Magazine article Security Management

Chalk It Up to Experience. (Tech Talk)

Magazine article Security Management

Chalk It Up to Experience. (Tech Talk)

Article excerpt

A network administrator arriving at her office building notices a strange chalk drawing on the sidewalk. She dismisses it as graffiti, not realizing that it is actually a sign-called warchalking--that identifies an unprotected wireless connection emanating from her company network.

Once a company's wireless node is publicly identified, anybody with a laptop and a wireless networking card can use it to access the Internet. While most warchalkers are just trying to get free Internet access, that access goes through the corporate network, thus endangering the network itself--and any sensitive information it contains.

Many companies have wireless nodes that could be similarly hijacked, according to John Bumgarner, CISSP, CEO of Cyber Watch, Inc., who has located hundreds of wireless nodes in Charlotte, North Carolina, although he says that he hasn't seen any warchalking evidence yet. However, Web sites dedicated to warchalking show that the phenomenon has caught on from Berkeley, California, to the United Kingdom.

Bumgarner says that wireless nodes are often created by office workers who, without permission, install hardware on the corporate LAN that allows them to connect to the network in a meeting room or cafeteria, or, with a simple antenna, from even farther away. Wireless signals from legitimate wireless networks also simply "leak" through walls and floors, allowing those in neighboring floors or buildings to access the nodes, he says.

If warchalkers are helping potentially malicious users find unsecured networks, are they committing a crime? Possibly, say cybercrime legal experts, but one that will be very difficult to prove. According to Arif Alikhan, assistant U.S. attorney for the central district of California and chief of that office's computer crimes section, "If you're [warchalking] just to mark where the access points are, in and of itself, it may not be illegal. But if it's done with the purpose of trying to aid and abet or assist other people to illegally gain access to a system, then it could be problematic." He says that prosecutors would have the difficult task of proving that the warchalker had the specific intent to aid and abet, or enter into a conspiracy with, somebody who later commits a cybercrime. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.