Wireless Crackers: Who Are They?
Knowing what kind of individual might launch an attack against your wireless network is just as important as being aware of his or her motivations. From the motivations already outlined, it is possible to split attackers of wireless networks into three main categories:
Curious individuals who do it for both fun and the technical challenge. This category of attackers does not usually present a huge threat to your WLAN and might even do a service to the community by publicly exposing insecure wireless networks and raising public awareness of wireless security issues. Many of them could actually become (or already are) wireless networking professionals and security tools developers for the Open Source community. If you happen to belong to this group, please be responsible and correct the flaws you find together with the located insecure WLAN management. If you are a beginner, progress further by continuously learning about more advanced wireless security methodologies and tools (this book will help). If you are an Open Source wireless security software developer, we acknowledge your work and wish you the best of luck. Finally, if as a system administrator or manager of an insecure wireless network you encounter such people who are informing you about your network's flaws, do not rush to the police. A real cracker would never approach you to tell about your network security faults. Instead, he or she will use them to take over your LAN, launch further attacks from it, and hide his or her tracks afterward. Although everyone is critical about "these damn script kiddies," a "script kiddie system administrator" who lacks an understanding of network security basics presents an equal, if not worse, security threat and should be held responsible for the network break-in as well as the cracker who did it. So, if a White Hat hacker or a security consultant approaches you regarding your wireless network vulnerabilities, listen, learn, and perhaps use the tools he or she employed to audit your own network for potential security flaws. Alternatively, you might want to order a wireless security audit from a capable local IT security consultancy that can fix the problems discovered. Of course, you don't have to wait for the disclosure to happen, and that is probably why you bought this book.
"Bandwidth snatchers." This category of wireless crackers are the "script kiddies" of the wireless world. Spammers and "warez" / pornography traders as well as some "I like my neighbor's wireless" opportunistic types belong here. They usually go for the lowest hanging fruit and are easy to repel (even WEP and MAC address filtering might do, but don't be so sure). As you will learn in Chapter 15, they are also relatively easy to discover and trace. Using someone else's network resources is illegal anywhere in the world and before attempting to do it, a cracker should decide if the "free ride" is really worth the trouble of being discovered and tried in a court of law. Even if the bandwidth thief can manage to avoid strict punishment due to the immaturity of cybercrime laws in many parts of the world, he or she is likely to lose the equipment used for attacking and have a damaged reputation and social status.
Real Black Hats who happen to like wireless. These are the serious attackers who generally know what they do, why they do it, and what the legal consequences could be. Anonymity, lateral attacks on otherwise protected networks, and out-of-band backdoor access are the reasons professional crackers are attracted to wireless networks. They might be well-versed in both network and host penetration techniques, as well as radio frequency theory and practice, which makes them very difficult to catch (consider a throughly planned attack using a highly directional antenna and high-power transmitter client card against a long-distance, point-to-point wireless link). Standard security measures will only delay such attackers by a couple of hours. Unless the security of the 802.11 network is given proper attention in both time and effort, the attack will inevitably succeed. This book aims to give a system administrator enough data to protect his or her network against this type of attacker, but some creativity and planning on the administrator's side is also an absolute requirement. If you feel that you don't have the time or capability to stop a sophisticated wireless cracker even with the knowledge gained from this book, you need to apply to the specialized wireless security firms to investigate and remove the threat. Unfortunately, because 802.11 security is a hot topic, there are plenty of self-professed "wireless security consultants" with Windows XP Home Edition laptops and a copy of Netstumbler (or, in the best case, a copy of a single commercial wireless protocol analyzer alongside the Netstumbler). They can actually be detrimental to overall wireless network safety as they engender a false sense of security that makes you less concerned with the problem and thus more vulnerable. We hope that the data presented in this book will help system administrators and network managers to be selective in their outsourcing strategy.