The free Wi-Fi hotspot you just logged into in the hotel lobby to read your e-mail, conduct your banking, or read the news wasn’t necessarily a nice amenity provided by the hotel. In fact, it might have been operated by the well-dressed gentleman sitting beside the potted palm. While you sent your confidential proposal, he was collecting people’s credit cards numbers, user names, and passwords, all while enjoying the ambiance and a drink from the lobby bar.
Referred to as “evil twins,” hot spots that seem legitimate but are operated by a hacker are increasingly popping up in public and semi-public spaces (that free Wi-Fi hotspot named FREE WIFI you found in your hotel room doesn’t sound so good anymore, does it?). These evil twins can even have legitimate-sounding names, such as “Hilton Hotspot” and can also be found in cafés, airports, parks, and even office buildings.
Many laptops are set to connect to any open network and that can lead to trouble. Travelers can protect themselves by knowing the network they are connecting to.
What you can do to protect yourself:
- Use a Virtual Private Network (VPN), either through your corporate IT department or services such as JiWire’s HotspotHelper. VPNs encrypt your online session, making it impenetrable to nearby snoops.
- If in doubt, don’t log into systems requiring a user name and password that could be exposed.
- Don’t rely on the lock icon on your browser; illegitimate Web sites can obtain digital signatures as easily as legitimate sites.
- Watch the Web address. A hacker could intercept your legitimate request for www.citibank.com and change it to something that might look similar, such as www.cittibank.com, where he collects your user name and password.
- Turn off peer-to-peer networking.
- Turn off “automatically connect to non-preferred networks.”
- Think of public hotspots as shared resources. If you aren’t using a VPN, restrict your surfing to Web sites and pages that you don’t mind sharing with the gentleman sitting nearby.
- Disable file sharing (in Windows XP, check the Properties tab of your main folders and look for the Sharing tab).
- Make sure you are using a firewall, a feature that is included in recent Windows and Mac operating systems.
Even known systems run by hotels and conference venues can be insecure. More on that in coming weeks.
Jonathan B. Spira is CEO and Chief Analyst at Basex.