Project Warwalk: The Groundwork

Welcome to the first installment of Project Warwalk, a research series resulting in a warwalking exercise coupled with Open Source Intelligence (OSINT). This article serves as your introduction to the project. Before we go any further, a definition of what warwalking is and a disclaimer.

Warwalking is a derivative of wardriving. With wardriving, a person drives around in a vehicle with a mobile device searching for WiFi access points to connect to, typically ones that are open and unprotected. Warwalking is the same thing except someone is on foot looking for access points.

Now the disclaimer.

It is illegal to connect to any WiFi access points without the owner’s permission. This is the same as gaining unauthorized access to a computing device. Don’t do it! Consult with your state’s laws about unauthorized access with computing devices and networks. On the federal level, this is also codified in the CFAA (Computer Fraud and Abuse Act). Our activity was read only, meaning we were only observing what wireless networks exist.

Why this project?

Curiosity was the driving factor for Project Warwalk. We wanted to see what behavior was observable from SSID names that were discovered.  SSID, or Service Set Identifier, is the name of a wireless access point such as a router. We were curious about the overall health of a community’s technology and how OSINT fits into the equation. This leads to the topics that we’ll be covering.

What topics Project Warwalk will cover

The collection of data presented some very interesting topics to discuss. Some are directly relevant to the geographic area we operated in while other topics extend beyond where we were physically. With the COVID-19 pandemic and the all around suckage of 2020, Project Warwalk brings up how these incidents affect the security of devices, our own safety, and privacy. The list below will serve as a table of contents of sorts and as each article comes out on a weekly basis we’ll add to it and the links will be clickable.


What you will get out of Project Warwalk

It is our hope that this research gets you thinking about the networks you use, the devices that are connected to them, and potential risks/threats, even more so with the addition of a COVID-19 pandemic. We hope this also opens your mind up to how technology is affecting privacy and impacting different people/communities.

Potential errors, inaccuracies, and shortcomings

We think it’s important to also discuss this kind of stuff in order to have an honest look at this data.

We settled on one application to help with our observations of SSIDs that were broadcasting. There were some limitations of how it interacts with with a mobile device, therefore how much, and how often, it’s able to discover broadcasting SSIDs needs to be taken into account with the data collection.

When parsing data, some of the stuff we’ll be discussing in future posts in this series is more subjective than objective. A WiFi access point that is not password protected/encrypted is an example of something that’s objective. It’s observable and can be verified. Why someone named their SSID “FBIVAN3” and what we can infer from that is subjective. Also an SSID can be named generically to the point it almost looks like a default network name for a device like a printer.

Because of the close proximity of each dwelling in the community observed, it is difficult to fully identify which SSIDs are broadcasting from each house, especially if the SSIDs aren’t renamed.

Simple physics may have disallowed a signal from a wireless access point from reaching us or greatly affecting signal strength. Since these are radio waves we’re dealing with, solid objects like buildings, windows, furniture, wood, concrete, and metal can either absorb or reflect the signal. The saturation of wireless signals in a given area may have also reduced broadcast strength.

This exercise only represents one community which means it is not a good cross-section of what an average neighborhood in United States looks like.

Glossary

To help you understand terms and the plague of alphabet soup in the tech/security world that may pop up in this series, below is a handy glossary for you.

  • Access point – A wireless access point such as your router/gateway.
  • Extended Service Set (ESS) – Extending a service area by adding more access points.
  • Internet of Things (IoT) – A device connected to a network such as a smart TV, thermostat such as Nest, or a virtual assistant like Alexa.
  • Local Area Network (LAN) – Your internal network, whether it’s your home or your business.
  • Open Source Intelligence (OSINT) – The collection, analysis, and use of publicly available information.
  • Phishing – The use of electronic communication mediums (email, phone, SMS, social media) to establish trust with a victim and then exploit that trust typically for financial gain. This is a subset of Social Engineering.
  • Personally Identifiable Information (PII) – Information that can personally identify someone such as a Social Security Number, drivers license/passport, or bank account as examples.
  • Remote Desktop Protocol (RDP) – Developed my Microsoft to allow a user to connect to another computer on a network. This protocol uses a graphical interface.
  • Social Engineering – Framing someone’s reality in order to get them to achieve an outcome you’ve already predetermined. In the malicious sense this is framing someone’s reality with a couple of optimal outcomes. 1) To get a victim to give up sensitive information such as a username and password and/or 2) To get the victim to commit to an action that is out of character for them, such as entering commands into a command prompt/terminal and not understanding what it will do.
  • Service Set Identifier (SSID) – The name of a wireless network.
  • Virtual Private Network (VPN) – Creates a secure private network over the public facing Internet.
  • Wardriving – Driving in a vehicle with a computing device that has software used to identify wireless access points. The act becomes illegal when accessing these networks without the owner’s consent.
  • Warmarketing (our definition) – In the vein of wardriving/warwalking, we are defining this as collecting SSIDs via programmatic ways and using this data to further market goods/services to people. We are also defining it as the mass collection of user data in such a way that it creates a disparate impact among communities and peoples.
  • Warwalking – Walking around with a computing device that has software used to identify wireless access points. The act becomes illegal when accessing these networks without the owner’s consent.
  • WiFi Protected Access (WPA/WPA2) – This protocol to secure WiFi devices replaced WEP.
  • WiFi Protected Setup (WPS) – A standard used to create a secure wireless home network. This standard is vulnerable and should be disabled.
  • Wired Equivalent Privacy (WEP) – A protocol used to protect WiFi devices. This protocol is broken and should not be used to protect WiFi devices.