By CRAIG SILVERMAN
Globe and Mail Update
July 22, 2008
One day last December, Brad Haines pulled a long black trench coat over
his black shirt and pants, perched his trademark black fedora on top of
his straight, shoulder-length hair and strapped on a backpack filled
with a laptop and other electronics. And, like many people in Edmonton
during the holiday season, he headed to the West Edmonton Mall.
The mall is home to more than 800 stores and occupies a space equivalent
to roughly 48 city blocks, so Haines knew he'd have no trouble finding
gifts. But he wasn't here to shop. No, this expedition was all work. His
mission: Take a "warwalk" of North America's largest mall, using his
equipment to search out unsecured wireless networks as he walked past
the building's stores. (Do it in a car and it's called wardriving; on
public transit, it's warriding.) The point of wardriving isn't to
actually access anyone's wireless network.that could result in
warjailing. Rather, the idea is to simply survey the number of wireless
networks within the building, evaluate their level of security and alert
the owners to any vulnerabilities.
Haines, 28, had been wardriving through the streets of Edmonton since
2002 and had catalogued roughly 80,000 wireless networks, whether
home-based or those belonging to companies. But the mall represented
uncharted territory. "Nobody had done a good wireless survey of the West
Edmonton Mall, and if you throw in Christmas shopping crowds, it's a
little more interesting," he says. "Everything lined up for a really
good guerrilla analysis, because you have big crowds and a massive
amount of spending going on. If you're thinking as an attacker, that's
the time of year you want to do something, because there are so many
Haines's fondness for wardriving, plus his all-black "uniform," would
lead the average executive to conclude that he's a nefarious hacker. But
since he first began mapping WiFi networks in and around Edmonton,
Haines has become well known as a wireless security expert, often
consulting for companies and government agencies (non-disclosure
agreements prevent him from naming names). And he's regularly invited to
speak at major security and hacking conferences in North America and
Europe, including DefCon, ShmooCon and Hackers On Planet Earth, or HOPE.
(A few of his recent presentations: "Legal and Ethical Aspects of
Wardriving," "Standards Bodies ... What Were These Guys Drinking?" and
"New Wireless Fun From the Church of WiFi.")
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com