Words of Advice Before You Use a Wireless Network AgainPart two of a three-part story.
This is the second installment of our series about how easy it is for you to get hacked when using the free Internet at a coffee shop or airport. In Part One, we saw how a hacker (Mr. H.) was able to see the Internet activity of others at a public hotspot.
There are three things working against most of us who use free Internet at coffee shops, hotels and other hotspots: innocence (or naivete), skilled hackers, and easily available stealth technology. To see a person like Mr. H. in action (a hacker who is demonstrating his abilities), it makes us realize that we all need to be smarter when we're online.
Why? Because not long after Mr. H. gets the password for the wireless network at the cafe we're visiting, he begins to redirect the Internet traffic through his own networking devices. Hard to believe anyone would "allow" that, but they don't know it's happening.
Smartphones acting dumb.
Sophisticated technology is partly to blame. When you open up a computer or smartphone browser, they automatically search for connection to a wireless network—for any and all available (nearby) networks. Most smartphones, laptops and tablets automatically search and connect to Wi-Fi networks. They also search for networks with which they've had a connection before (AT&T, T-Mobile, etc.).
And that plays right into a hacker's hands. Fortunately for us (and those at the cafe), Mr. H. isn't out to hack anyone—he's just demonstrating how it's done and how easy it is for a hacker who knows what he or she is doing. And it's surprising how easy it is for him. The scary part? If he wanted to do some serious hacking (actually stealing passwords, data and all that), he could do it quickly.
What makes this possible? For one, the small "black box" device he uses is inexpensive, and the software needed to capture Internet traffic can be found and downloaded quickly—and the software isn't hard to master for a sharp techie. (It's not necessarily "plug and play," but once he has the device and the software, he's on his way.)
Things are not what they seem.
Back in the cafe, visitors are pulling out their wireless-enabled devices and searching for the free Wi-Fi network. What they don't realize is that Mr. H.'s black device and computer are capturing their network searches and are showing up as legitimate available networks.
Amazingly, Mr. H. can see on his laptop the networks that the cafe's customers have used in the recent past (home, a library and a hotel). In no time, someone's iPhone connects to the available network, which is run operated by the non-descript man, our Mr. H., sitting nearby.
You're probably thinking that you'd notice a weird network name. But what you don't realize is that a hacker can send out a real-sounding-but-disguised network name to lure you in. So the network you see showing up called "Cafe Network" might sound legitimate—but it may not be the actual network. It simply may have a name that looks like another option.
If you're in a cafe and see "Cafe Network," why wouldn't you think everything is okay?
Deception at work.
To see the deception at work is amazing...and alarming. As more people show up to have a latte and check their email and Facebook pages, about a dozen of them quickly log in to the network run by our hacker.
What is at risk here? According to statistics kept by agencies that track cyber theft, hackers routinely steal the following types of information:
- Credit card account numbers
- Birth dates
- Medical histories
- Home and cell phone numbers
- Social Security account numbers
- Home and work addresses
- Email account usernames and passwords
- Bank and retail account usernames and passwords
Keeping it safe.
Then again, not everybody who falls for a phony wireless network suffers damage. People who protect their passwords and don't log in to sensitive sites when they're on free Wi-Fi would likely avoid problems. If you're lucky, there won't be a real hacker in sight on the day you choose to use a wireless network.
But what if there were? You've just seen the danger that lurks out there, and just how easy it is to be hacked. Be alert, be smart, and you'll be safer online.