Hi everyone, I am a new member to Bahamas issues. What I have seen so far, I like. I hope to contribute to this form on a regular basis. Has anyone ever done war driving on Nassau? I have been war driving for about a year now and have noticed some very interesting trends in our wireless community.

Hi everyone, I am a new member to Bahamas issues. What I have seen so far, I like. I hope to contribute to this form on a regular basis. Has anyone ever done war driving on Nassau? I have been war driving for about a year now and have noticed some very interesting trends in our wireless community.


Welcome Jimmy!
Fill me in. What is "war driving?" Tell us about the trends you have noticed.
Again, welcome! :)

Welcome Jimmy!
Fill me in. What is "war driving?" Tell us about the trends you have noticed.
Again, welcome! :)


Thank you,

Well, war driving is geek sport in which you “drive” around an area trying to detect wireless access points. Wireless access points are specialized routers that are used by home and businesses to connect wireless computers (laptops) to the Internet or internal network. They are very easy to detect, and if not configured properly can act as an open gateway to the owner’s internal network. War driving is a simple way of measuring the information security profile of some businesses and homes. This is just a hobby.

A year ago when I did my first “drive-by” I detected 37 access points between the Nassau International Airport and Montague beach. That number steadily increased over the months. The number is now 217. That’s a lot of people using wireless. While the number of people using wireless has increased, they are not configuring their access points properly. About 9 of the 37 access point were secured (meaning hackers or freeloaders could not get on their networks). I only found 17 of the 217 access points secured. What is even more interesting is that some of these “open” systems were government corporations (I am not going to name them) and more than a few offshore banks.

Thank you,

Well, war driving is geek sport in which you “drive” around an area trying to detect wireless access points. Wireless access points are specialized routers that are used by home and businesses to connect wireless computers (laptops) to the Internet or internal network. They are very easy to detect, and if not configured properly can act as an open gateway to the owner’s internal network. War driving is a simple way of measuring the information security profile of some businesses and homes. This is just a hobby.

A year ago when I did my first “drive-by” I detected 37 access points between the Nassau International Airport and Montague beach. That number steadily increased over the months. The number is now 217. That’s a lot of people using wireless. While the number of people using wireless has increased, they are not configuring their access points properly. About 9 of the 37 access point were secured (meaning hackers or freeloaders could not get on their networks). I only found 17 of the 217 access points secured. What is even more interesting is that some of these “open” systems were government corporations (I am not going to name them) and more that a few offshore banks.

Wow! That is something!
Thanks for telling me about it.
How does one protect themselves, or at least check to see if their wireless connection is compromised?

01001010 01101001 01101101 01101101 01111001 00101100 00001101 00001010 00001101 00001010 01010011 01101111 01101101 01100101 00100000 01110100 01101000 01101001 01101110 01100111 01110011 00100000 01100001 01110010 01100101 00100000 01100010 01100101 01110100 01110100 01100101 01110010 00100000 01101100 01100101 01100110 01110100 00100000 01110101 01101110 01110011 01100001 01101001 01100100 00101110 00100000 01010111 01100001 01110010 00100000 01100100 01110010 01101001 01110110 01101001 01101110 01100111 00100000 01101001 01110011 00100000 01101110 01101111 01110100 00100000 01110011 01101111 01101101 01100101 01110100 01101000 01101001 01101110 01100111 00100000 01110100 01101111 00100000 01100010 01100101 00100000 01110011 01101000 01100001 01110010 01100101 01100100 00100000 01110111 01101001 01110100 01101000 00100000 01110100 01101000 01100101 00100000 00100010 01110101 01101110 01101001 01101110 01101001 01110100 01101001 01100001 01110100 01100101 01100100 00100010 00100000 01101001 01100110 00100000 01111001 01101111 01110101 00100000 01100011 01100001 01110100 01100011 01101000 00100000 01101101 01111001 00100000 01100100 01110010 01101001 01100110 01110100 00101110 00100000 00101000 01001001 00100111 01101101 00100000 01101110 01101111 01110100 00100000 01110100 01110010 01111001 01101001 01101110 01100111 00100000 01110100 01101111 00100000 01100100 01100101 01101101 01100101 01100001 01101110 00100000 01110100 01101000 01100101 00100000 01101001 01101110 01110100 01100101 01101100 01101100 01101001 01100111 01100101 01101110 01100011 01100101 00100000 01101111 01100110 00100000 01100001 01101110 01111001 01101111 01101110 01100101 00101100 00100000 01101101 01101001 01100111 01101000 01110100 00100000 01001001 00100000 01100001 01100100 01100100 00101001 00001101 00001010 00001101 00001010 01010011 01110100 01110010 01100001 01101110 01100111 01100101 00100000 01110100 01101000 01101001 01101110 01100111 01110011 00100000 01100011 01100001 01101110 00100000 01101000 01100001 01110000 01110000 01100101 01101110 00100000 01110111 01101000 01100101 01101110 00100000 01110000 01100101 01101111 01110000 01101100 01100101 00100000 01110111 01101000 01101111 00100000 01100100 01101111 01101110 00100111 01110100 00100000 01110101 01101110 01100100 01100101 01110010 01110011 01110100 01100001 01101110 01100100 00100000 01110100 01101000 01100101 00100000 01110100 01100101 01100011 01101000 01101110 01101111 01101100 01101111 01100111 01111001 00100000 01110011 01110100 01100001 01110010 01110100 00100000 01100111 01100101 01110100 01110100 01101001 01101110 01100111 00100000 01100010 01101001 01110100 01110011 00100000 01100001 01101110 01100100 00100000 01110000 01101001 01100101 01100011 01100101 01110011 00100000 01101111 01100110 00100000 01101001 01101110 01100110 01101111 01110010 01101101 01100001 01110100 01101001 01101111 01101110 00101110 00100000 01001001 01110100 00100000 01100011 01100001 01101110 00100000 01100010 01100101 00100000 01101101 01101001 01110011 01101001 01101110 01110100 01100101 01110010 01110000 01110010 01100101 01110100 01100101 01100100 00100000 01101111 01110010 00100000 01101101 01101001 01110011 01110101 01101110 01100100 01100101 01110010 01110011 01110100 01101111 01101111 01100100 00101110 00101110 00101110

It is pretty easy. There are three things you should always do:

1 – Make sure that the firmware of the access point is up to date. Just follow the instructions that came with the access point. With today’s wireless access points, it is usually as simple as clinking a link on the web interface of the access point. For example, there is a common vulnerability in the linksys (BFR series) routers that can allow a person to change the configuration of the router without entering a password. This was corrected by an update about 9 months ago. I still however see a lot of linksys access points running this vulnerable version of firmware.

2- Change the name of the router and password. Again, very easy to do. A person war driving with malicious intent will first look for low hanging fruit. Access points with default names will 80% of the time also have default passwords (easy pickings).

3 – Enable the built in protection. All access points come with built in protection called encryption. Encryption does not hide the fact that a wireless access point is there, it makes communication with the access point, or the data to and from the access point very difficult to read. Setting up encryption is again easy, just follow the directions in the manual. It should take about 10 minutes to setup. With Windows XP, even a seven year old can do it. The encryption standard that comes with most access points is something called WEP (Wired Equivalent Privacy). While it is not robust enough for a bank or government, it is fine for small business and homes. In my tests, it took 8 days to break the WEP encryption on my own network (crunching 24/7).

If you are talking about sensitive businesses like a bank or a government agency, the steps would be a little more complicated.

01001010 01101001 01101101 01101101 01111001 00101100 00001101 00001010 00001101 00001010 01010011 01101111 01101101 01100101 00100000 01110100 01101000 01101001 01101110 01100111 01110011 00100000 01100001 01110010 01100101 00100000 01100010 01100101 01110100 01110100 01100101 01110010 00100000 01101100 01100101 01100110 01110100 00100000 01110101 01101110 01110011 01100001 01101001 01100100 00101110 00100000 01010111 01100001 01110010 00100000 01100100 01110010 01101001 01110110 01101001 01101110 01100111 00100000 01101001 01110011 00100000 01101110 01101111 01110100 00100000 01110011 01101111 01101101 01100101 01110100 01101000 01101001 01101110 01100111 00100000 01110100 01101111 00100000 01100010 01100101 00100000 01110011 01101000 01100001 01110010 01100101 01100100 00100000 01110111 01101001 01110100 01101000 00100000 01110100 01101000 01100101 00100000 00100010 01110101 01101110 01101001 01101110 01101001 01110100 01101001 01100001 01110100 01100101 01100100 00100010 00100000 01101001 01100110 00100000 01111001 01101111 01110101 00100000 01100011 01100001 01110100 01100011 01101000 00100000 01101101 01111001 00100000 01100100 01110010 01101001 01100110 01110100 00101110 00100000 00101000 01001001 00100111 01101101 00100000 01101110 01101111 01110100 00100000 01110100 01110010 01111001 01101001 01101110 01100111 00100000 01110100 01101111 00100000 01100100 01100101 01101101 01100101 01100001 01101110 00100000 01110100 01101000 01100101 00100000 01101001 01101110 01110100 01100101 01101100 01101100 01101001 01100111 01100101 01101110 01100011 01100101 00100000 01101111 01100110 00100000 01100001 01101110 01111001 01101111 01101110 01100101 00101100 00100000 01101101 01101001 01100111 01101000 01110100 00100000 01001001 00100000 01100001 01100100 01100100 00101001 00001101 00001010 00001101 00001010 01010011 01110100 01110010 01100001 01101110 01100111 01100101 00100000 01110100 01101000 01101001 01101110 01100111 01110011 00100000 01100011 01100001 01101110 00100000 01101000 01100001 01110000 01110000 01100101 01101110 00100000 01110111 01101000 01100101 01101110 00100000 01110000 01100101 01101111 01110000 01101100 01100101 00100000 01110111 01101000 01101111 00100000 01100100 01101111 01101110 00100111 01110100 00100000 01110101 01101110 01100100 01100101 01110010 01110011 01110100 01100001 01101110 01100100 00100000 01110100 01101000 01100101 00100000 01110100 01100101 01100011 01101000 01101110 01101111 01101100 01101111 01100111 01111001 00100000 01110011 01110100 01100001 01110010 01110100 00100000 01100111 01100101 01110100 01110100 01101001 01101110 01100111 00100000 01100010 01101001 01110100 01110011 00100000 01100001 01101110 01100100 00100000 01110000 01101001 01100101 01100011 01100101 01110011 00100000 01101111 01100110 00100000 01101001 01101110 01100110 01101111 01110010 01101101 01100001 01110100 01101001 01101111 01101110 00101110 00100000 01001001 01110100 00100000 01100011 01100001 01101110 00100000 01100010 01100101 00100000 01101101 01101001 01110011 01101001 01101110 01110100 01100101 01110010 01110000 01110010 01100101 01110100 01100101 01100100 00100000 01101111 01110010 00100000 01101101 01101001 01110011 01110101 01101110 01100100 01100101 01110010 01110011 01110100 01101111 01101111 01100100 00101110 00101110 00101110

416C6C20746865206D6F726520726561736F6E20746F206272696E67206974206F757420696E2074 6865206F70656E2C20616E642074727920746F2065647563617465642074686520687564646C6564 206D61737365732E0D0A0D0A4F6E63652070656F706C6520756E6465727374616E64207468652069 6D706C69636174696F6E73206F6620676F696E67206F757420616E6420627579696E672061202439 392041636365737320506F696E742C20616E6420706C756767696E6720697420696E20746F207468 656972204361626C65204D6F64656D2C2074686520757365206F66205745502F5750412F3830322E 31782077696C6C20676F2075702E00

________________________________________________________________

Converted message

Jimmy,

Some things are better left unsaid. War driving is not something to be shared with the "uninitiated" if you catch my drift. (I'm not trying to demean the intelligence of anyone, might I add)

Strange things can happen when people who don't understand the technology start getting bits and pieces of information. It can be misinterpreted or misunderstood...

____________________________________________________________________

Information is for everyone. I have spent my life educating the uninitiated. If I can help inform them about technology I will. I appreciate your concern. By the way, I don’t like secrete codes. Please communicate in ASCII.

Converted message from Joe:
_______________________________________________________________

All the more reason to bring it out in the open, and try to educated the huddled masses.

Once people understand the implications of going out and buying a $99 Access Point, and plugging it in to their Cable Modem, the use of WEP/WPA/802.1x will go up.

________________________________________________________________

Good point Joe,

Thank you for your input on the issue. I am sorry but I do not like to speak in code. From what I have read, bahamasissues.com is about open frank discussions. We are here to teach and learn from each other. I would appreciate it if we can communicate openly. So others may benefit. :)

By the way no one responded to my first question. About war driving.

416C6C20746865206D6F726520726561736F6E20746F206272696E67206974206F757420696E2074 6865206F70656E2C20616E642074727920746F2065647563617465642074686520687564646C6564 206D61737365732E0D0A0D0A4F6E63652070656F706C6520756E6465727374616E64207468652069 6D706C69636174696F6E73206F6620676F696E67206F757420616E6420627579696E672061202439 392041636365737320506F696E742C20616E6420706C756767696E6720697420696E20746F207468 656972204361626C65204D6F64656D2C2074686520757365206F66205745502F5750412F3830322E 31782077696C6C20676F2075702E00

I disagree Joe,
You know this culture! The first thing that some higher-ups do is panic. The next thing ya know we'll have some crazy legislation trying to REGULATE wireless connectivity. Then all the projects that are about to come out in 2005 will be curbed and squashed by the PUC.

This is a strange culture, and so far wireless has been left untouched by govt. regulations. A lot of people on this island war drive, but not for any "malicious" purposes. It's funny how it's been kept quiet for so long.

The basic philosohpy is: The masses will learn about network security in their time (on their own terms), but the first message that they hear should NOT be that wireless is not secure.

And Joe, dont take this the wrong way, but if I wanted everyone to read the message, then I would have typed it in ascii. I wanted the tech people, like yourself, to discuss it on our own ethical terms...

IF you want to talk tech, then go to www.islandtechsupport.com (http://www.islandtechsupport.com)

I built that site about two weeks ago specifically for that purpose. To answer the question: Yes, war driving is done and a GPS accurate location of each has been documented.

Projects are ongoing, please dont undo the work that has been done or undermine the information that has already been collected...

There are a lot of interesting issues concerning technology and the Bahamas that are not being discussed. Take for example Education, VOIP, telecommunications, eCommerce laws (which I have very strong opinions on), web cafes, lack of involvement of the technology community (except IBM) in government directives. There is a lot to discuss. We can learn a lot from each other and in the process make a difference. At the end of the day, isn’t that what we really want? Is to make a difference (and be rich)

IF you want to talk tech, then go to www.islandtechsupport.com (http://www.islandtechsupport.com)

I built that site about two weeks ago specifically for that purpose. To answer the question: Yes, war driving is done and a GPS accurate location of each has been documented.

Projects are ongoing, please dont undo the work that has been done or undermine the information that has already been collected...


What? I am sorry you feel that way. I am willing to discuses the dangers and benefits of technology to the Bahamian Community. Information awareness is lacking in our country. I am willing to start the process here. I hope others are also.

I think this is the perfect form for this. I have been on other forms, did not like them, too egotistical and hostile. By the way what is the use of preaching to the choir?

I disagree Joe,
You know this culture! The first thing that some higher-ups do is panic. The next thing ya know we'll have some crazy legislation trying to REGULATE wireless connectivity. Then all the projects that are about to come out in 2005 will be curbed and squashed by the PUC.

This is a stange culture, and so far wireless has been left untouched by govt. regulations. A lot of people on this island war drive, but not for any "malicious" purposes. It's funny how it's been kept quiet for so long.

The basic philosohpy is: The masses will learn about security in their time, but the first message that they hear should not be that wireless is not secure.

And Joe, dont take thisthe wrong way, but if I wanted everyone to read the message, then I would have typed it in ascii. I wanted the tech people, like yourself, to discuss it on our own ethical terms...


The PUC is actually looking at this now. If we are quiet, how can we influence sensible regulations? Do you want lawyers, accountants, and high priced consultants making the decisions? We have to let them know that is out there. Bruce Schneier (creator of Blowfish) once said “Security through obscurity is really no security at all”. Words that I live by.

My overall philosophy with passing on knowledge of technology is that any interested person should know and be given a chance to understand, but given the culture that we are in, there are elements that change up the equation. It took me a while to recognize them and evolve accordingly.

The public release of the following information...

"I only found 17 of the 217 access points secured. What is even more interesting is that some of these “open” systems were government corporations (I am not going to name them) and more than a few offshore banks."

...though your intentions may have been good, can be equated to a locksmith openly telling his community that just over 92% of the doors in the households that he checked can be easily "jimmied" open by a crowbar. Some would say that your responsibility was to go to each of those households or businesses FIRST and warn them that this information would have been released. Unless of course, you have an upcoming advertisement in the local newspapers stating:

"Got a wireless network in your establishment or home? Let Jimmy Geek secure it...C'mon, pick up that phone! War drivers are out there, don’t get hacked...Take full control of your network back! :dancer2: "

Which would be okay at this point, but what about the person who was about to buy a wireless access point and now decides on not doing so because "if I have to worry about hackers, then why do I need one?" From the classes that I've taught over the years I have learned firsthand that making some persons in this country aware of the "dangers" of certain technologies before they understand it only makes many of them shy away completely. We "tech" people have to be careful of what information we release and how we release it. That's why I coded my message to get your attention before you continued on.

You would be surprised at the result of your random dispersal of information. My experiences with a few of the neophytes on this island have been plagued with trying to get them to realize that with knowledge comes RESPONSIBILITY. The first thing that they usually want to do is hack the hell out of whatever network they inadvertently come upon. (For the ones who were not attuned to wireless exploration, now they know of at least 200 open networks somewhere on this island) Behave yourselves people - you know who you are! :cop: And believe me, there are a whole lot more of them that are WIDE open.

Let's not forget those of us who have been openly sharing their wireless networks too. :cool: Perhaps we didn’t want EVERYONE to know that they can browse the internet for free in certain parts of the island. :what: Like I said before, your intentions may have been good, but you broke the unwritten code of war driving on multiple levels. :shhh: There may not have been any warchalking symbols up, but that's cause in this society strange markings appearing on walls are a cultural taboo. People may think someone is trying to do Obeah or somethin' :voodoo:

So far you have held your own in this discussion, you'll do well here on BahamasIssues...Welcome!
:cheers: