By Ray Stern
By Ray Stern
By New Times
By Amy Silverman
By Stephen Lemons
By Stephen Lemons
By Monica Alonzo
By Chris Parker
For a couple of professional computer security geeks like Rusty and Slip, such "Oh, no!" seconds usually occur immediately after relatively picayune programmer mishaps like executing a data back-up with open documents in use, or hard-deleting a file that turns out to be a system goodie.
But this time, the error Chiles just committed may very well be fatal -- and not just in an IT specialist's sense of the word.
Rusty and Slipnode have taken a computer on a road trip, the central requirement of the hobby they like to call "wardriving" -- searching by antenna for vulnerable wireless networks -- and they've been checking the screen constantly instead of keeping their eyes on the road.
"It's cool just to take a computer along and have it beep' at you when you find another network," Chiles grins, attempting to explain the peculiar appeal of wardriving (its name derives from the old-school hacker activity of wardialing, the telephone exploit made famous in the 1983 Matthew Broderick nerd classic WarGames).
For guys who spend the majority of their waking hours hunched over computers in dingy office cubicles, wardriving may be the ultimate extreme sport. But the out-of-doors is not the geek's native habitat. And on the street, out in the real world, a crash is more than just something computers seem to do at the worst possible time.
Out the passenger side window, Rusty and Slipnode notice that a hefty blue Dodge Ram truck, running a yellow light, is about to live up to its name.
"Whoa!" Slipnode yells as Chiles guns the gas pedal just in time to successfully clear the Altima's rear end from the path of the oncoming Ram.
For the past 15 minutes, Chiles and Slipnode have been complaining about the negative image of wardrivers in the media; how the news paints every computer whiz with a Pringles-can antenna and a laptop as a nasty little identity pirate out to peek at Grandma's e-mail and raid corporate databases. "It's really more of a game," Chiles had said earlier, "where the object is just to find the most wireless access points. But rule number one is, you never connect."
Now even Chiles and Slipnode have to admit the avid wardriver does perhaps pose a certain menace to society.
"That's the real danger of wardriving," Chiles laughs through shortened breaths after slowing the car down and making a cautious right onto Mill Avenue. "Driving through the streets of Phoenix with a computer in your car!"
They're the Hells Angels of the information superhighway, the "drive-by hackers" and wireless wardrivers who are worrying us to death and making us all feel sorry we bought those nifty little $99 boxes that make it possible for us to surf the Net while on the toilet.
The explosion in sales for wireless access routers, little radio boxes that spread out a single high-speed Internet connection wirelessly all over the house or office, has become a phenomenon in the computer equipment industry. Already, more than three million households are estimated to have wireless networks, a number analysts predict will double this year and reach annual sales of 20 million by 2005.
We love how easy it is to get all the family computers on the Web and sharing a printer without having to snake a bunch of cables through the walls. But the notion that we're also sharing that connection with anyone passing by who knows a bit more about computers than we do is beginning to feel a little creepy -- a feeling only heightened by sensationalistic news stories.
"This man could steal your identity out of thin air just by driving down the street," began a recent special report on KCBS in Los Angeles. "Or steal your credit card information without ever touching your wallet!"
Chiles and Slipnode are fed up with that image, and want people to know most wardrivers are just harmless geeks who work long hours testing and fixing security vulnerabilities, or "holes," in computer networks and get a kick out of driving home from work and seeing how many other holes they can find.
"The main good-guy factor in wardriving is spreading the awareness of unprotected networks and closing up holes," says Chiles, relating the role of the wardriver to a benevolent Terminix man. "You can find excitement just discovering those open networks and pointing them out, without doing anything else."
For his part, Rusty solicits wireless-spotting data from wardrivers all over the state and keeps a running tab -- along with precise, GPS-generated maps -- on his Web site (Google "Wardriving Arizona" and you'll find it). Recently, Chiles was the organizer of the Phoenix leg of July's international Worldwide Wardrive, the third event of its kind to draw mobile hackers from seven different countries to find and map the wireless access points available in their cities. Around the Phoenix area, Chiles and the other local wardrivers who signed up on his Web site discovered some 8,844 access points, two-thirds of which were "wide open," according to Chiles.
Slipnode, a computer security evangelist who hosts his own weekly Web talk show with other IT buddies on his site, Slipnet.com, considers wardriving an "informational thing" and believes he's providing a valuable service to the vast Internet for Dummies crowd, basically letting them know when their digital fly is unzipped. "If everyone knew what we knew, they'd be better able to secure their network," Slipnode says. "There's a lot to learn and use in the real world from people who are wardrivers."
Still, judging from their needlessly paranoid behavior and their pattern of revealing even the most banal information as if they're sharing precious government secrets ("I guess we can say this," they continually check each other), it's clear Chiles and Slipnode are enjoying the "bad boy" image seldom applied to meticulous geeks like themselves.
All night long, the slightly guarded Chiles, in long red sideburns and a gray "Chicks Dig Unix" tee shirt, and his buddy Slipnode, an intense, serious-minded twentysomething who refuses to give his real name (but insists on using his nickname "for the fame"), have been cruising around Mill, pointing out all the open wireless networks they can detect with their IBM Thinkpad and the three antennas attached to Chiles' Altima. "I put the omnidirectional on the roof, because that draws signals from all directions," Chiles explains at the start of the ride, "and I put the two directionals on the sides, so I can get signals that are way far away."
With such a setup, Chiles says, he can detect the presence of literally thousands of open access points all around Phoenix -- running usually without even the simplest privacy protection in place. The same technically challenged consumers whose VCRs are still blinking "12:00" are now snatching up inexpensive Wi-Fi boxes and unknowingly broadcasting all their e-mail messages and private downloads to anyone within a 300 to 1,000-foot radius who happens to be carrying a Wi-Fi-equipped laptop or PDA.
If one wanted to, Chiles and Slipnode confide, one could wreak any amount of havoc on the computers sitting around out there with their virtual front doors unlocked.
"With a setup like this, technically it would be possible for any kind of data to be intercepted," Chiles confesses. "Simple packet-sniffing software could catch chunks of data that are being transmitted, and it would be possible to reconstruct all the data that was in the air -- credit card info, personal records, whatever."
A tech-savvy terrorist could even hop on someone else's wireless network to hack into government computers and launch a virus without leaving a trace of his location -- a possibility the FBI takes very seriously. "We know that an attack could bring down the network of this country very quickly," warned Daniel Devasirvatham of the feds' Homeland Security Task Force at an industry conference last December. "Once you're on the network, it doesn't matter where you got in."
Not that Chiles and Slipnode would ever engage in such nefarious activities themselves, of course. "There's a super fine line between having the knowledge to do something and actually doing it," Slipnode says. Most guys who wardrive get off on the power trip of imagining all the havoc they could create but are too smart -- or possibly just too nerdy -- to actually carry out their scheme of world domination.
"It's a real feeling of power, just having all that knowledge," Chiles says.
"But all you have to do is use it," Slipnode adds, "and then you've crossed that line, between expert and criminal."
"And nobody in the wardriving community," Chiles agrees, "wants to push those buttons."
Perhaps that's why, even with all the possibilities for mischief opened up by wireless devices, we've yet to see a single bank system crumble, or witness the global information infrastructure shut down or find a single CIA e-mail deliberately get misrouted to the Taliban.
"The interesting thing is, there have been no news reports yet of any malicious attacks launched over a wireless system," says Chris Hurley, a.k.a. Router, a Washington, D.C.-based information security engineer who presented a speech titled "Myths, Misconceptions, the Truth and the Future of Wardriving" at the DefCon 11 hacker's convention held earlier this month in Las Vegas. "I mean, have you even heard of one incident where an attack was launched from a home user's wireless access point against the government, against commercial business? Against anybody? I haven't heard of one case where that's been proven."
Indeed, the most calamitous incident anyone has reported so far concerned a guy who had just bought a wireless card for his laptop at a Best Buy in Minneapolis and discovered that he was able to see packets of network data that included customer credit card information leaking out from the sales terminals connected to the store's wireless network. While the parking-lot hacker easily could have used his discovery to run up hefty bills on thousands of credit cards (the same vulnerability was later found at more of the chain's 1,900 stores before Best Buy quickly remedied the situation), he chose instead to post an anonymous message on Security Focus Online, a popular Web site for security management types, alerting Best Buy to wake up and smell the Wi-Fi. "I am NOT comfortable using my credit card at any Best Buy right now," he declared.
Amazingly, even though posting his discovery to a Web site only opened up the vulnerability to countless other geeks, not a single incident of customer credit card misuse has been reported since the hole was made public last May.
It may be that the very type of person who's able to pluck endless streams of numbers and characters out of the air and somehow make a credit card out of the data is just too smart to do something that will send the Department of Homeland Security looking for their homemade antenna. "Anyone who's bright enough to go out and figure this stuff out is not likely to do anything bad with it," says Lloyd Tabb, a 40-year-old former Silicon Valley software engineer who admits a love for wardriving, too.
There's also a code of honor and a sort of class system among hackers that brands anyone who commits a reckless act an immature "script kiddie" -- an indignity no self-respecting wardriver wants to suffer.
"I get e-mails all the time from kids wanting to know of any juicy open networks they can hack into," says Chiles. "I just tell them, Hey, I'm not gonna help you get into anything like that, and if you keep bugging me, I'm gonna post your IP address and make fun of you on my site!'"
Of course, it may also be that the guys who get into wardriving are, deep down, too inherently nerdy to engage in any activities that might cause Mom to want to disown them. There may be a certain bullying chromosome missing that prevents them from committing any of the nefarious computer crimes they're capable of.
Essentially, wardrivers are mild-mannered guys enjoying their new dangerous image. Slipnode, for example, wears a black tee shirt emblazoned with the letters "STFU" in bold white type. Typical of the cryptic tee shirts favored by the geek community, the letters are an IRC chat room acronym for a curse phrase that only translates if you're nerdy enough to Google the letters for a definition. When asked what the code means, Slipnode looks down and mutters quietly, "Shut The F Up," before tacking on a quick, "Sorry!"
Jen Frasier, creative director for the ThinkGeek Web-based apparel store, where the majority of tech types get their clever shirts and coffee mugs, notes that the "STFU" shirts -- as well as the popular "WTF," "RTFM" and "FSCK IT!" (the latter refering to a UNIX programming command that means "file system consistency check," but most non-geeks just think it's a misprint) -- fit into a geek culture where subtlety is prized over brazenness.
"A lot of it comes from the system admin world, where smart computer people are constantly fixing screw-ups by higher-level executives, and you want to say Read the f-ing manual!' but you can't," she observes. "So you just squeeze RTFM' somewhere into your diagnosis. It comes from the geek discipline of not wanting to be overtly rude to the moron you're trying to help, but still getting your message across -- if the moron is actually smart enough to figure it out!"
Like the Mafia or inner-city gang culture, geeks usually only get tough with their own. "Geeks like pointing out other geeks' screw-ups, and that's usually how a wardriver sees an unsecured network," says Hurley. "But the average home user shouldn't be worrying that terrorists are driving around their neighborhood looking for their Linksys access point. That's not what we're about."
Daniel Gentleman orders an iced cappuccino at the Java Fusion coffee house in northeast Phoenix and immediately notices a pair of 13-year-old twin boys carrying matching PDAs and wearing familiar-looking ThinkGeek tee shirts.
"We shop at the same store!" says the 27-year-old Web site security engineer, playfully high-fiving the tech-obsessed eighth graders. With his shaved head offset by a considerable paunch, Gentleman ("It's the 32,000th least-common name -- I looked it up!") resembles more of a digital-age Curly Howard than a club-chic Moby.
Still, the openly geeky UNIX systems administrator, who works the graveyard shift for a Web-hosting firm, comes in holding hands with a hot-looking "sweetie," as he calls her, who clearly loves the sharp-witted techie for his mind.
"I never fell for that negative connotation some women have about nerds," says Karen Reed, a children's librarian for the City of Glendale. "I find what he's able to do with computers amazing. I wouldn't go out with somebody who wasn't smart."
Gentleman, who advises the 13-year-olds to keep working their geekiness to their advantage ("See? Chicks dig smart guys!"), admits he's even taken his handheld PDA along with him to bars to help him pick up girls. "I've never had a girl hit on me because she thought I had a cool PDA," he says, laughing. "But I have been sitting at a bar with a handheld and had some women show interest in me. It kind of weeds out the shallow, unintelligent people you'd want to avoid anyway."
Gentleman smiles, leans over and gives Karen an affectionate kiss. Surely being a nerd is not the social curse it used to be back in Jerry Lewis' or even Steve Urkel's day. But Gentleman says things used to be even better for his ilk a couple of years ago.
"We were a lot cooler before the dot-com bust, back when we were making all the money!" he chuckles. "Until a couple of years ago, the job market for tech people was just amazing. I got good, high-paying, high-level jobs very quickly -- sometimes a little too quickly for my own comfort, in fact. But it was good.
"Now, companies know that tech people are desperate for jobs, so they're able to hire highly skilled people really cheap. Last year, when I took the job where I currently work, I was hired on at literally half of what I was making two years ago. That hurts."
To keep self-esteem up, Gentleman says, a lot of techies have taken to exerting their identity, or "letting their geek show," by wearing the exclusionist tee shirts (Dan's favorite reads, "There are only 10 types of people in the world: Those who understand binary, and those who don't") and engaging in relatively adventurous activities like wardriving.
"I think it's more about flexing your creative muscle, and also just fighting boredom," he says. "The boredom comes from the fact that we used to be the people to be. Now we're scraping, just as everyone else is. We need something to do, but we don't have the money we used to have. So we'll take the gear we have lying around the house and have some fun with it."
Gentleman's wardriving setup is a particularly creative concoction: a Linux-equipped handmade computer compressed into a Hot Topic briefcase. "All together, this cost me about $500 to make," he says proudly. "I couldn't get a decent laptop for that price."
Like most wardrivers, Gentleman insists he just uses his elaborate mobile computer to detect the wireless access points he drives by without trying anything mischievous, like connecting to an open network and poking around. "But then," he adds with a wink, "you're not gonna find anybody who's going to admit to it. Even among the community of wardrivers, and even among the old-school hackers who tinker with computers and make them do inventive things, they never talk about it. If anyone has the ability to do illicit deeds from time to time, they don't admit to it anymore. The public consciousness is so high, no one wants to cop to being on the dark side of the Force. But I would say if I was hanging out with 50 wardrivers, chances are a good 10 of them hop on other people's networks and capture packets now and then."
It's a scary thought -- especially with all those disgruntled geeks out there still smarting from the hefty pay cuts following the dot-com fallout. With thousands of out-of-work computer guys driving around, sniffing out millions of open wireless networks, could the climate be ripe for a true Revenge of the Nerds?
"Oh, yeah!" Gentleman says without hesitation. "But it's probably not going to be the big mainframe-crippling disaster everyone fears. A good example was the recent case involving this guy they called the Spam King. He was the guy responsible for setting up the companies that send out about 50 percent of the spam messages people get in their e-mail. Made a lot of money with it. And there was a news story about how he just built himself a new $10 million home.
"Well, he got Slashdotted," Gentleman says, referring to the dominoing effect of getting written up on the influential tech Web site, "and the Slashdot community located the home, found a satellite picture of it, and started signing him up for hundreds of thousands of postal junk mail. This guy was getting so much junk snail-mail, it would arrive literally by the van-load, and they would drop it off in his yard!"
Gentleman laughs. "That's an example of a real revenge of the nerds," he says. "I mean, sure, it was harassing, and definitely on the line of legality. But it was funny! And that's what usually happens when the geek community gets mad. We like to have fun."
At 17, Paul Schminke of Globe is too young to remember when being a geek wasn't cool.
"For me, being a computer geek was never something that kept you out of the popularity circles," he says. "But from what I've seen in movies and listening to older people, I know that's the stereotype people used to have."
Still, for Schminke, wardriving is a kind of sport that sets him apart from the other sun-shunning computer lab habitants.
"It's definitely a cool thing to do," he says. "In my high school, the people who wardrive are like the ravers of the computer crowd. Like the clubbing kind of really cool people."
Young wardrivers are the ones even the older hackers fear, since they're less schooled in the arcane laws of code that burn a healthy fear of the FBI into the older DeVry grad, and since kids are generally more adventurous and less bound by the "moral code" old-school hackers always talk about.
"You're talking about a generation raised on illegal MP3 downloads and corporate ethics scandals like Enron," says Dan Gentleman. "Where's their ethical code?"
Experienced hackers also complain that wardriving makes it too easy for even a non-computer whiz -- and therefore, a non-geek -- to play around in the same sandbox they've been maintaining for years.
"You don't need sharp hacker skills to get into wardriving," says 21-year-old Jason Holt, who wardrives around Tucson. "All you need is a laptop running Windows and a program called NetStumbler, and you're in."
Even the largely homemade gear used by wardrivers -- once a point of pride for the creator, in the way a car customizer loves to showcase his rebuilt Chevy -- is changing.
"It used to be fun to get together with other wardrivers and show off gear and configure custom software for each other's machines," laments the already nostalgic Holt. "But now it's actually moved away from the home-built stuff, with all the connectors and wires. Now it's a whole lot easier to have the latest laptop and a magnetic-mounted antenna on the roof, as opposed to the driver hanging out the car at 60 miles per hour with a Yuban can," he says, laughing. "It's a whole lot easier, but it's not as interesting or fun to show off."
Some young wardrivers get by without even that much. "I just have my Apple iBook and the built-in antenna," Schminke says. "I don't have a GPS and I don't map everything. I just like to drive around and see what's open."
Occasionally, he admits, he's ignored the first rule of wardriving and connected to an open network just to access the Internet. "One time my newspaper class and my media class took a field trip to Portland," he recalls. "And we were there for a week. Well, I'm one of those people who have to have my computer, so finally I walked around with a couple of friends and my iBook, and we found a network."
Schminke admits to brief twinges of guilt. "It felt kind of wrong, because the network we found was coming from a church community center," he says, grimacing. "But they had a couple of open networks, so we were sitting there on the curb, checking our e-mail and stuff."
Like a lot of idealistic teens (and Wired magazine writers), Schminke envisions a day when the budding wardriver can drive down any street and stay connected to the Internet wherever he goes.
"Myself, I have a network connection that I share with a couple of friends who live, like, a mile or so away," he says. "And I can do that because I have a lot more powerful access point than what most people have. I have a big outdoor unit that's basically what a wireless ISP would use. If somebody does want to use it, I say, Go ahead.' Because I have extra bandwidth, plus I know it's secured from the rest of my network."
Such generosity is rare among home wireless users, not to mention the profit-minded "hot spot" access providers whose services are offered at such high-traffic stops as Starbucks, Circle K and, soon, McDonald's. "I have come across some networks you can tell are deliberately open," says Holt. "The most obvious one was when a network name came up as Wardrivers Welcome,'" he says, laughing.
But most wireless network users are fiercely guarded when it comes to their precious high-speed Internet access.
"For one thing, a lot of people feel they're paying for it, and you're just freeloading," says Dan Gentleman. "But mostly, they're just worried about people rummaging through their stuff."
Gentleman says he schools younger wardrivers on the endangered hacker ethic by comparing connecting on a network to a parent searching a teen's room while he's out of the house.
"I mean, think about it. That's your stuff!" he says, focusing on the 13-year-olds at Java Fusion -- one who's already sporting a "Wardriver" tee shirt when his only vehicle is a Razor scooter.
"Do you really want somebody else looking through it, just because they can?" he adds, before hitting on the ultimate uncool comparison. "I mean, who wants to act like a nosy parent?"