Foreword

When I was thirteen years old and my father got an IBM PC-2 (the one with 640k!) at a company discount, my obsession with computers and computer security began. Back then the name of the game was dial-up networking. 300-baud modems with “auto dial” were in hot demand! This meant that you didn’t have to manually dial anymore!

You could see where this was going. It would be possible to have your computer dial all the phone numbers in your prefix looking for other systems it could connect to. This was a great way to see what was going on in your calling area, because seeing what was going on in long distance calling areas was just too expensive!

When the movie “War Games” came out, it exposed War Dialing to the public, and soon after it seemed everyone was dialing up a storm. The secret was out, and the old timers were complaining that the newbies had ruined it for everyone. How could a self-respecting hacker explore the phone lines if everyone else was doing the same thing? Programs like ToneLoc, Scan, and PhoneTag became popular on the IBM PC with some that allowed dialing several modems at one time to speed things up. Certain programs could even print graphical representations of each prefix, showing what numbers were fax machines, computers, people, or even what phone numbers never answered. One friend of mine covered his walls with print outs of every local calling area he could find in Los Angeles, and all the 1-800 toll free numbers! In response, system operators who were getting scanned struck back with Caller ID verification for people wanting to connect to their systems, automatic call-back, and modems that were only turned on during certain times of the day.

War Dialing came onto the scene again when Peter Shipley wrote about his experiences dialing the San Francisco bay area over a period of years. It made for a good article, and lured some people away from the Internet, and back to the old-school ways of war dialing. What was old was now new again.

Then, along came the Internet, and people applied the concept of war dialing to port scanning. Because of the nature of TCP and IPV4 and IPV6 address space, port scanning is much more time consuming, but is essentially still the same idea. These new school hackers, who grew up on the Internet, couldn’t care less about the old way of doing things. They were forging ahead with their own new techniques for mass scanning parts of the Internet looking for new systems that might allow for exploration.

System operators, now being scanned by people all over the planet (not just those people in their own calling region) struck back with port scan detection tools, which limited connections from certain IP addresses, and required VPN connections. The pool of people who could now scan you had grown as large as possible! The battle never ceases.

Once wireless cards and hubs got cheap enough, people started plugging them in like crazy all over the country. Everyone from college students to large companies wanted to free themselves of wires, and they were happy to adopt the new 802.11, or WiFi, wireless standards. Next thing you knew it was possible to accidentally, or intentionally, connect to someone else’s wireless access point to get on their network. Hacker’s loved this, because unlike telephone wires that you must physically connect to in order to communicate or scan, WiFi allows you to passively listen in on communications with little chance of detection. These are the origins of WarDriving.

I find WarDriving cool because it combines a bit of the old school world of dial up with the way things are now done on the net. You can only connect to machines that you can pick up, much like only being able to War Dial for systems in your local calling area. To make WarDriving easier, people developed better antennas, better WiFi scanning programs, and more powerful methods of mapping and recording the systems they detected. Instead of covering your walls with tone maps from your modem, you can now cover your walls with GPS maps of where you have located wireless access points.

Unlike the old school way of just scanning to explore, the new WiFi way allows you to go a step further. Many people intentionally leave their access points “open,” thus allowing anyone who wants to connect through them to the Internet. While popular at some smaller cafes (i.e., Not Starbucks) people do this as all over the world. Find one of these open access points, and it could be your anonymous on-ramp to the net. And, by running an open access point you could contribute to the overall connectedness of your community.

Maybe this is what drives the Dialers and Scanners. The desire to explore and map out previously unknown territory is a powerful motivator. I know that is why I dialed for months, trying to find other Bulletin Board Systems that did not advertise, or were only open to those who found it by scanning. Out of all that effort, what did I get? I found one good BBS system, but also some long-term friends.

When you have to drive a car and scan, you are combining automobiles and exploration. I think most American males are programmed from birth to enjoy both! Interested? You came to the right place. This book covers everything from introductory to advanced WarDriving concepts, and is the most comprehensive look at WarDriving I have seen. It is written by the people who both pioneered and refined the field. The lead author, Chris Hurley, organizes the WorldWide WarDrive, as well as the WarDriving contest at DEF CON each year. His knowledge in applied WarDriving is extensive.

As WarDriving has moved out of the darkness and into the light, people have invented WarChalking to publicly mark networks that have been discovered. McDonalds and Starbucks use WiFi to entice customers into their establishments, and hackers in the desert using a home made antenna have extended its range from hundreds of feet to over 20 miles! While that is a highly geek-tastic thing to do, demonstrates that enough people have adopted a wireless lifestyle that this technology is here to stay. If a technology is here to stay, then isn’t it our job to take it apart, see how it works, and generally hack it up? I don’t know about you, but I like to peek under the hood of my car.

—Jeff Moss
Black Hat, Inc.
www.blackhat.com
Seattle, 2004