Queensland Police plans wardriving mission

By Brett Winterford on Jul 17, 2009 3:05 PM
Filed under Security

Crack down on unsecured wireless networks.

The Queensland Police plans to conduct a 'wardriving' mission around select Queensland towns in an effort to educate its citizens to secure their wireless networks.

'Wardriving' refers to the technique of searching for unsecured wireless networks by driving the streets armed simply with a laptop or smartphone seeking network connections.

Detective Superintendent Brian Hay of the Queensland Police, who today was honoured by security vendor McAfee with an "International Cybercrime Fighter Award", told the audience at McAfee's Strategic Summit in Sydney that his unit is "about to undertake a wardriving program, in which we drive through areas of Queensland trying to identify unsecured networks".

When unsecured networks are found, the Queensland Police will pay a friendly visit to the household or small business, informing them of the risks they are exposing themselves to.

"It is a simple campaign, much like past police campaigns in which officers walk around railway station checking cars have been locked. If you leave your car unlocked, you come back and find a note from the Police warning you of the dangers involved with leaving your car unsecured," Hay told iTnews.

"We know unsecured networks are a problem," Hay said. "We know the crooks are out there driving around trying to identify these networks. We can't just sit back and not address the issue.

"What we need to do is put it on the agenda. We are pretty sure this is a big problem, so let's test the waters - let's scan the environment. And let's tell people, 'Excuse me, this could happen to you and your family and this is how you can rectify it'."

Hay said the Queensland Police won't require many resources to make the exercise a success.

"We pick out small geographic locations, scan the environment and promote it through the media - highlighting the significance of problem and how to take corrective steps," he said.

Hay said the Police would ideally hope to return to surveyed areas within a month to "see if they've fixed the problem."

He said Queensland Police had discussed the potential to conduct and promote the exercise on conjunction with unnamed corporate partners, but "with or without them, I can assure you the Queensland Police is going to do this. I'll make sure it gets off the ground."

Home and small business users are advised to enable the security features on their home broadband routers, and to replace the default password with a longer one that includes mixed characters.

Queensland Police plans wardriving mission

20 comments in this discussion

"As mush as I hate to admit it this is a really good idea... Most you guys commenting can't think outside the box and are so focused on thinking the cops are trying to "look nice" for "public ..."

By joe_dm

Tags

wardriving, war, driving, queensland, police

Telstra plans repair to North Bundaberg

CommBank glitch delays Queensland Health pay

Arrow Energy hunts for CIO

QLD Treasury Corp drops $15m finance software

Breaking Stories

New NZ IT minister accused of 'extraordinary secrecy'

Govt spies early exit from Telstra contract

Suncorp rules out outsourced IT as customers go online

Accenture wins Health data warehouse deal

Comments: 20

HyRax Jul 17, 2009 4:10 PM	Great! When can we expect the Police to start searching for and cracking down on unsecured SMTP gateways so we can end the scourge of SPAM once and for all?
Sarge Jul 18, 2009 12:40 AM	They can also do port scans while they're at it! Seriously, haven't they got something better to do? I'll be honest though, from my experience, you'll find nothing but secured wireless networks in poor neighbourhoods. When you start getting into the richer places, you'll find every house will have an unsecured network (or just about.) Don't run a wireless network unless you have to, and if you do, use TKIP instead of WEP/WPA.
sbassi Jul 18, 2009 5:03 AM	What about those (like me) that want to leave their connection open? I do it because I like to share, I don't use all the bandwidth I already paid for, so I share.
brindle0812 Jul 18, 2009 9:46 AM	Sbassi - by leaving your connection open you may leave yourself liable for hacking and your privacy being invaded. I think that it is a fantastic idea what the Police plan to do. We are forever reading about poor Bigpond users getting bills for thousands of dollars, and this happens to those who can least afford it.
Lucanos Jul 19, 2009 7:31 AM	Bandaid solution at best... Why not require that Wireless Router/Access Point manufacturers include a bulletin from the Police, or published in conjunction with the Police, into the package with their products? Something with a police logo on it is far less likely to be trashed compared to the normal user manual (written in 17 languages). Alternately, they could require that any Wireless Router/Access Point is set, by default, with the Wireless switched off, and that when a user access the device to switch it on, it prompts them to secure it and then provides a warning about the dangers of having an open network if the user specifically wishes to do so. Much better solutions, in my opinion, as opposed to simply driving down a few streets and knocking on people's front doors. Get out there and catch real crooks, for crying out loud!
brissietex Jul 19, 2009 2:39 PM	Ahhh great...another waste of taxpayer money. Don't get me wrong...coming from a network admin, open wireless networks = bad idea but this is just another publicity stunt by the misinformed for the ignorant. It is money not very well spent. Better to spend the money on informing the public about this and catching the ATM hackers and identity thieves out there.
dmkst Jul 20, 2009 10:55 AM	@Sarge Hahahahahaha, use TKIP instead of WEP/WPA. Lool. You made my morning.
ADSLNerd Jul 21, 2009 12:12 PM	What a wonderful waste of money and effort. Frig I can walk around the block and find non secured networks. As long as you have WPA2 encryption with TKIP, then add Mac filtering etc, you wont have any issues. What they fail to mention is if SSID broadcast is disabled, they wont see a thing :) lol. Looks like us WiFi users are more important than drug traffickers and criminals. This is purely being done as an exercise in public relations to make it look as if the police are doing something good. Honestly, wifi networks are none of the Police's business, and they should stick to what they are paid to do. Leave the Wifi networks the people who know what they are doing. And yes, most people dont secure their networks because they dont know how to, but its up to them to ask people in the know or contact their ISP / router manufacturer. I honestly wouldnt trust the police with wifi network info, as who knows what they could do in future.
RL Jul 21, 2009 3:16 PM	Those who say this is a waste money should look at the bigger picture. By educating people to secure their wireless access points (by doing it, or just talking about it in the media) the police make it harder for criminals to abuse them to look at child porn and other illegal material. Good on 'em. ADSLNerd: putting your ridiculous paranoia aside for a minute... Do you think that the cops would care about your wifi network info? If you're on their radar for doing bad stuff, they'll simply intercept your traffic at your ISP - all your packets belong to them.
ADSLNerd Jul 21, 2009 5:14 PM	@RL. Its up to people to educate themselves regarding these matters, and its not for the Police to be involved at all. They should be getting crims, not telling people their networks are open / unsecured. People have to educate themselves, not always rely on others. If people have open networks and its taken advantage of due to their lack of knowledge, they deserve it. It might teach them not to take technology for granted. Im not paranoid about anything, Im just saying there is always a way around. If your in the know you have nothing to worry about. There is plenty of info on the web on how to secure your network - its not rocket science.
RL Jul 22, 2009 11:15 AM	ADSLNerd: People should educate themselves, but they don't. They just want their computer to work and security is more time/hassle without any perceived gain. That is, until they get a massive bill for overuse or they get a knock on the door from the Police for surfing child porn. By highlighting this as a problem, the Police are saving themselves the wasted resources of these wild goose chases and raise the bar for criminals to hide where they're connecting to the Internet. The Police regularly cop flack for their perceived lack of response to computer crime, so I applaud their proactive efforts in this case. "I honestly wouldnt trust the police with wifi network info, as who knows what they could do in future.". To think that the police might use your trivial network info for "who knows what" seems a little paranoid to me.
asylum119 Jul 26, 2009 10:24 PM	Wardriving on unsecured wifi (amateur chalking at the most) When one says wardriving i think about Secure wireless and WEP cracking Spoofing the mac address for dodgy router logs A keychain wifi detector (to save battery power in ones laptop) And criminals that hack a secure wifi connection for total anonymity on the internet Last but not least Australians being offered a very poor service by ISP's from everything including bandwidth, speed, security, limitations, price and user agreements. Its 2009 ppl If you are a victim of having your wifi supplied by your ISP with security inbuilt hacked and used for lets say a mass email campaign, do the federal police treat you accordingly ? or are you the victim ? after all how do you explain that you were hacked ? your ISP has supplied you with security and they will not say that their supplied security is flawed. Your ISP will stop your service for illegal activities, and the Federal police will investigate the matter. (So why are non federal police "wardriving" ? ) Lets have the police do wardriving on ISP supplied routers, and when they bust the WEP encryption in less than 1 minute, follow up with a report and fine the ISP providers for supplying a customer with a unsecured router. (or defective security) But wardriving police seeking unsecured wifi is a wast of money, Maybe seven years ago it would have been an idea, Why don't they just set up a wifi honeypot to do their research, hackers will come to them rather them wasting time. perfect to evaluate the problem. Now they should be focusing on a wifi standards report - i suggest a router with dongle (still old news but much safer) But honestly why do the ground work when it is already done ? http://www.wigle.net/ is just an example of the top of my head If you have wifi, i suggest using mac addresses for access to the router with WEP (if WEP is your only option)
RegRipper Jul 27, 2009 8:27 AM	WPA+TKIP has already been broken via dictionary attack, so I wouldn't recommend using TKIP. So you should be using WPA2+CCMP. WPA2-Personal with pre-shared keys is still vulnerable if the keys are not random or short. Here is a summary of WPA2-Personal+CCMP for home routers http://www.gdt.id.au/~gdt/blog/gear/wpa2
RegRipper Jul 27, 2009 8:38 AM	@asylum119 - Er, ever heard of a 12v inverter to run your Laptop in the car? As for the police "wasting" money doing the pentest, they just drive around on their normal beat, with a laptop, GPS, logging everything. They upload the data when they get back or via 3G, someone else then reviews the data and sends notices out. Security is everyone's responsibility, not the ISP's or the Police, and you can only get fined if you break a law or Act, last time I checked, securing your WiFi wasn't on any of them.
asylum119 Jul 28, 2009 12:50 AM	@regripper - sounds a bit high tech for qld police doesn't it ? As for the 12v inverter, a keychain wifi detector is much more efficient than scanning through your cpu at 60 clicks. I do not condone breaking the law, just saying that wifi connections left open wont stop wardriving, as secure wifi in to many cases is still open to being hacked. So why wast money if it wont fix the problem. Fully automated police unsecured wifi, gps, and mail out lol One step forward and two back, but at least security is on the agenda. Better ways to skin a cat
nate.cochrane Aug 3, 2009 9:47 AM	It's worth considering the national security implications of open wireless networks. At many internet cafes and kiosks around the world, surfers are required under national security laws to present identification before they can browse the web, send emails, enter chat rooms etc. Although I'm not saying that's why Qld police in this instance would want to crack down on open networks but they are security holes to such ID-checking schemes. Consider the implications if your open wireless network were to be used without your knowledge for illicit purposes. ISPs also need to address the security implications of their installations; many install wireless APs without security switched on.
Kiwias Aug 25, 2009 9:29 AM	Police have an obligation to remind people to lock doors and windows in homes and offices, lock doors in cars etc. We've had locks for a long time but people still need to be told to keep it top of mind. So, highlighting the need to protect a relatively new asset that most people don't understand seems to be a good idea. Highlighting this service is akin to police walking the beat - being highly visible is a deterrent to many. It is a little disinegnuous to suggest that police should only be looking at the activities of criminals; it is also important to educate and reassure potential victims.
Bazwalt Nov 3, 2009 1:19 PM	O.K so let me get this straight - the cops are trying to teach wifi owners a lesson by scanning and connecting to their network? They're pretty much doing what the criminals do - why do they get off doing that? Pretty hypocritical imo. I like the idea that police are showing initiative but whether a connection is secured or not is none of their business. There are more pressing matters which require police intervention such as drug dealers, pedophiles, illegal imports and murders.
somme1 Nov 5, 2009 3:14 PM	Few points: 1. As fars I know it's not illegal to not have your wifi unsecured 2. it's not that easy to pinpoint the owner of a wifi network by just driving past. 3. plenty of people are stuck using easy to hack WEP because they have devices that don't support WPA 4. personally I view an unsecured (or even weakly secured) wifi network as a protection - ie if someone hacks your secured network, if you can't prove they did, you will end up being held liable for their actions; but if your network is not secured, it makes it impossible for you to be held liable for others actions.
joe_dm Mar 3, 2010 2:39 PM	As mush as I hate to admit it this is a really good idea... Most you guys commenting can't think outside the box and are so focused on thinking the cops are trying to "look nice" for "public reputation" or something like that. But in reality they are taking on a big issue, If a user is too stupid to secure their network let them get hacked I don't care, neither do most the cops involved I'm sure but guess what, It's not them or the war drivers getting free downloads they care about but the BIG guys, ever wanted to hack the FBI and get away with it, unsecured networks... Lets crash google... Unsecured networks... Money laundry, Organized Crime and oh yeah terrorism... Do you think they do this on their own connections. Ahahaha would you? So all of a sudden wireless networking gave all these people and more access internet at random points all over the world, add this with some high level encryption and suddenly every computer in the world becomes a potential suspect since anti crime organizations have no way of knowing whoz network is insecure or open. This is the big picture... its a lot bigger than chasing petty crime, and the only way to correct this is to educate the public because lets face it there's a lot of idiots out there... You might even be one of them and not even know it... So hows about instead of insulting we assist and save a few tax bucks for some other waste of money I'm sure they will find to do with it.