Hot spots, weak spots: Unsuspecting users falling prey to Wi-Fi hackers
Many Wi-Fi users don't know that hackers posted at hot spots can steal personal information out of the air relatively easily. And savvy criminal hackers aren't settling for just access to credit cards, bank accounts and other personal financial information; they love to sneak into your company's network, too.
Whether you're using a Wi-Fi hot spot at a hotel, airport or cafe, "you've got to assume that anything you are doing is being monitored," says Shawn Henry, deputy assistant director of the Federal Bureau of Investigation's cybercrimes division.
Home Wi-Fi networks are also vulnerable, but it is far more fruitful for a hacker to pitch his tent in a busy hotel lobby or convention-center lounge where he can collect data from dozens of users. And Wi-Fi hot spots have proliferated, multiplying the potential targets for hackers. There were 66,921 hot spots in the United States last year, up 56 percent from 2006, according to advertising firm JiWire Inc.
T-Mobile USA Inc. has 8,700 hot spots across the nations in such places as Starbucks and Borders Books & Music. AT&T Inc. has 10,000 hot spots in places including McDonald's, Barnes & Noble and Coffee Bean & Tea Leaf.
Users are frequently unaware they have been hacked. As a result, there aren't solid figures on the number of wireless-hacking incidents. But for several years the FBI has received reports from educational institutions, private security companies and other federal and local law-enforcement agencies about such attacks.
While the chances any one person will be hacked aren't high, the payoff for criminals can be great, says Tom Brennan, a manager for AccessIT Group, which assesses companies' security vulnerabilities.
In early 2006, when he was working for a different firm, Brennan helped a financial institution determine how its data network had been breached. An employee working on a laptop in Midtown Manhattan's Bryant Park used what he thought was a publicly available Wi-Fi signal to get Internet access. In fact, the signal he used had been set up by a hacker. When the employee reached his company's network, the hacker nabbed the employee's corporate user name and password.
Prosecutions involving wireless hacking have been few, although there have been some high-profile cases. In September, Max Butler, known on the Internet as "Iceman," was indicted on charges of wire fraud and identity theft. Butler allegedly went "war driving" — searching for unprotected Wi-Fi networks — and stole user names and passwords that gave him access to several banks' networks, according to the U.S. Department of Justice.
Recent comments
They did provide solutions if you read all the way to the end...use…
l | Jan. 29, 2008 at 10:15 p.m.
Offer solutions to the problems not just write about it.
AdamC | Jan. 29, 2008 at 8:35 p.m.
