Monday, April 25, 2011

Wardriving, the new easy entry career

If I were writing an ad for someone offering better security practices, I'd use the headline:
Got WEP Wi-Fi? Then you're toast.
Want to see how easy it is to hack into a Wi-Fi system that uses WEP security keys? Just go to YouTube and search. You'll soon find a crackling-voiced and probably pimple-faced adolescent showing you how to do it in just a few minutes (sorry, I'm not going to do your homework for you). Then charge up the battery on your laptop and go driving around neighborhoods populated with luxury homes. Pretty soon you'll be accessing some really rich people's banking and credit files. And if you're lucky enough to find a mansion with a few newspapers lying on the driveway (indicating the target is on vacation), you can probably write yourself a nice check from their online bank account (hint: their passwords are sitting unencrypted in their address book under the name of their bank).

Most of the currently reported wardriving exploits go after larger retail establishments through their Wi-Fi systems (see today's news story), since today's cyber criminals are going after quantity, not quality. Why risk getting caught in a sting directed at larger criminal organizations (law enforcement would rather go after lower hanging fruit than the one-off targeted thief), when you can have a nice little boutique thievery operation that flies below The Man's radar?

Yes, my solution will sound like a broken record:
Licensed and bonded cyber privateers could sell insurance policies to the private banking operations of larger institutions, who could in turn indemnify their best (rich guys) clients. And those banking operations could act as their own bonding authority, thereby streamlining the approval processes.
I defy you to come up with a better, more efficient, and highly deterrent approach.

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?