Identity Theft Is Easy

I was watching the Today Show this morning and they had a short piece on the NYC’s implementation of free wireless in many of the subway stations in the city.  Free Wi-Fi can be found at many businesses today (many food chains are now offering it to their customers; Starbucks, Dunkin Donuts, etc…) and it is often a great convenience to people who are out and about with their iPads and/or their smartphones.  But with this simplicity comes responsibility.

What the majority of WiFi users do not realize is just how EASY it is for a hacker to grab your signal “out of the air” and analyze it on their laptops almost instantaneously, as you are browsing the web.  So what does this mean?  Well if you are checking your emails and are not using a secured connection, bingo!  The hacker now has your email address and password.  If you are logging into a small ecommerce site to check the status of your order and it is unencrypted, guess what?  They now have your username and password to that site.  AND if you are placing a new order and entering in your credit card on an unencrypted connection… well I think you know…

There are two tools to help you protect yourself and your data.  First when using Wi-Fi connections to connect to your work or to your home computers, if its possible, look to setup a VPN (virtual private network) to make your connections.  So as not to get too technical, think of a VPN as a special tunnel on the Internet where only your data can move through – if anyone should try to intercept your data “out of the air”, all they will see are random characters and numbers; basically gibberish.

For those of you that may not have the means to setup/maintain a VPN, the second tool is to make sure your sensitive data connections are using SSL (secure socket layer) protection.  (in your browser the website should read https:\www.mysite.com versus a non-encrypted site name of http:\www.mysite.com  (does not have the “s” in the http).

This goes for your email servers as well.  If you are unsure, definitely ask someone to check it out for you, to make sure your email server is using SSL or TLS.

As a final note, to give you a quick example, below is a free utility that anyone can download from Microsoft and use (click the images to zoom in).  While it isn’t exactly a tool a hacker would use to sniff Wi-Fi connections, it does show you how easy these utilities are made, to help read sensitive information.  The first screen shot shows a user logging into an unencrypted website via FTP (notice the username and password shown).  The second screen shot shows an encrypted connection using SSL.

All that was needed to see the information going across the net via Wi-Fi was to press the Start button on the software.  That’s it.

Be wise. be safe.

No encryption for Wi-FiEncrytped Connection across Wi-Fi