“Ooh, we’re lighting up,” says StretcherK, the hacker in the seat next to me as he aims his Pringles can antenna out the window. “Four found, four unlocked.”

The chips-can antenna is connected to a Toshiba tablet that Stretcher bought on eBay for $50. Considering that he’s trying to hack into some major-league wireless networks, this seems a decidedly low-tech rig. Nonetheless, as he watches the display a smile sweeps across his face.

“Look at that, we’re behind their firewall.”

We park across from the Triad center in downtown Salt Lake City. We’ve got tacos, refried beans, extra large sodas, and free Internet access. Stretcher is a little miffed that it’s only a 320Kps connection, which is relatively slow, but still, it’s not bad for a parking lot.

The name of this particular game is “wardriving.”

If you’re young and into computers, it’s a fun way to get online for free. But if you’re responsible for your company’s IT, it could be a one-way ticket from paycheck to pink slip. Wardrivers cruise past businesses sniffing the air for the digital scent of unsecured wireless access points. For some, this is mere sport. Once they get into your company’s system they can unlock doors or send you faxes from yourself. You might find the password to your computer on a note on your screen. Funny? Unnerving? It depends on your point of view.

The real threat to your company, however, may be a lot less humorous. It’s estimated that some 60-80 percent of all corporate wireless networks are insecure. Combine that with the high cost of bandwidth, and the hassles spammers face of getting legitimate net access, and you’ve got all the ingredients for drive-by spamming.

Drive-by Porn Spam

Imagine someone drives past your building late one night, sniffs an open WLAN, logs onto your server, and then blasts out 10 million pornographic spam email messages before driving off.  Come sunrise, your ISP is getting pounded with complaints about “your” spam and yanks your access. By the time you get to work your email is out, the Web site is down, and your IT guy is swearing it didn’t come from inside.

Sound farfetched? Think again. 

“We investigate each case [of reported spamming] and if we get someone spamming via our service, we shut off service immediately and wait for them to call,” says Pete Ashdown of Xmission, one of Utah’s largest ISPs. “Periodically we’ll get a corporation that has an disgruntled employee and we try to work with them on a case-by-case basis, because we don’t want to punish the entire corporation, but if it happens again we’ll definitely shut them off. We’ve had a couple cases where very lucrative accounts are ejected because they were essentially spammers.” 

If it believed a customer was the victim of drive-by spamming, Ashdown said Xmission would step in to help the company solve their vulnerability problems.  “In a case like that, we would assist them in securing their wireless network. We’re not really geared for outside consulting, but if it helps us keep a good client we’ll do it.  We can also restrict how much SMTP access their network has depending on their need.”

Captain Crunch

Of course, it didn’t start out this way. The activity/sport/crime (your nomenclature choice determines your point of view) of “borrowing” communication access had innocent enough beginnings.  Back in the late 1970s, a loose-knit cadre of pranksters roamed the global phone lines, stealing access to international trunk lines. Their tool: a handheld blue box that emitted specific tonal frequencies on command. 

Hacker legend attributes the origin of this practice to Joe Engressia, a blind boy from Memphis who liked to whistle while playing with the telephone. When young Joe hit a certain note the phone network let him into a free line. It turned out that Ma Bell’s entire phone network was about as secure as a teenager on prom night. By transmitting that certain note, 2600 Hz to be precise, users could  seize control of a long distance trunk line and start making free calls to virtually anywhere.

A few years later, Captain Crunch cereal started offering hidden prizes in the form of a plastic whistle that coincidentally emitted the same tone. This spawned the first generation of phone hackers, or “phreaks” as they called themselves. Most used their skills for party pranks — like routing a call through several international “trunk” lines, from one end of the globe to another, then back to an adjacent phone so they could have 20-second delayed conversations with themselves. When bookies who were eager to avoid paying long-distance charges for their betting operations began using the handheld blue boxes to get free lines, the police took notice. A few well-publicized busts drove the phreaks back underground.

Still, a core group, calling itself 2600, continued to meet and share ideas and tools. Via early digital bulletin boards (which morphed into Web sites), a quarterly magazine, and monthly meetings, the 2600 faithful have kept each other in touch with the bleeding edge of technology, and hacking.

Their brand of high-tech “fun” first received wide public exposure in the 1983 movie War Games in which a cherubic Matthew Broderick inspired a generation of young geeks by charming young Ally Sheedy with his computer and phone-cup modem. Broderick “war dialed” sequential numbers until finding an open network. Dozens of young hackers were inspired by the film to get their first PCs, which they promptly used to hack their school’s computers and change their grades.

Smarter Than You

Today, a new generation of the 2600 still holds monthly meetings under the klieg lights of a mall food court in downtown Salt Lake City. They wear T-shirts that read: “My only crime is that I’m outsmarting you.”

Young guys with handles like Grifter and Mutilator greet my queries into wardriving with open scorn.

“Wardriving is soooo last year,” they tell me.

When I ask them for more detail, however, they launch into the hacker version of wireless evolution. It goes something like this:

Back in 1999, when the IEEE finally approved a wireless standard known as 802.11b it took off at, well, Internet speed. Suddenly, entire companies were jumping on the wireless bandwagon. It was cheaper and more flexible than being wired. It was also simple.

You set up an Access Point, or AP, connect it to the Internet, slap some wireless 802.11b cards in the PCMICA slot on your laptop, and presto, no more wires. Instead of transmitting data via electrical pulses through wires, it is transmitted through air, walls, and even coworkers as radio waves, before being piped back into the net.

Sure, there are some limits: wireless networking can only carry about 11 Mps — plenty for a few people, but downloading the Lord of the Rings film can eat through that fast. It only has a range of about 300 feet, but for those who hate being penned in, it’s still a huge improvement over fixed wires. 

Each AP carries a Service Set Identifier, or SSID, which in theory sorts one network from another. Every few seconds an AP sends out a “ping” helping authorized users find the access point, and that’s where, according to the teenaged 2600ers, the trouble begins.

As recent media reports have confirmed, most wireless networks have their settings left on default. This is like leaving the front door open. Hackers started mapping open access, poking the edges of what is and isn’t legal.

“It’s really easy to imagine a worst case scenario,” says Mutilator. “Say you spend all day working on some project and go home, and some kid who knows how easy it is to do, decides he’s mad at the world because he’s 14 and goes in and deletes your work.”

“Maybe you lose your job over that,” says Grifter. “ Someone sets something up without thinking about it and the ramifications could be huge.”