I first became interested in the potential of Wigle (Wireless Geographic Logging Engine) and Wardriving for the purpose of OSINT just short of 3 years ago after reading Micah’s (@WebBreacher) excellent blog on it, which you can read here, https://osintcurio.us/2019/01/15/tracking-all-the-wifi-things/. Since then it has become one of my go to tools for OSINT.
I would encourage you to read Micah’s blog as my blog does not aim to replace it. It will also help you understand how Wigle works, which means I don’t need to do as much writing. What I want to do is share my experience of how Wigle has helped me with my OSINT research.
At the same time I was writing this Blog one of OSINT’s unsung heroes GONZO (@GONZOs_int) released a thread on Twitter, https://twitter.com/GONZOs_int/status/1466872414470651917 add this to your Wigle arsenal too.
You can use Wigle without an account but I would recommend creating one as you will then have more options available, such as being able to use the advanced search options. No need to provide anything other than, an email address, username and password to create your account.
I have never received another email from Wigle since I authenticated my account, which we like, I don’t see much activity from my uBlock Origin extension, which we also like. Wigle will ask permission to access you location, which you can block and the site will still work fine.
From an OPSEC perspective you should not have your browser set up, so websites can automatically access your webcams, microphones or location etc. Remember I tweeted a Top Tip about how a VPN may not be enough to hide your location due to what websites can access on your computer, check here to see if you are protected, z0ccc.github.io/LocateJS/
I do not usually use Wigle as my first port of call when I am carrying out an OSINT investigation. I like to build up as much information as I can about a subject as this can make searching Wigle more productive but I have had times where I have struggled with my research so have turned to Wigle.
There are three main search tools I feel you need to remember when using Wigle:-
BSSID – Device / Network Name
SSID – MAC Address
Location – Country, City, Street or even a postcode (ZIP)
Below is a screenshot of the advanced search options. The highlighted red boxes are what I use the most.
Micah demonstrated in his blog how easy it is to search for Apple iPhones because of the way Apple names the phone using your own name after you have set up your profile.
What if we only had a first name and a town or city where our subject lived. Can we search Wigle and find a physical address?
In the below image I know my subject is called David and that he lives in Derby in the UK. I have used the % wildcard after the name so that Wigle will return everything it has saved with the name David in it, in Derby.
Wigle has returned 35 results, which I do not think is an amount that we cannot research further.
In the next image below I picked an SSID that I am interested in. What you have to remember is how the coordinates are recorded on Wigle is subject to different variants and as you can see from Wigle’s own map, the location of the SSID we are interested in may not be plotted 100% accurately. The grey area is where Wigle has plotted the device / network location. The locations shown will be of the person who is doing the Wardriving at the time the device / network was recorded.
From a privacy perspective I have tried to anonymize the results without spoiling the methodology or result.
I am not a massive fan of Wigle’s own interactive map but we have to appreciate that Wigle is a community and they do not have infinite resources. For continuity purposes I have used the mapping site that Micah recommended https://www.mapcustomizer.com/ and I have plotted all the longitude and latitude coordinates that Wigle has provided.
It appears from the above map that our subject may live in or around the above area of Derby. In the UK we have a very useful data aggregation website called 192.com. It will give you a taster of the information it holds. You would need to create an account and pay for full access.
For our purposes the partial details it provides will suffice as we can use what it does give us to pivot into other areas, social media etc. I can tell you DE1 is the postcode of the above area. I initially searched on the above location, which gave me a list of people who lived on the Road of interest.
I then clicked through the results until I found one called David, which then brought up the full name, as below.
I used David%, don’t forget though that David could be david, Davy, davy, Dave or dave, etc, so you may need to do more than one search.
The example I have done above is purely fictitious however using the above methodology and plenty of tenacity has brought me good results. I have turned a first name and city into potential a home address as well as obtaining a last name and partner’s name. This opens up other avenues for us to explore.
It is by no way a forgone conclusion that you will find what you are looking for but Wigle is a powerful OSINT tool that cannot be ignored.
In this second scenario I only know my subject’s name and where they work and I know very little else. If you remember from a previous blog that myself and Ritu Gill (@OSINTtechniques) did, which you can read here, https://www.cqcore.uk/are-you-linked-in/ how easy it is to search LinkedIn for your subject. Well work places are subject to Wardriving too.
In this example we will say that our subject works at Television Centre, London. All the purple spots represent a device / network. By zooming in you can see the individual BSSID & SSID or you could scroll down the list of devices in the table of results.
