Table of Contents Table of figures 2 Introduction 3
Brief History 3
Tools used to War Drive 4 Why War Dialling? 4 T.J.Maxx Hacked 4
Legality United States 6
Legality United Kingdom 7
T.J. Maxx response 7 The Bust! 8 Conclusion 10 Works Cited 13 Appendix A 14
Vulnerability Note VU#723755 14
Table of figures Figure 1 Albert Gonzalez 4 Figure 2 Wireless Manufactures vulnerable 12
Introduction
The organisational security is locked down. No more false alarms at 4:00am, of an impending internet intrusion. Thanks to a well-configured firewall, you 're stopping a large percentage of the causes of network breaches -- but despite the organisational security precautions. The problem is not with your firewall, these network-level security devices are designed for perimeter protection, and by definition they cannot stop attacks that originate inside your network!
WAR DRIVING (access point mapping)
What is War Driving? Or access point mapping, is the act of locating and exploiting Wi-Fi connections. This is achieved by the means of driving around, until the hacker finds a wireless access point, they wish to compromise. War Driving is accomplished due to Wireless LANs that have a range that exceeds the perimeter of the organisation. Due to this an intruder may gain access to corporate information, or cause malicious intent.
Brief History
The term derives from a somewhat similar approach to breaching telephone systems named War Hammering. Hammering is the act of using a modem connected to a computer running a script which allows the computer to call numbers.
A War Hammering exploit would consist of the computer setup to automatically call numbers within a certain area. The modem would wait for one or two rings, since answering computers attached to modems would pick up on the first ring. If the phone rang more than once, it would simply hang up and try the next number until a
Cited: Collins, T. (2000, October 7th). What is a Virtual Private Network (VPN). Retrieved April 19th, 2012, from Tech Target: http://searchenterprisewan.techtarget.com/definition/virtual-private-network Farmer, R ICO.Gov.uk. (2012, Unknown Unknown). Information security (Principle 7). Retrieved April 25th 10th, 2012, from Information Commissioners office: http://www.ico.gov.uk/for_organisations/data_protection/the_guide/principle_7.aspx Julian Oracle. (2010). Massachusetts Data Security Law, Signals New Challenges in Personal Information Protection. 6-7. Rouse, M. (2010, November 20th). privilege escalation attack. Retrieved April 20th, 2012, from Tech Target: http://searchsecurity.techtarget.com/definition/privilege-escalation-attack Search Security Tech Target Search Security Tech Target. (2007, May 11th). Defense in-depth. Retrieved April 1st , 2012, from Tech Target: http://searchsecurity.techtarget.com/definition/defense-in-depth Verini, J