High-tech hobby falls under CSIS suspicion

[InfoSec News <isn () c4i org>]

http://www.canada.com/search/story.aspx?id=25c5ce8f-6388-46ea-9741-65a7f3593c47

Jim Bronskill   
The Ottawa Citizen  
February 13, 2003 

Two Alberta men with a passion for locating and mapping wireless 
computer networks have come under the scrutiny of Canada's spy agency.

Newly obtained documents show the Canadian Security Intelligence 
Service took careful note last summer as computer hobbyists Jason 
Kaczor and Brad Haines invited participants to help find access points 
to wireless networks in Red Deer, Alta.

The high-tech phenomenon, known as war driving or net stumbling, 
involves cruising around a neighbourhood in search of networks in a 
car equipped with a laptop, wireless networking gear and a global 
positioning unit.

In a confidential intelligence report, CSIS painted the activity as a 
threat to the security of sensitive information.

Many organizations in the retail, health care, education and financial 
services sectors have adopted the use of wireless networks due to 
their ease of installation, low cost and portability, CSIS noted in 
the August report.

"Hackers can break into wireless computer networks in homes, 
businesses and government offices using a laptop or portable PC, an 
antenna, a wireless access card and wireless-sensing software," the 
report said. 

"Wireless technology makes it easier for system intruders to search 
for data and invade the privacy of network users, since computer 
networks have no physical barriers."

A declassified version of the report was released to the Citizen under 
the Access to Information Act. Such CSIS briefs are distributed to key 
federal departments, selected police services and other intelligence 
agencies.

The report said a number of cities in British Columbia, Alberta, 
Saskatchewan, Ontario and Nova Scotia had already been the focus of 
war-driving activity and the results were presented on Web sites.

CSIS singled out "a computer enthusiast from Edmonton" -- a reference 
to Mr. Haines, who goes by the nickname Render -- as preparing an Aug. 
21 press release about the Red Deer event, adding he "stated that 
wireless networks in Calgary, Edmonton and other communities in 
Alberta had been mapped but that no one had done a significant scan of 
Red Deer."

Mr. Kaczor and Mr. Haines insist the Aug. 31 Red Deer initiative, part 
of the first international war driving day, was intended to raise 
awareness about the potential security pitfalls of wireless networks 
-- not to breach systems or exploit confidential information.

Mr. Kaczor, a Calgary computer consultant, is offended by the CSIS 
report's tone, considering he has invested time, money and his 
professional reputation in what he deems a rather thankless task.

He compares war driving to birdwatching, whereas breaking into a 
wireless network would be analogous to duck hunting. CSIS has blurred 
the line between the two activities, Mr. Kaczor said in an interview. 
"I'm upset that they don't make that distinction between detection and 
access."

The press release, which also included Mr. Kaczor's name and contact 
information, featured the tongue-in-cheek headline "Wireless hackers 
invade Red Deer!"

But it also stressed the usefulness of the exercise. "While there are 
no prizes, no rules and definitely no glamour, this activity is 
constructive in that it raises awareness with regards to: privacy, 
security (or alternatively a complete lack of security), and the 
growing number of wireless networks sending information over, around 
and through an area."

Mr. Haines sees war driving as beneficial to CSIS because it points 
out network vulnerabilities.

"We're actually out to help them in their job, because we've already 
done a lot of the legwork for them," he said. "It's perfectly 
legitimate, it's fun. Nobody's being hurt by it, in fact they're 
gaining knowledge from it."

He was particularly surprised at the attention from the spy agency in 
light of an encounter at a computer hackers convention in Las Vegas 
last summer. Mr. Haines met a woman he believes was a Canadian 
intelligence officer doing research on wireless security tools.

"Her job was to test out hardware and software for their use."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.