Do You Use Free Wi-Fi Networks? You Could be Leaking Data

iStock_000014218954XSmallEven though I have a smartphone, I sometimes prefer to use my laptop for internet browsing whilst I’m out and about. This means that sometimes I need to scan for free wireless networks which I can connect up to so I can get on with my browsing. But how dangerous can this be?

Let me tell you a short story of a guy named Jim:

It had been a gruelling morning of work and Jim just wanted to sit down in town with a nice coffee whilst having a quick browse on Facebook and finishing off some work on his laptop. He found a nice coffee shop, which had a sign for Free Wi-Fi and thought ‘Perfect!’

Jim got his coffee and dropped himself into one of the sofas, and started scanning for the free Wi-Fi. There were a few results, but he saw ‘COFFEE SHOP WIFI’ which didn’t require a password – so he connected up to that one.

After a good browse on Facebook and finishing off a report for work, Jim remembered that it was payday so he quickly logged into his online banking account to see if his salary had come through. After moving some money between accounts, he finished the last bit of his coffee and was out the door.

Later on that day, Jim went to buy some Chinese take-away but surprisingly his card was declined. He hopped across the street to use the ATM and my bank account said £0.

Jim’s heart literally stopped beating, as he cried ‘Where’s my money?!’

Before panic really kicked in Jim’s phone rang.  It was Jim’s boss who asked him to get to the office immediately. It was something to do with a data breach – all Jim could think of was ‘What’s that got to do with me?’

——

Did you spot Jim’s mistake? The Wi-Fi network he connected to at the coffee shop didn’t actually belong to the coffee shop, it belonged to someone else in the coffee shop. By giving the network an obvious name, a hacker was able to trick people into joining the network without needing to say a word. This fake network enabled the hacker to log keystrokes, watch the users screen and access any files.

This meant that the hacker was able to see the credentials for Jim’s bank account, as well as access his employer’s documents.

Although Jim had the correct privileges to take his work home (on his company laptop) the organisation had failed to install encryption software as well as train Jim on basic information security.

Before Jim had even got home that evening, the hacker had already sold the documents online to the highest bidder. Considering the popularity of the organisation this data breach was quickly picked up on by the media.

The hacker then went on to remove all the money from Jim’s bank account, which he was able to do as he had information on Jim’s account.

The computer knowledge required to replicate this attack is actually very minimal, in fact anyone could do it. It’s for this reason that you should always be aware of which networks you use, because everyone around you could be a potential suspect.

If in doubt, log out.