E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: The Wall Street Journal

Posted on February 5, 2008

      Next time you are sitting in a hotel lobby checking e-mail on your laptop, be careful: The "businessman" in the next lounge chair may be tracking your every move.

      Many Wi-Fi users don't know that hackers posted at hot spots can steal personal information out of the air relatively easily. And savvy criminal hackers aren't settling for just access to credit cards, bank accounts and other personal financial information; they love to sneak into your company's network, too.

      Whether you're using a Wi-Fi hot spot at a hotel, airport or cafe, "you've got to assume that anything you are doing is being monitored," said Shawn Henry, the deputy assistant director of the FBI's cybercrimes division.

      Home Wi-Fi networks are vulnerable, too, but it is far more fruitful for a hacker to pitch his tent in a busy hotel lobby or convention-center lounge where he can collect data from dozens of users. And Wi-Fi hot spots have proliferated, multiplying the potential targets for hackers.

      There were 66,921 hot spots in the United States last year, up 56 percent from 2006, according to JiWire Inc, an advertising cmpany. T- Mobile USA Inc. has 8,700 hot spots across the nation in such places as Starbucks and Borders Books & Music. AT&T Inc. has 10,000 hot spots in such places as McDonald's, Barnes & Noble and Coffee Bean & Tea Leaf.

      Henry said that businesses that offer Wi-Fi, such as hotels, often don't know that their networks have been breached and many times don't report incidents they know about for fear of bad publicity. Users are frequently unaware they have been hacked.

      As a result, there aren't solid figures on the number of wireless- hacking incidents. But the FBI for several years has received reports from educational institutions, private security companies, and other federal and local law-enforcement agencies about such attacks.

      While the chances any one person will be hacked aren't high, the payoff for criminals can be great, said Tom Brennan, a manager for AccessIT Group, which assesses companies' security vulnerabilities.

      In early 2006, when he was working for a different company, Brennan helped a financial institution determine how its data network had been breached. An employee working on a laptop in Midtown Manhattan's Bryant Park used what he thought was a publicly available Wi-Fi signal to get Internet access. But the signal he used had been set up by a hacker. When the employee reached his company's network, the hacker nabbed the employee's corporate user name and password.

      Prosecutions involving wireless hacking have been few, though there have been some high-profile cases. In September, Max Butler, known on the Internet as "Iceman," was indicted on charges of wire fraud and identity theft. Butler was alleged to have gone "war driving" - searching for unprotected Wi-Fi networks - and stole user names and passwords that gave him access to several banks' networks, according to the U.S. Department of Justice.

      Hackers have an assortment of tools in their bags to filch your personal information.

      Two popular methods are the "evil twin" and "man in the middle." Using either one, the hacker can monitor and record everything you do on the Web, including the input of credit-card numbers, user names and passwords. The hackers often sit or leave their equipment near other users but also can set up shop, say, out at the curb in a van.

      A hacker might be able to completely take over the laptop, said Rick Farina, an engineer with AirTight Networks Inc., a wireless-security company. The hacker can mine for vulnerabilities on your machine and search for user names and passwords. With access to your corporate user name and password, the hacker might be able to access your company's network to steal sensitive data.

      The Bryant Park incident was an evil-twin attack; the hacker offered a wireless network posing as a legitimate signal. Once you're connected to the bogus network, everything you do on the Internet can be tracked.

      In an evil-twin attack, the hacker might also direct users to a sham Web site, for example, one made to look like T-Mobile's. At that point, you're told to input credit-card information to purchase Wi-Fi access.

      A man-in-the-middle attack is similar in that the hacker sets up a deceptive Wi-Fi signal. But once you connect to that, the hacker funnels you to the legitimate wireless network.

      All of this happens behind the scenes undetected by the user. As a hacker, "the fact that you have come to me is =98Game over,' in most cases," said Amit Sinha, the chief technology officer at AirDefense Inc, a Wi-Fi-security company.

      Some of the big Wi-Fi providers offer software that users can employ to protect themselves. But there are also ways you can protect yourself:

      • Stay current. Make sure your laptop is up to date. Keep your firewall, antivirus and antispyware software current, too.

      • Use a VPN. Virtual private networks can be set up for personal, as well as corporate, use. Do a Web search for "personal VPN" or try a software retailer. Karen Hanley, senior director of the Wi-Fi Alliance, a nonprofit industry trade group, said that the chances of getting hacked using a wireless hot spot are slim. But "we need to remind people to practice safe computing."

      • Bank at home. Avoid conducting financial transactions at a hot spot. "Don't go sell your stocks or do any online banking," said David King, the chief executive of AirTight Networks.

      • Name your home network. For your home network, don't use the generic name, called the SSID, that came with the wireless router, said Robert Richardson, the director of the Computer Security Institute, an association of computer-security professionals. Hackers will often create Wi-Fi networks with such names as "default" or "linksys" (named after a router manufacturer) because most laptops are configured to automatically connect to networks that they've used in the past.

      • Give Wi-Fi a rest. Turn off your laptop's Wi-Fi capabilities when you don't need to connect to the Internet. Most laptops search for Wi-Fi signals automatically and the connection stays open even if you don't boot up your Web or e-mail application. If your laptop automatically connects to a Wi-Fi network run by a hacker, the hacker might be able to search your computer for sensitive data.

      • Wire up. John King, a 46-year-old engineer from Livermore, Calif., works for a company that mines computers for evidence in legal cases. He travels a lot for business and avoids Wi-Fi at hotels in favor of high-speed connections that plug into his laptop. He said he uses Wi- Fi to check e-mail and stock listings if that's the only means available, but only if he's sure of the signal. "I won't go on a wireless access point that I'm not confident in," he said.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.