After confronting a war driver once, I asked him, “Why do you do it?”
His statement to me was rather interesting in the fact that it was a
contradiction of terms, yet so many of his peers also had the same answer.
One response was “to educate the public to the existence of these insecure
means of accessing networks and the Internet.” The second response was
“amenity or the ability to go online without any record of it being traceable
back to them.” Now, thinking about this, if the goal was to have an
untraceable Internet connection, then why expose the networks to the
public eye? Well, at least the question was answered like a true politician.
Credit must be given to a teenage hacker who has professional speaking
skills like that.
How would someone track down a war driver? The FBI had several
public cases of arresting criminals using wireless networks to compromise
retail store networks. They were tracked down so we know it is possible;
so let us learn how.
Once the investigation starts, a forensic team arrives on site and dumps
the configuration and stored memory of all network devices and servers
that were affected. Once this data has been properly removed, in accordance
with the chain of evidence, it is properly examined at a lab. This
examination process is a timely one, so much so that it can make many
incidents considered not financially worth the effort. Many cases are too
small to warrant the massive effort needed to investigate.
After the lab results are examined, one can see where the perpetrator
first entered the network. Because this was on a switch connected to an
access point, one can determine that they came in over the airwaves.
Once this information is identified, one can determine the wireless network
interface card’s MAC address. This address is hard-coded onto the card
by the vendor and is regulated in a sense, which makes it globally unique.
Some clever hackers have the ability to change the card’s MAC address,
but as time has shown, many do not take the time to do this.
After the MAC address has been determined, one of two things can
happen. First, the police can get a warrant to search any suspect’s home
for the network card in hopes of finding it and its matching MAC address.
In a highly important case, such as one that involves terrorism, the FBI might go back to the card maker and track that card’s movement from
creation at the manufacturer’s factory, to the distributor, then to the retail
store and finally to the purchaser. This is an easy task to accomplish,
although it is very time consuming. It works by correlating many different
data sources to limit the number of people to question. Looking at the
tracking of the card itself, a vendor can show proof of its arrival at a
warehouse or retail store. Once it is proven that it has arrived at a retail
store, one only needs to find out who bought it. The first round would
be to look up all transactions on the point of sales machines for anyone
who purchased any of the vendor’s network cards. Looking at this gives
credit card information for anyone who used that method of payment.
Most likely, if someone were going to do something illegal, he or she
would have paid in cash. Well, it is also easy just to look on the store’s
video camera correlating all the times that any of the vendor’s cards were
purchased minus any purchases made with a credit card.
After looking at how wireless war drivers can be tracked, one gets to
a more important point about wireless devices. All bi-directional communicating
wireless devices emit radio waves; so in a sense, all wireless
devices can be tracked in one form or another. One will see that most modern-day wireless devices have some
type of tracking method associated with them. Next time you see some
amazing new RF technology, remember the statement above. No matter
what manufacturers say about their technologies, any
bi-directional
communicating wireless device can be tracked.
