Open public Wi-Fi networks boon for hackers to steal sensitive data
New Delhi, July 13 (IANS) If you are a frequent business traveller and spend most of your time away from the safe internet boundaries of your office or home, be warned. Public Wi-Fi networks — at the hotel lobby, in the spa, at the poolside or inside a shopping mall — are not at all secure for official work, sensitive data sharing or transferring funds.
According to a latest report by Russia-based software security group Kaspersky Lab, business travellers, particularly senior executives, are more likely to be deprived of valuable private and corporate data than money as they travel abroad.
One in five persons has been a target of cyber crime while abroad and a third (31 per cent) of them are senior business managers, the report said.
“The biggest threat to public Wi-Fi security is the ability for the hacker to position himself between you and the connection point. So instead of talking directly with the Wi-Fi network, you are sending key information to the hacker who then relays it on,” Lucknow-based social media analyst Anoop Mishra told IANS.
There have been numerous cases where vulnerabilities in public Wi-Fi networks have been routinely reported.
“Hackers have time and again demonstrated that breaking into public Wi-Fi networks is very easy. In fact, hackers often use public Wi-Fi networks for the purposes of hacking into confidential information and data of users who log into these Wi-Fi networks without understanding the cyber security ramifications of the same,” Pavan Duggal, one of the nation’s top cyber law experts, told IANS.
The Kaspersky Lab report found the pressure from work to get online is clouding the judgment of business travellers when connecting to the internet.
Three in five (59 per cent) persons in senior roles said they try to log on as quickly as possible upon arrival abroad because there is an expectation at work that they will stay connected. By the time business travellers reach the arrivals’ terminal, one in six is using their work device to get online.
According to experts, open Wi-Fi networks are generally unencrypted because you don’t have to enter a passphrase key when connecting. “While working in this setup, the hacker has access to every piece of information you’re sending out on the internet — important emails, credit card information and even security credentials to your business network,” Mishra said.
This was illustrated most sensationally with Firesheep, an easy-to-use tool that allows hackers sitting in coffee shops to snoop on other people’s browsing sessions and hijack them via open Wi-Fi networks.
“More advanced tools like Wireshark could also be used to capture and analyse traffic on public Wi-Fi networks,” Mishra added.
Another report from EMC Corporation — the world’s largest data storage multinational — revealed last week that Indian businesses lost over $1 million from data loss and downtime in the last 12 months.
According to Duggal, also a Supreme Court advocate, company executives need to adopt various cyber hygiene methodologies in order to avoid online data stealing while travelling abroad.
“Having in place an updated anti-virus software on your computer system is a critical component. There are several encrypted data services available which can be used abroad. Company executives should only access HTTPs sites being secure sites,” he suggested.
“If you’re accessing something sensitive on public Wi-Fi, try to do it on an SSL (Secure Socket Layer) encrypted websites. The Https browser extension can reduce the risk by redirecting you to an encrypted page when available,” Mishra explained.
A VPN (virtual private network) connection can also protect you online.
“A VPN connection is a must when connecting to your business or banking through an unsecured connection like an open Wi-Fi hotspot. Even if a hacker manages to position himself in the middle of your connection, the data here will be strongly encrypted. Since most hackers are after an easy target, they’ll likely discard stolen information rather than put it through a lengthy decryption process,” Mishra pointed out.
Remember that any device could be at risk — be it laptop, smartphone or tablet.
Treat all Wi-Fi links with suspicion, turn off file/computer/network sharing and avoid using specific websites where there’s a chance that cyber criminals could capture your identity, passwords or personal information.
“Protect your device against cyber attacks by making sure that these have a strong and updated anti-malware and security solution. Keep Wi-Fi off when you do not need it,” noted Mishra.
In case data is stolen abroad, a person can report a matter in the relevant country where the data theft has taken place for the purposes of nabbing the hacker and data retrieval.
“We must know that there is no single global law on data protection or on cyber crime. The Convention on Cybercrime of the Council of Europe is one such international initiative that is aimed at international co-operation in cyber crime-related matters,” Duggal explained.
If you choose to be silent and do not report the same, the chances of your coming back to your own country and then reporting the matter would be substantially diminished.
“This is important as the law-enforcement agencies in your country may not want to register and prosecute the said matter,” Duggal said.