War Dialing,
War Driving
and
Dumpster Diving

 

War Dialing.  War Dialing occurs when an attacker systematically calls a sequence of phone numbers in order to find an inadequately protected system on a modem.

This concept became most familiar when the 1983 movie War Games came out depicting a scenario where a teen was able to access some military simulations that were somehow connected to actual missile and military deployment.

War dialing can be quite successful in some settings.  There are a surprising number of rogue modems connected to computers by users authorized to use this computer on the network.  Unfortunately, the network/system administrators are almost surely unaware of the existence of these modems.  These usually occur when a user wants to go home and be able to connect to their organization computer via dialup.  These sorts of situations are worsened because the users that implement these are very unlikely to implement adequate security.

Most organizations have strict policies against users connecting their own modems.  But these policies are generally difficult to enforce because administrators have difficulty finding these modems.

Fortunately, in recent years, telephone firewalls have been developed which block unauthorized modem connections into an organization.

War Driving.  With the development and spread of wireless computing a somewhat analogous type of attack is becoming more widespread.  Wireless computing has many advantages over wired networks, particularly relating to mobility.  But it is much more difficult to limit accessibility to wireless networks due to how the connections occur.

Wireless networks almost always broadcast/listen beyond what the administrators think.  For example, they might be configured to reach from one building across a parking lot, making the parking lot a site for potential war driving.  Someone might actually sit some obscure bathroom or closet in a firm and connect.

The term war driving is used to designate attackers who wander through areas searching for wireless capabilities.  This wandering is often based on an attacker actually driving around searching for vulnerable wireless connections.

There are security measures that can help limit the success of war drivers.  But these are often not implemented by those putting the wireless networks in place.  We will get into wireless security in much more depth elsewhere.

Dumpster Diving.  The phrase dumpster diving is used to describe the act of physically going through someone else's trash.  It can be quite easy to find personal and important information just by going through someone's trash.  Fortunately, paper shredders have become much more common along with shredding approaches that make it much more difficult to piece shreds back together.

But it is also very important to make sure that storage devices are thoroughly wiped clean and/or shredded before disposal.  People often forget to even erase disks, tapes, CDs and/or hard drives before disposing of them.  But even erasing storage media is usually not enough.  Tools exist that help others recover contents of storage devices that have been erased.  Special efforts need to be made to completely wipe the contents, maybe even degaussing the storage devices.  Even after these sorts of measures it is still important to shred or destroy the storage medium.

Protection.  One of the best ways to protect from war dialing is to find a very good telephone firewall that prevents unauthorized modem connections.  Some organizations actually perform their own war dialing to search for unauthorized modems.

WPA wireless security has greatly improved the ability of an administrator to protect their wireless networks.  WEP, the approach used previously relied on encryption keys that did not change often enough to prevent attackers from figuring out the encryption keys.  Before WEP there was very little that was done limit connectivity.  Even with the advent of WPA wireless security, there are still plenty of wireless devices that make use of previous standards and plenty of others that don't even implement these lower quality approaches.

More will be added.