Shall We Play a Game?

Wardialing , made famous by the movie WarGames in 1983, is like knocking on the door of 10,000 neighbors to see who answers. You make a note of those that do and come back later to check out the house.

The act of wardialing is as easy as it gets ”a host computer dials a given range of telephone numbers using a modem. Every telephone number that answers with a modem and successfully connects to the host is stored in a log. At the conclusion of the scan, the log is manually reviewed and the phone numbers are individually dialed in an attempt to identify the systems.

You d be surprised at what sorts of systems are accessible through the modem. Even today, most security administrators still ignore the threat of wardialing.

Who s going to find this and why would they want to? they think, We need to focus on the security hot spots of our network, like the wireless and Internet connections.

However, that poor, forgotten modem connected to the computer in the telephone closet will answer to anyone or anything that calls its assigned phone number. Unsecured modems are usually the easiest way into a target network.

Modems are equal opportunity ”they don t discriminate. PBXs, UNIX, VAX/VMS systems, remote access servers, terminal servers, routers, bulletin board systems, credit bureaus, elevator control, hotel maintenance, alarm and HVAC control, paging systems, and, of course, telephone switches. There s something for everyone if you just have the patience.

The Don s next step was to decide on a way to call the numbers in Africa for free from Iceland. Free phone calls are not a difficult thing to obtain. The Don could use a stolen credit card, calling card, or mobile phone, reroute his call through a corporate PBX, or take advantage of a misconfigured outdial, a feature of some remote access network equipment which allows you to call in to the device on one modem and dial out on another.

He chose to go with using a stolen mobile phone. Since wardialing a complete prefix takes usually three or four days of nonstop dialing, The Don needed to make sure to obtain a phone that wouldn t immediately be noticed as missing. One that was left in an office on a Friday afternoon would do just fine ”the owner wouldn t return until Monday to notice that the phone had disappeared. Even then, the owner might fumble around for a few more days while thinking it had legitimately been lost.

Not only was a stolen phone easy to get hold of, The Don could wardial from any location within Iceland where Og Vodafone provided service. Better yet, it was untraceable. He d just destroy the phone when he was done.

The next evening, The Don made a few calls and walked down to the Tj rn, the park and pond in city centre . Feeding the ducks , he waited.

As expected, one of The Don s acquaintances , a fence from the neighborhood, stopped by. They shook hands and exchanged pleasantries as they strolled the path along the water. The Don handed the fence a small envelope filled with currency and received a small plastic shopping bag in return. The bag contained a Nokia 6600 tri- band smartphone and stolen SIM card. Just what he had asked for.

Back in his flat, he grabbed the required drivers from the Nokia support Web site and connected the Nokia 6600 to the serial port of his computer. Now, the computer would simply treat the phone as a landline modem.

ToneLoc is The Don s wardialer of choice. Although it s a few years old, it works fine with current Windows versions. He set up a spare machine to dedicate to the task. He isn t worried about being in a fixed location. It will be obvious that thousands of numbers are being dialed from the same phone within the same cell location, but The Don would be done wardialing before the corporate wheels of fraud detection start turning, and the phone would be long gone by then.

The numbering system in Mauritius uses a fixed 7-digit format and a country code of 230, so configuring ToneLoc to run was easy:

 toneloc emtel.dat /m:230-465-xxxx. 

With the wardialing happily on its way, The Don turned off the monitor screen, locked the door behind him, and headed out toward the street.