Publications

War driving and trainspotting

War driving and trainspotting are two urban phenomena which don’t seem to have anything in common. Trainspotters can be found at stations, at engine depots, and alongside the rails themselves, noting down train and engine serial numbers. Trainspotting is most popular in the UK and the USA, although trainspotters can be found in other countries.

The point of this seemingly pointless hobby is to ‘spot’ and record the serial numbers of all engines (and, for the true enthusiast, carriages as well) currently in use. Trainspotters exchange information about routes among themselves, and trainspotting became something of a cult activity after the release of the film of the same name.

So what has this got to do with wardriving? At first glance, absolutely nothing. But while I was in London researching WiFi networks, I started to notice some similarities:

Trainspotters and wardrivers have the same goal: to collect the maximum amount of data possible, whether it’s access points or engine numbers.
They can both be found outside in any weather, at any time of the year.
They use the same tools: laptops, mobile phones and PDAs.

The only difference is that trainspotters tend to stay in one place, whereas wardrivers are in constant motion, trying to cover as big an area as possible.

While I was in London, I felt I had to go and pay my respects to these dedicated hobbyists, and travelled to the trainspotters’ Mecca: King’s Cross and St Pancras stations. The trainspotters quietly, concentratedly entered data into their PDAs, and my wardriving laptop hummed quietly in my backpack, constantly scanning the surrounding digital environment. A meeting of two very different, but very similar, worlds.

You can read more about my London wardriving here

War driving and trainspotting

Your email address will not be published. Required fields are marked *

 

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox