Wardriving is the practice of using vehicles equipped with sophisticated antennas to use someone else’s Wi-Fi connection. There is controversy over whether this is criminal, unethical, or allowable because there is little harm done. One case in Seattle, Washington demonstrates that wardriving can be used for criminal intent. In this case a group of three wardrivers drove around and parked near where the businesses were located. They then used high-tech antennas and laptops to access the networks of businesses. In one case, the network was encrypted, but the criminals were able to penetrate it anyway (Murphy, 2011).
The crime was discovered when the employees at one software company did not receive their paychecks (Murphy, 2011). Police then began receiving reports of similar things happening at other businesses. In all, 53 businesses were targeted by this band of wardriving thieves. As it turned out the thieves used the Wi-Fi network to penetrate the company system and then could do as they pleased once inside (Murphy, 2011). They diverted the employees’ paychecks to a bank account in Denver, where funds could be quickly withdrawn using ATM cards (Murphy, 2011). Losses were in the hundreds of thousands (Murphy, 2011).
The electronic burglary was not officially discovered until the paychecks were stolen, but many businesses were beginning to accuse their own employees of embezzlement for some time prior to the official discovery of the crimes (Murphy, 2011). The losses from this case were approximately $3 million (Carter, 2012). This scheme targeted small businesses. When one considers the size of the businesses involved, the losses were significant for the companies that were hit. In addition to rerouting paychecks and stealing passwords, they also uploaded malware to the systems. It was found that the criminals were using the money to buy luxury items (Bishop, 2011). Aside from the economic losses, even though the incident did not involve theft of customer accounts, news of the breach could damage consumer faith in the businesses.
Specific details were not provided about how the individual businesses handled the loss, other than that they contacted the police once the crime was discovered. The crime went on undetected for almost three years (Carter, 2012). The thieves would make regular withdrawals from the business accounts. In one instance, the thieves had inserted themselves onto the payroll sheets for direct deposit (Carter, 2012). The same crime ring also committed several burglaries the old fashioned way (Carter, 2012). Employee identities at the companies were also stolen (Carter, 2012).
The fact that this crime spree went on undetected, and that small businesses were hit suggests that they companies did not have the latest in intrusion detection software on their systems. Wireless Intrusion Detection software can tell the operator who is on their network and it the computer is an authorized, or unauthorized intruder (Gopinath, 2009). This software was available at the time of the thefts. It is not known how many of the companies took proper precautions to secure their networks, but in at least one case the network was password protected and the hackers could get in anyway.
The level of sophistication that is available to hackers today requires experts to keep businesses safe. Hiring a computer security professional would be a wise investment for small businesses who do not have the funds to hire a full-time staff. The professional could help them to upgrade their policies, recommend intrusion detection software. There is also an indication that in many cases, the companies need to engage in better auditing practices overall so that they can detect when something is amiss more quickly.
Hiring a professional to help them protect their system and developing up to date policies regarding computer use and requirements would help to prevent such attacks in the future. Keeping up with intrusion detection software is an essential component in keeping a system safe. In this case, the losses would not have been as significant, or perhaps not occurred at all had the companies followed these recommendations. The software would have either blocked the intrusion or alerted the businesses quickly. The thieves would not have been able to repeatedly breach into the system over a period of years.
The thieves were using highly sophisticated software and equipment. It is possible that as the technology used by hackers is becomes more sophisticated, it might not be possible to stop all system intrusions. These thieves were able to crack passwords in order to gain access to systems that had made an attempt at protection. However, advanced intrusion software would have alerted someone the minute they were into the system as an unauthorized AP.
This case demonstrates the level of sophistication that hackers have available to them to access a system unauthorized. Small businesses are often easy targets because they either are not aware of what security measures are needed. They might not feel that they are in danger of becoming a target, or they might not have the funds to hire a consultant or purchase the needed software. This makes small businesses vulnerable. In searching for cases involving Wi-Fi as a means to gain access to a system, no major storied could be found since the 2007 TJ MAXX theft. Most larger businesses and systems took their lesson from this case and invested in sophisticated protection for their system. Many large corporations have IT professionals who specialize in security. The Seattle black Mercedes wardriving case was largest loss that could be found involving Wi-Fi in the past five years. The losses were significant because small businesses were the ones hit and this could have devastating effects on them. This case teaches that taking appropriate measures in system security is a necessity for any sized business.
- Bishop, T. (2011). Seattle trio accused of crazy high-tech crime spree. Geek Wire. Retrieved from http://www.geekwire.com/2011/seattle-trio-accused-crazy-hightech-crime-spree/
- Carter, M. (2012). Seattle men behind cyber-crime spree sentenced to prison. The Today File. Retrieved from http://blogs.seattletimes.com/today/2012/05/seattle-men-behind-cyber- crime-spree-sentenced-to-prison/
- Gopinath, K. (2009). 5 Wireless Intrusion Detection Questions You Should Worry About. Mojo Networks. Retrieved from http://blog.mojonetworks.com/5-wireless-intrusion-detection-questions-you-should-worry-about/
- Murphy, K. (2011). High-tech criminals target Seattle-area businesses. Los Angeles Times. Retrieved from http://articles.latimes.com/2011/sep/22/nation/la-na-wardrivers-20110922
