havoc with these systems very easily," McFarland said. "It's almost like triage."
___
On the Net: Secret Service: http://www.usss.treas.gov
Tax dollars at work (Score:5, Funny)
"Hey Agent 423.. got any more Pringles?"
*munch*munch*munch**munch*munch*munch**munch*mu
"No, but I could sure use another Coke.."
*munch*munch*munch**munch*munch*munch**munch*mu
So how do you secure a wireless LAN? (Score:3, Interesting)
Re:So how do you secure a wireless LAN? (Score:1)
Possibly?
Re:So how do you secure a wireless LAN? (Score:1)
Most of these offices have a firewall, and behind that, every resource on the network is free for all... read write etc.
Security comes in depth. Single point of failure are bad.. etc etc....
Mang, sometimes I'm just baffled at how the same things get rehashed over and over and over... and nobody takes note of them. Both on
sigh.
Re:So how do you secure a wireless LAN? (Score:3, Informative)
Re:So how do you secure a wireless LAN? (Score:1)
BTW, don't why the message was moderated as a troll.
Re:So how do you secure a wireless LAN? (Score:3, Informative)
No web, no bullshit. No-one else can use your wireless to get to the internet or communicate to your machine.
Thanks,
Steve
PS You CANNOT rely on the security of these pieces of shit. Most all AP's come with fucked up open ports that you cannot shut down (Web int is one although I have seen that the piece of shit Netgear AP has 3 open ports, one is snmp which is probably open to the snmp trap bug that was out about 4 months ago.)
Seems to me that the manufactures of these peices of crap dont have a clue about security and decided not to give you the option of security either. Netgear of all place (Banyan Vines right?) should know, but when I called them, all I got was some fucked up off-shore help desk (in INDIA of all places) I sat on the phone working through language barriers to finally find out that the tech of course had no fucking idea of what I was saying. They eventually called me back to tell me that there is no way to turn these services off..... My next stop was the store to return their junk. That is when I decided to buy the piece of shit Linksys that i now have (Although it is better if you ask me, and they support linux). No matter what though, you will have a hard time finding one that is truly secure. Take it into your own hands though. I did. In fact, im writing this from my notebook in my bed, wirelessly.
The knock on the door metaphor, Fed Style (Score:4, Interesting)
Peterson recently drove down a major Washington street and found over 20 wireless networks, many of which had no security at all. Peterson said his probes are part of good police work, like a patrolman driving through a neighborhood.
"I feel it is part of crime prevention to knock on the door," Peterson said.
So that's what port scans are, just knocking on the door, part of crime prevention, and not malicious in and of itself.
Re:The knock on the door metaphor, Fed Style (Score:3, Insightful)
Re:The knock on the door metaphor, Fed Style (Score:2)
yeah i found this quote interesting too. the analogy sounds a little off though. seems to me it's more like a policeman walking through a neighborhood, checking to see whose front doors are unlocked. which is, of course, not what id want the police to be doing to my house. then again, i dont make a habbit of leaving my front door unlocked anyway...
Re:The knock on the door metaphor, Fed Style (Score:2)
I myself don't like port scanning of my systems unless I have authorized it myself. I don't mind an occasional knock on the door regardless of who it is from. But I'm not willing to criminalize port scans.
I recall several times in the past years many cases of hacking in which nothing more than port scans were literally made into federal offenses. I don't recall any specifically, and I my recollection may be faulty.
I don't mind throwing the book at criminals, but I don't want to see legitimate activities criminalized. I don't want to see reasonable activities made unreasonable through silly prosecutions and precedent.
Occasionally I have used telnet to telnet to a machine infected with CodeRed or Nimda. Not to bring it down, but just to see the HTML stream. That's been argued on
I find it interesting to see that the secret service in this instance uses the knock on the door metaphor to indicate the benign behavior. Now, what if that had been you, port scanning whitehouse.gov?
Re:The knock on the door metaphor, Fed Style (Score:2)
i've read many stories about the legal fallout from port scanning. how's this for an analogy: having open ports on a machine is like people leaving their bedroom window blinds open in their highrise apartments at night. sure, the person probably (IANAL) has a legal expectation of privacy, and those peeping in from the next building over could be charged with something. but really, if you want to do something without worrying about people peeking in, why leave the blinds open? you'll not likely catch the guy with the telescope sitting in his unlit apartment, so why give him the chance? unless, of course, that kind of thing turns you on, so you leave the blinds open on purpose. then you invite others to watch.
Re:The knock on the door metaphor, Fed Style (Score:2)
I try not to get into metaphor games. I see the value of having an understandable metaphor, but I am jaded from having seen lots of lawyers fight battles of the metaphor in an attempt to sway people away from facts and/or common sense. So now metaphors just confuse me. Similes are even worse. My poor brain.
Having said that I've always felt that as far as wireless signals go (radio, cell, cordless, TV,
chalked up (Score:1)
Real Security (Score:1)
This is total government waste, and it makes me sick. The government's job is to protect our borders, and the corporations should be in charge of securing their own networks and hiring their own wardrivers, not making joe taxpayer foot the bill.
Re:Real Security (Score:2)
Actually that's only part of the govt's job, a small part at that (thoughtfully named "Border Patrol" so they wouldn't be confused with the "Secret Service.")
the corporations should be in charge of securing their own networks and hiring their own wardrivers, not making joe taxpayer foot the bill.
I agree with that fully, but not because I'm afraid of the country being taken over by people who come here to be cooks and gardners. The dude who wrote the letter to the article you linked is smoking crack. National emergency - give me a break. This guy claims to respect the Bill of Rights yet he advocates a mass expulsion, Milosevic-style. Keep your pants on, man, you're talking about a large disenfranchised and easily exploitable pool of cheap labor -- a problem, perhaps, but hardly a "massive army of invasion and occupation." Get real.
Re:Real Security (Score:1)
They aren't particularly original, either... (Score:3, Funny)
A great Use Of Tax Dollars (Score:1)
Another question is that What if the secret service informed a Sys Admin that his Network was "open". and he was susequently hacked is this sys admin liable for the damage caused??
Britney Spears (Score:1, Funny)
looking at Britney Spears websites?(lycosasia.com)
Too hard? (Score:3, Informative)
Every access point I've ever setup had simple instructions for enabling WEP. Granted, WEP isn't the end-all of wireless security, but I'll bet that the the SS's definition of "secure" and "not secure" is equivilent to "wep" or "no wep". Granted, most of the networks I see wardriving (airboxing!) have a default ssid like "linksys" or "WLAN", so I guess a lot of users probably never even attempt to configure their AP. But it certainly doesn't require "more knowledge than network installation guides typically offer".
Why are we paying for this? (Score:2)
For physical crime, you simply cannot protect yourself easily: there is no low-cost, convenient technology to protect yourself from a bullet or a fist.
But you have complete and easy control over most kinds of cyber crimes: if anything, you save money by going with the safer solution.
In different words, it looks to me like our tax dollars are making up for software deficiencies created by companies that rush products to market and by companies that install technology without understanding it.
Nokia (Score:1, Funny)
Some cool wardriving pics (Score:1)
A sloppy joe can..... (Score:1)
Keeping secret service busy (Score:1)
hum... (Score:1)
"We're from the Government..." (Score:2)
Be careful out there!
I like this, but (Score:2)
On the other hand, maybe the builders of these items will start including some real default security in their products.
Or maybe people will wake up and start taking some responiblity for their actions! (yeah, right...)
Re:I like this, but (Score:2, Interesting)
People will only wake up when they become aware of the issue. Most people don't realize the severity of lax security on computers.
USSS?? Why isn't... (Score:2)
annoying neighbor (Score:2)
No, its acting like an annoying neighbor to knock on the door. It doesn't even occur to this guy that he might just be annoying people who have open networks on purpose.
Re:annoying neighbor (Score:2)
And who has open networks on purpose, besides people who want to pay for total strangers' bandwidth?
(History) The same SS as with Steve Jackson Games (Score:1)
It's nice to see how well your tax dollars are at work,
as others have commented.
It's probably important to point out however, that is this by no
means the SS's first foray into matters having very little to do with
what we traditionally expect of them, nor into so-called "cyberspace."
Look here [eff.org]
for the article entitled "STEVE JACKSON GAMES WINS LAWSUIT AGAINST
U.S. SECRET SERVICE" on the Electronic [eff.org]
Frontier Foundation's Legal [eff.org]
Cases archive.
Alternatively, look at the summary [sjgames.com]
on the Steve Jackson Games site itself, where the answer to "Why was
SJ games raided?" is answered... "guilt by remote association".
How many of us know someone who would also fall under the "guilt
by remote association" blanket? (Have you watched the evening news
recently?)
Perhaps the moral is: Beware of men with dark clothes and sunglasses
eating commercial potato chips these days. (Their initials may be more
than just coincidental, eh?)
The only up side to this that I can see is that this incident led to
the creation of the [eff.org]
EFF itself.
Marist College (Score:1)
Last Post! (Score:1)
null, and darkness was upon the face of the console; and the Spirit of
IBM was moving over the face of the market. And DEC said, "Let there
be registers"; and there were registers. And DEC saw that they
carried; and DEC separated the data from the instructions. DEC called
the data Stack, and the instructions they called Code. And there was
evening and there was morning, one interrupt.
-- Rico Tudor, "The Story of Creation or, The Myth of Urk"
- this post brought to you by the Automated Last Post Generator...