The first time Jesse Harrison was hacked was around the time she logged on to a coffee shop's open WiFi network to pay a bill. She entered her credit card information and paid the bill as always. But the next day she noticed something odd — there were fraudulent charges on her statement. It looked as if her credit card information had been stolen.
“I am very careful with my credit cards, and this was a card that I used very rarely,” Harrison said. “So I believe there is a high chance that's how my information got stolen.”
Although it may be convenient to use free, public, unsecured WiFi — such as those found in some hotels, airports and coffee shops — is the least secure. Criminals have been using them to easily steal your information, potentially hijacking your device and possibly your life through these unprotected networks.
And these criminals are employing hard-to-notice tactics, such as sniffers and official-looking network names, to accomplish all of this.
“Gone are the days where you would have to be a computer engineer to hack into people’s devices via WiFi,” says Ryan Wright, an associate professor of information systems at the Isenberg School of Management at the University of Massachusetts at Amherst. “Now any semi-tech-savvy person can download an application and track any unencrypted traffic on the WiFi connection.”
Good-guy IT security professionals have been using sniffers, software that reads wireless data as it travels through the air, to determine the security of a network. But bad guys have been using them to see your data as it travels from your device to the router communicating the wireless Internet signal.
And sniffers are hard to detect.
“Think of wireless networks as the old-style party phones where anyone can pick up their phone and listen to other people’s conversations,” Wright says. “The only way you would know if someone else was listening on the party line was to hear them make an inadvertent sound. Sniffers work under a similar principle. They listen to the traffic but rarely, if ever, generate any traffic on the network.”
Another way hackers can get your information while you’re traveling is by setting up a legitimate-looking WiFi connection, which experts say are typically named something like “Free WiFi” or “Public WiFi.” An unsuspecting customer at, say, a coffee shop will then connect to the hacker’s “Free WiFi” network, unknowingly giving the hacker his or her information. Criminals have also used default router names such as “Netgear” or Belkin to trick people into trying to find free WiFi.
And if the customer has enabled sharing of folders, hackers can directly steal files and folders. The hackers also could spoof legitimate websites with hopes that people will provide a username and password.
“When someone uses a spoofed WiFi connection, hackers can then replace requests for legitimate websites with spoofed websites designed to steal usernames and passwords,” Wright says. “For example, if I access a spoofed WiFi connection and go to American Express, the hackers would send me a fake website instead with the hopes that I enter in my username and password.”
All of this allows the hacker to just sit back and collect information that is garnered when people surf the web.
To guard your data against people who are up to “no good” while you are on the road, here are some do’s and don’ts from Robert Siciliano, identity theft expert with BestIDTheftCompanys.com.
- Don't leave your spot without your device on you — not even for a moment. You may come back and still see your computer where you left it … but a thief may have installed a key logger in it to capture your keystrokes.
- Don't email messages of a sensitive or serious nature.
- When your computer begins seeking out a network to connect to…do not let it just drift to the first one it wants. See if you can choose one.
- Don’t leave your file sharing on.
- If you’re not using your wireless card, then don't leave it on. Shutting down your wireless card on your device prevents your device from searching for and connecting to just any WiFi. Many devices automatically connect to known and "trusted" WiFi that may, in fact, be vulnerable to attack. Turning off the WiFi card prevents your device from automatically connecting to potentially comprised networks.
- Don’t do banking or any other sensitive activities.
- Don’t position your device so that someone nearby can see the screen.
- Look around before you settle into a nice spot.
- Sit somewhere so that your back is facing a wall.
- Assume all WiFi links are suspicious.
- See if you can confirm that a given WiFi link is legitimate.
- Assume that if the connection name is similar to the WiFi spot, that this could mean that the hacker was clever. Inquire of the manager of the coffee shop, hotel, etc., for information about their WiFi access point.
- You should consider using your cellphone for sensitive activities such as online shopping.
- But cellphone or not, see whether you could avoid visiting sites that can make it easier for hackers to nab your data — sites such as those related to banking or social media and any site on which your credit card information is stored.
- Use a VPN, or virtual private network. A VPN creates an impervious tunnel through which your data travels. The tunnel encrypts all of your banking, email and other sensitive transactions, as well as downloads, so that you won’t have to worry about a thief or snoop intercepting your transmissions.