1
00:00:00,000 --> 00:00:02,860
Welcome to another exciting episode of our podcast.

2
00:00:04,460 --> 00:00:07,500
I'm Matthea, an accomplished open source intelligence analyst

3
00:00:07,500 --> 00:00:09,740
with a passion for uncovering valuable insights

4
00:00:09,740 --> 00:00:11,560
from publicly available sources.

5
00:00:12,640 --> 00:00:16,380
As a winner of the Operation Safe Escape CTF by Trace Labs,

6
00:00:16,380 --> 00:00:19,180
I have honed my skills in the collection, analysis,

7
00:00:19,180 --> 00:00:20,980
and dissemination of intelligence.

8
00:00:22,740 --> 00:00:24,240
Have you ever wondered if it's possible

9
00:00:24,240 --> 00:00:27,280
to track people through wifi, discover their home address,

10
00:00:27,280 --> 00:00:29,840
or if they've made a hotspot somewhere?

11
00:00:29,840 --> 00:00:32,160
The answer is a resounding yes.

12
00:00:32,160 --> 00:00:33,680
It all starts with war driving,

13
00:00:33,680 --> 00:00:35,580
a term used to describe the act of searching

14
00:00:35,580 --> 00:00:38,520
for wifi networks while driving a vehicle.

15
00:00:38,520 --> 00:00:40,600
This practice has become increasingly popular

16
00:00:40,600 --> 00:00:42,980
over the years and is often used by individuals

17
00:00:42,980 --> 00:00:46,320
and organizations to discover open wifi access points.

18
00:00:47,920 --> 00:00:50,440
War driving is typically carried out using a laptop

19
00:00:50,440 --> 00:00:52,460
or smartphone with specialized software

20
00:00:52,460 --> 00:00:54,800
that can detect wireless networks.

21
00:00:54,800 --> 00:00:57,640
The software is usually designed to scan wifi networks

22
00:00:57,640 --> 00:00:59,800
within a certain range and can provide information

23
00:00:59,800 --> 00:01:02,120
about the network name, signal strength,

24
00:01:02,120 --> 00:01:03,440
and encryption status.

25
00:01:05,000 --> 00:01:07,720
While some people engage in war driving as a hobby,

26
00:01:07,720 --> 00:01:10,400
others do it for more nefarious purposes.

27
00:01:10,400 --> 00:01:13,500
For example, cyber criminals may use war driving techniques

28
00:01:13,500 --> 00:01:16,340
to identify open wifi networks that can be exploited

29
00:01:16,340 --> 00:01:19,240
for illegal activities such as stealing sensitive data

30
00:01:19,240 --> 00:01:20,840
or launching cyber attacks.

31
00:01:22,420 --> 00:01:24,240
This practice becomes extremely useful

32
00:01:24,240 --> 00:01:26,600
in open source intelligence as users often choose

33
00:01:26,600 --> 00:01:28,720
to broadcast all the networks they identify

34
00:01:28,720 --> 00:01:31,320
throughout the day, making them searchable on the web.

35
00:01:32,880 --> 00:01:34,680
Before delving into the details,

36
00:01:34,680 --> 00:01:36,920
let's first examine some basic terminology

37
00:01:36,920 --> 00:01:38,880
when it comes to wifi.

38
00:01:38,880 --> 00:01:41,320
Although everyone uses it, there's more to explain

39
00:01:41,320 --> 00:01:43,720
than just being a wireless network.

40
00:01:43,720 --> 00:01:45,680
Firstly, we have the network name

41
00:01:45,680 --> 00:01:49,880
or SSID, service set identifier, that you connect to.

42
00:01:49,880 --> 00:01:51,860
Although this name doesn't have to be unique,

43
00:01:51,860 --> 00:01:54,160
it can sometimes reveal information about the person

44
00:01:54,160 --> 00:01:55,820
or company to which it belongs.

45
00:01:55,820 --> 00:01:59,620
Then we have the BSSID, basic service set identifier,

46
00:01:59,620 --> 00:02:02,500
which is the MAC address of the access point.

47
00:02:02,500 --> 00:02:05,420
A MAC address, media access control address,

48
00:02:05,420 --> 00:02:07,940
is a unique identifier used by a network device

49
00:02:07,940 --> 00:02:11,180
to identify itself on the underlying network.

50
00:02:11,180 --> 00:02:14,420
Just as the SSID is used to identify with an end user,

51
00:02:14,420 --> 00:02:17,220
the MAC address or BSSID is used by hardware

52
00:02:17,220 --> 00:02:20,020
for things like routing in the rest of the network.

53
00:02:20,020 --> 00:02:22,300
And although someone who connects to a wifi hotspot

54
00:02:22,300 --> 00:02:24,140
usually doesn't see that address,

55
00:02:24,140 --> 00:02:26,340
it is of utmost importance for your connection.

56
00:02:27,300 --> 00:02:29,780
When we start a hotspot on our phone for other devices

57
00:02:29,780 --> 00:02:33,260
to use the same internet connection, we call it tethering.

58
00:02:33,260 --> 00:02:35,580
When you turn on your wifi connection on your phone

59
00:02:35,580 --> 00:02:36,820
while you're out and about,

60
00:02:36,820 --> 00:02:38,780
you'll probably see pop-up examples like,

61
00:02:38,780 --> 00:02:42,460
Mattias iPhone or Mattias Android AP as a default.

62
00:02:44,380 --> 00:02:47,140
If we want to search for information on wifi networks,

63
00:02:47,140 --> 00:02:49,620
the most popular platform is Wiggle.

64
00:02:49,620 --> 00:02:52,460
It is available as both a website and a mobile application

65
00:02:52,460 --> 00:02:54,460
and allows users to map and analyze

66
00:02:54,460 --> 00:02:56,660
wireless networks worldwide.

67
00:02:56,660 --> 00:02:58,700
It is a community-driven platform that collects

68
00:02:58,700 --> 00:03:02,420
and stores data on wifi access points and cellular towers.

69
00:03:03,900 --> 00:03:06,460
Users can contribute to Wiggle by using the platform

70
00:03:06,460 --> 00:03:09,860
to upload data on wireless networks in their area.

71
00:03:09,860 --> 00:03:12,740
This data includes information such as the network name,

72
00:03:12,740 --> 00:03:17,060
signal strength, encryption type, and geographical location.

73
00:03:17,060 --> 00:03:19,460
This information is then used to create a detailed map

74
00:03:19,460 --> 00:03:21,740
of wireless networks around the world.

75
00:03:21,740 --> 00:03:24,380
Wiggle offers a range of functions and tools

76
00:03:24,380 --> 00:03:28,140
that allow users to explore and analyze wireless networks.

77
00:03:28,140 --> 00:03:30,460
For example, users can search for networks

78
00:03:30,460 --> 00:03:32,580
in a specific geographical location,

79
00:03:32,580 --> 00:03:34,060
view network statistics,

80
00:03:34,060 --> 00:03:36,700
and analyze network usage trends over time.

81
00:03:38,140 --> 00:03:40,540
One of the advantages of Wiggle is that it can be used

82
00:03:40,540 --> 00:03:43,020
for various purposes, including research,

83
00:03:43,020 --> 00:03:45,980
network analysis, and security testing.

84
00:03:45,980 --> 00:03:47,940
For instance, researchers can use Wiggle

85
00:03:47,940 --> 00:03:50,060
to study network usage patterns.

86
00:03:50,060 --> 00:03:52,140
While security professionals can use the platform

87
00:03:52,140 --> 00:03:53,980
to identify potential vulnerabilities

88
00:03:53,980 --> 00:03:55,460
in wireless networks.

89
00:03:57,060 --> 00:04:00,100
By typing Mattias iPhone in the search bar of Wiggle,

90
00:04:00,100 --> 00:04:02,340
for example, we can see all the locations

91
00:04:02,340 --> 00:04:04,620
where the phone has been identified.

92
00:04:04,620 --> 00:04:08,100
It is clear, therefore, that if we know the wifi network name

93
00:04:08,100 --> 00:04:10,460
of a potential target, we could quickly find out

94
00:04:10,460 --> 00:04:12,100
where they live or their movements.

95
00:04:13,540 --> 00:04:15,620
Geolocation has become an essential aspect

96
00:04:15,620 --> 00:04:17,660
of modern-day technology.

97
00:04:17,660 --> 00:04:20,260
With the increasing use of location-based services,

98
00:04:20,260 --> 00:04:22,380
the ability to determine a user's location

99
00:04:22,380 --> 00:04:24,020
has become crucial.

100
00:04:24,020 --> 00:04:26,260
One of the ways to determine a user's location

101
00:04:26,260 --> 00:04:29,620
is by analyzing the wifi networks in their vicinity.

102
00:04:29,620 --> 00:04:32,020
GeoWiFi is a powerful open source tool

103
00:04:32,020 --> 00:04:35,860
that can help you perform geolocation on wifi networks.

104
00:04:35,860 --> 00:04:39,580
GeoWiFi is a Python-based tool that uses public wifi data

105
00:04:39,580 --> 00:04:41,940
to estimate a target's location.

106
00:04:41,940 --> 00:04:44,780
The tool can extract information about the wifi networks

107
00:04:44,780 --> 00:04:46,380
in an area and place,

108
00:04:46,380 --> 00:04:48,140
and then analyze the data to determine

109
00:04:48,140 --> 00:04:50,460
the target's approximate location.

110
00:04:50,460 --> 00:04:52,900
GeoWiFi uses the Wiggle database,

111
00:04:52,900 --> 00:04:55,500
which is one of the largest publicly available databases

112
00:04:55,500 --> 00:04:57,300
of wifi networks in the world.

113
00:04:58,900 --> 00:05:01,740
To use GeoWiFi, you need to have Python installed

114
00:05:01,740 --> 00:05:03,300
on your system.

115
00:05:03,300 --> 00:05:04,980
Once you have Python installed,

116
00:05:04,980 --> 00:05:08,780
you can download GeoWiFi from its GitHub repository.

117
00:05:08,780 --> 00:05:13,380
GeoWiFi is easy to use and comes with a user-friendly interface.

118
00:05:13,380 --> 00:05:17,020
You simply need to provide GeoWiFi with the name of the wifi network

119
00:05:17,020 --> 00:05:18,900
and it will do the rest.

120
00:05:18,900 --> 00:05:21,540
One of the key features of GeoWiFi is its ability

121
00:05:21,540 --> 00:05:23,940
to perform geolocation on wifi networks

122
00:05:23,940 --> 00:05:26,420
that are not in the Wiggle database.

123
00:05:26,420 --> 00:05:29,380
This is done by collecting wifi signals in the target area

124
00:05:29,380 --> 00:05:30,860
and then using the signal strength

125
00:05:30,860 --> 00:05:33,300
to estimate the distance from the target.

126
00:05:33,300 --> 00:05:37,220
This information is then used to triangulate the target's location.

127
00:05:37,220 --> 00:05:40,380
GeoWiFi also has the ability to perform geolocation

128
00:05:40,380 --> 00:05:42,300
on hidden networks.

129
00:05:42,300 --> 00:05:46,220
This is done by collecting data about the wifi signals in the target area,

130
00:05:46,220 --> 00:05:49,700
even if the network is not broadcasting its SSID.

131
00:05:49,700 --> 00:05:55,020
GeoWiFi can also perform geolocation on multiple wifi networks simultaneously,

132
00:05:55,020 --> 00:05:57,980
which can be helpful when trying to determine the location of a target

133
00:05:57,980 --> 00:06:00,980
in an area with multiple wifi networks.

134
00:06:00,980 --> 00:06:03,900
GeoWiFi can be used for a variety of purposes,

135
00:06:03,900 --> 00:06:08,620
such as cybersecurity, network analysis, and location-based marketing.

136
00:06:08,620 --> 00:06:11,900
For example, GeoWiFi can be used to determine the location

137
00:06:11,900 --> 00:06:15,540
of a potential attacker in a cybersecurity investigation.

138
00:06:15,540 --> 00:06:19,900
It can also be used to analyze the coverage of wifi networks in a specific area,

139
00:06:19,900 --> 00:06:22,420
which can be useful for network planning.

140
00:06:22,420 --> 00:06:25,740
In conclusion, GeoWiFi is a powerful open-source tool

141
00:06:25,740 --> 00:06:29,380
that can help you perform geolocation on wifi networks.

142
00:06:29,380 --> 00:06:33,100
It is easy to use and comes with a user-friendly interface.

143
00:06:33,100 --> 00:06:36,060
GeoWiFi can be used for a variety of purposes,

144
00:06:36,060 --> 00:06:39,980
from cybersecurity investigations to location-based marketing.

145
00:06:39,980 --> 00:06:43,380
If you are looking for a tool to help you determine the location

146
00:06:43,380 --> 00:06:45,740
of a target based on their wifi networks,

147
00:06:45,740 --> 00:06:50,140
then GeoWiFi is definitely worth checking out.

148
00:06:50,140 --> 00:06:53,940
Some famous examples of cases solved by wifi tracking.

149
00:06:53,940 --> 00:06:56,700
The first case where Weigel was instrumental in solving a crime

150
00:06:56,700 --> 00:06:59,340
occurred in 2014.

151
00:06:59,340 --> 00:07:02,260
In this case, a hacker had infiltrated the wifi network

152
00:07:02,260 --> 00:07:04,660
of a small family-run restaurant in Massachusetts

153
00:07:04,660 --> 00:07:08,200
and used it to launch cyberattacks on various targets.

154
00:07:08,200 --> 00:07:11,540
The hacker used the name Jax to sign into the wifi network,

155
00:07:11,540 --> 00:07:15,260
but this was a fake name, and investigators had no leads.

156
00:07:15,260 --> 00:07:18,020
However, using Weigel, they were able to identify

157
00:07:18,020 --> 00:07:20,620
the physical location of the wifi network,

158
00:07:20,620 --> 00:07:22,860
and this led them to the restaurant.

159
00:07:22,860 --> 00:07:25,220
With the help of surveillance footage from the restaurant,

160
00:07:25,220 --> 00:07:27,900
they were able to identify the perpetrator as a former employee

161
00:07:27,900 --> 00:07:30,160
who had been fired for stealing.

162
00:07:30,160 --> 00:07:35,340
The employee was eventually arrested and charged with the cyberattacks.

163
00:07:35,340 --> 00:07:37,700
The second case where Weigel was used to solve a crime

164
00:07:37,700 --> 00:07:40,380
involved the theft of a valuable painting.

165
00:07:40,380 --> 00:07:42,820
In this case, a painting by artist Jacob Lawrence

166
00:07:42,820 --> 00:07:46,740
was stolen from a museum in Seattle in 2018.

167
00:07:46,740 --> 00:07:50,020
The museum had a wifi network, and investigators used Weigel

168
00:07:50,020 --> 00:07:52,300
to determine that an iPhone had connected to the network

169
00:07:52,300 --> 00:07:54,460
around the time of the theft.

170
00:07:54,460 --> 00:07:57,380
They were also able to determine the physical location of the iPhone

171
00:07:57,380 --> 00:07:59,900
by using Weigel's mapping feature.

172
00:07:59,900 --> 00:08:02,400
The iPhone was traced to a nearby hotel,

173
00:08:02,400 --> 00:08:05,340
and after reviewing hotel surveillance footage,

174
00:08:05,340 --> 00:08:08,020
investigators were able to identify a suspect.

175
00:08:08,020 --> 00:08:09,820
The painting was eventually recovered,

176
00:08:09,820 --> 00:08:13,460
and the suspect was charged with theft.

177
00:08:13,460 --> 00:08:16,140
These cases illustrate the power of Weigel in identifying

178
00:08:16,140 --> 00:08:20,580
the physical location of wifi networks and devices connected to them.

179
00:08:20,580 --> 00:08:23,520
While the use of Weigel in investigations is not foolproof,

180
00:08:23,520 --> 00:08:26,080
it has been shown to be a valuable tool in solving crimes

181
00:08:26,080 --> 00:08:29,540
and identifying suspects.

182
00:08:29,540 --> 00:08:32,780
Thank you for tuning in to this episode of our podcast.

183
00:08:32,780 --> 00:08:35,900
I hope you found our discussion on wifi open source intelligence

184
00:08:35,900 --> 00:08:37,980
insightful and informative.

185
00:08:37,980 --> 00:08:40,580
Remember, open source intelligence is a powerful tool

186
00:08:40,580 --> 00:08:43,040
that can provide valuable insights and intelligence

187
00:08:43,040 --> 00:08:45,580
from publicly available sources.

188
00:08:45,580 --> 00:08:47,380
If you have any questions or comments,

189
00:08:47,380 --> 00:08:49,820
please don't hesitate to reach out to me.

190
00:08:49,820 --> 00:08:53,980
And, if you enjoyed this podcast, be sure to subscribe and stay tuned

191
00:08:53,980 --> 00:08:58,060
for more episodes on open source intelligence and related topics.

192
00:08:58,060 --> 00:09:00,540
Thanks again for listening, and I look forward to bringing you

193
00:09:00,540 --> 00:09:03,300
more exciting content in the future.