Folks, I was at the airport and I popped open my laptop to hop on the net and upon doing so I encountered a seriously sneaky bastard. Do you see anything wrong with the image below?
Well, hopefully you notice the little icon of a laptop beside the network entitled “Free Public WiFi”. This is NOT a free wireless access point, but instead a laptop computer that someone has configured to capture your personal data and rob you blind.
The way this scam works is that a criminal entices unwitting suspects to connect to the Internet through their computer. Meanwhile, they are running packet sniffing software to read every bit of unencrypted data passing through it. This includes every web page you visit, the e-mails you write, and even the instant messages you send.
Why would someone want to do this? Because if they listen to what you say long enough they are eventually going to capture a password or some personally identifying information that could prove useful to them.
Oh, and if that isn’t bad enough, once your laptop is connected to theirs, you have opened the door for them to scan all of the ports on your machine in the hopes of finding a security loophole. If they do find one, they could install a rootkit or some other malware on your machine, turning it into a mindless zombie under their control from now on.
So, the bottom line here is, don’t be randomly connecting to just any old network you see. You need to ensure that you are actually connecting to a wireless access point (you can even tell Windows to ONLY show WAPs), and that you have a software firewall installed (see my list of Top 50 Favorite Freeware for recommendations).
Edit: Thanks to Kim for pointing out that there were YouTube videos on this topic. I found these two which share a little more info. The first is from Chris Pirillo:
Next is from a local news channel:
Oh good little tip. I know about computer security a small amount, but it’s always good to remember simple tips like this. I like that I never know what to expect from your blog.
I had actually been wondering about this for a while. A ‘free public wifi’ type thing appeared for me in my old apartment, and I (being clueless) assumed it was what it claimed to be. Fortunately I was never able to actually connect to it :)
Scary thought that someone would do that, I read another article about this a while back about a guy who had this happen to him ina hotel lobby. There are also some Youtube videos out there where they demonstrate this so you know what to look for.
Kim:)
Thanks for that pointer. I added a couple of videos to give folks more information. :-)
John
Yeah Derek, I like to keep you guys on your toes! ;-)
As far as I know, my Nintendo DS doesn’t support Adhock, and even if it would, I’d like to see the face of the guy who sniff my gaming packets :).
It’s funny because in many cases the Free WiFi scammers are targeting the people who have the least money. Business travelers probably have a paid subscription to T-Mobile or something like that, so they don’t care about and wouldn’t use a free access point.
John
This is a classic man in the middle attack, it has been done for years, both on wireless and wired network. It is hard to detect those if you are not careful.
S.
Wow, I should have known this but didn’t.. thanks for the heads up John. I’d seen that option in the settings and ignored it until now.. There are several neighbors with unsecured and you never do know who you’re connecting to, that’s for sure!
I liked the first video, the funny thing was that AspiringGeek was in the chat. I own aspiringgeek.com….did he steal my name?!?! :D