S1E5 - Public Wi-Fi - Your Data Is My Data Too
The internet has been around since the 1960s. Originally the United States government commissioned for a system to be built that would connect computers in a network that would essentially create a communication system that could get information from one to the other quickly and without fault.
Through the 1980’s a lot of private funding as well as some public funding was used to financially support research into making this network of computers better and faster mainly for military use but by the 90’s the idea to make this network available to more people begin to spread like wild fire.
Companies all over the world began investing in making this network more commercially available.
Most of us can’t picture a world where we can’t unlock our phone and google that ridiculous question that’s been popping in and out of our mind all day and then getting an answer immediately.
Initially the internet was only accessible to large companies and through a physical connection between your computer and the rest of the computers on the network. I’m sure a lot of you remember having to sit by your desktop computer listening to that dial tone for 5 or so minutes, then having to choose between either using the internet or being able to accept phone calls on the one landline in the house.
One of the best things that has happened to the growth of businesses, accessibility of knowledge and the ability to reach anyone in the world at a moments notice is the wide spread use of the internet and public Wi-Fi networks.
Wi-Fi technology uses radio waves to provide access to a wireless network of computers that connects every other computer or phone across the world.
Today most business offer access to their own public Wi-Fi some use passwords to offer a bit of protection to the customers who need the access, but most don’t.
A lot of us don’t even think twice about using any and every public network that our phones or laptops can connect to while traveling or grabbing a cup of coffee at the café down the street from our homes. But we should.
Just as easily as we can connect to these networks, so can others who have the intention of using the information you access to do quite a bit of damage to both the company offering the service, and the individual using the public services.
Public Wi-Fi seems harmless, and we use it as if its harmless but understanding how this system works from the moment you click connect to the second you receive that stream of twitter notifications, can begin to show us just where the issues are lurking.
When you enter a coffee shop, open your laptop and click that little network symbol, a list of available networks will pop up. Some may be protected by a password, which we usually ignore either because we get anxious at the thought of tracking down an employee and having to ask them for the credentials to sign into their network or because we just don’t want the added hassle and want to get online as soon as possible.
The default settings on most networks are severely lacking in the layers of protection available. Most business owners don’t have a background in networks, nor do they need it to set one up. We all just follow the default step by step guides provided by internet service providers to get online quick and easy.
Often if we need something online, we take the easiest road. We click on the strongest signal that won’t require us to do much more than click accept to some unread terms and conditions before getting online.
The terms and agreements of most public Wi-Fi are usually short, most carrying the same basic terms. They protect the company offering the service, list out the behaviors that shouldn’t happen on the service and let you know that although they don’t monitor what happens on the service, if the law asked them to provide information on what happens they could magically find it stored somewhere and hand it over all without ever letting you know. Yup the basics.
For example, at the Seattle Tacoma airport (also known as SeaTac) the terms of service begins by saying
“Use of the Wi-Fi System is free; however, some internet sites may charge you for use. The Intranet website portion of the Wi-Fi System contains certain limited informational and entertainment content provided by the Port or third parties that have licensed content to the Port. The Port may provide links on the intranet Web site to other Web sites that are not under our control.”
“You acknowledge and agree that if you access the Internet you may receive or be exposed to content, goods or services which you may consider to be improper, inaccurate, misleading, defamatory, obscene or otherwise offensive.”
Additionally, “USE OF THE WIFI SYSTEM IS AT YOUR OWN RISK. INFORMATION YOU SEND OVER THE INTERNET USING THE WIFI SYSTEM MAY BE ACQUIRED BY THIRD PARTIES.”
Once you click accept, your computer or phone joins every other connected electronic in the radius of that network. When companies or businesses set up public Wi-Fi, most of them do not take the time to add in added protections for those using the service. Its free, its public and it’s not made to be used for important things. While this may be found in the terms of service agreement, you won’t find that notice posted anywhere else to remind you.
The default settings companies typically use to setup their Wi-Fi also makes it extremely easy for hackers to get into the network and begin collecting as much data as they need.
For those who do want to keep a few things private, or safe, we make sure that we follow the basic rules of public internet.
We don’t access our bank accounts, and we don’t go to any websites that need us to type in our passwords. While those two actions do add another level of security, its not enough.
Hackers also know this and have created ways to use the websites that you visit, or the information you have decided isn’t extremely private to figure out the things that you do want to protect.
One way of doing this is by using a man in the middle attack, sometimes this is the use of third parties that assist in the process of transmitting the information you have on your phone or computer out into the network to the person or website you intend to send it to. Other times it’s the use of fake Wi-Fi networks that have similar names to more reputable networks. Example instead of “Wi-Fi hotspot”, they may name it “ATT FREE WIFI”. IF you are any where close to an AT&T store or are a member of the company you may believe that it is a reputable hotspot. When really, it’s the person two seats away from you in the mall food court waiting for someone to connect.
Each time you send information to another person or business, that data is broken down into smaller packets, then transmitted through a chain of devices connected on that network until it gets to its destination.
Since well protected Wi-Fi networks and devices are more difficult to get into, hackers target easy to hack devices, such as ones connected to loosely protected networks (example public Wi-Fi with no password, or devices not using VPNs) to get access as an intermediary step along this chain of devices. This allows them to then make their way through the transmitting process and hack into bits of the packets as they travel along the chain. This is also called snooping or sniffing packets and shows your data, things like your username and password without any encryption directly to the hacker. The software and step by step guide are both easy to follow and use.
After doing a quick google search, I was able to find a blog that showed me step by step instructions on how to set up a man in the middle attack on unsuspecting individuals that could take less than 3 hours and a small investment into equipment that would run me about $35. The information on how to collect data at places that offer free Wi-Fi is widely accessible, free and super easy to follow.
IF you want to see just how simple it is, the blog will be linked in the references section of the show notes on my website.
Quick disclaimer **This isn’t me encouraging this, we should all just know how its done so we can be more informed when using public Wi-Fi.**
Once hackers have access to your device, they can then trick you by leading you to fake versions of the websites you visit, or place links that install backdoors into your device so that they can find your device at a future date on any network you connect to. This also allows them access into your device while its on a network that is better protected, meaning that your device can help them get access once you go home and connect your own private network at home.
The consequences of this are significant. Once you are home and are on a network you “trust” you lower your guard and begin to transmit the important information you typically don’t access on public Wi-Fi. You type in your online banking information, you file your taxes online on TurboTax, or even send private emails to your friends and family.
The hacker now has access to your financial records and your private interactions which can all be used to not only steal your identity, but also can be sold on the dark web as a means for income for that individual.
According to an article on CNBC from 2016 “About 2 in 5 Americans have either been an identity theft victim or know someone who has,”
Once your information is sold on the dark web, individuals can begin buying anything, opening credit cards in your name or even using your social security number to find legal work under your name.
They could buy vehicles, homes, or establish loans under your name all with out you ever knowing.
While the internet has become more accessible, a large part of the American population doesn’t use it to check their credit scores, meaning that years could pass without them noticing fraudulent activity under their accounts.
This is concerning because individuals may not notice until its too late to do anything about the fraudulent activity. And the hacker that stole it is usually trying to work as fast as they can to either sell your information to another party, or to rack up as many charges and get as many credit lines in your name as possible.
Proving that your identity has been stolen can prove to be extremely difficult and does end up being a long process.
However, there are a few ways that you can begin to get back control over your information once you know it was stolen.
To prevent your information from being stolen, you can:
1. Make sure that you use a trusted VPN (a virtual Private Network) any time you use public Wi-Fi. A VPN essentially anonymizes your information and identity by tunneling your IP address between many servers and between other members on the network. Making it look like an individual is somewhere they aren’t or encrypting your information so that no one else can see what websites or information you were accessing. When you are searching for a VPN service there are a few things that you should look for to judge their ability to protect you. They should be able to tell you exactly how and what information they store about you. A good service will only keep the basic information like an email address. They will also be based in a location that is governed by laws that are aimed at protecting individual’s privacy. They should also explain to you how other see the information you are accessing on the internet and how your payments are processed. A good service will be able to mask the websites you visit, your identity, your location, your preferences etc.
2. They should also have a clear and easy to digest terms of service agreement that makes it clear exactly what they can and can’t do as well as how you can delete your account and an easily accessible customer support line.
3. Remember, any company that is offering you their service for free, is most likely selling your information to be able to make that offer in the first place. Free service means you are the product. A good service provider should put your privacy and data above their profit. Its better to pay for a VPN than it is to get a free one and have your information sold to advertisers.
Now if your identity has been stolen and you don’t know when it happened or how, there are a few things you must do immediately.
1. You need to immediately scan your computer for any viruses or malware that could be collecting your data. Then clean out every bit of it. IF you don’t know how to do this, there are plenty of companies who can do this for you. You can start with the company that made your computer or phone. Simply contact them and follow through.
2. Once you clean out any malware, change all your passwords, disconnect any devices that are currently connected to your social media accounts, email addresses or online banking accounts. Most websites have a section that shows you which devices have access and you can revoke those permissions for all the devices listed.
3. Check your credit score through a trusted provider and freeze any new accounts from being opened under your name. You can directly contact Experian, Equifax and TransUnion for your full credit report and to freeze access to your credit report. Then contact your banking provider and let them know what is going on. IF any fraudulent charges have occurred on your account you can cancel any cards you may have and get new ones. You should also enroll in an alert system (offered) by most banks that lets you know when ever weird activity occurs.
4. Once you have all of this done, you can directly contact the federal trade commission and file a identity theft report.
5. Yes, you should also contact your local police department. The more of a paper trail you have, the more proof you will have if it does come down to any legal action against your banking or large companies that may have left you vulnerable to identity theft.
6. While that credit freeze may be the last thing you want to do, it could be the difference between bankruptcy and financial freedom living a normal life again.
As access to the internet and public Wi-Fi increases, I expect that there will be a similar increase in cases of identity theft. As a result, there will be a growing need for reputable information that continues to evolve as the network becomes more complex and hopefully, individuals will begin to take steps towards safeguarding their information and privacy.
Remember to always shred any personal information, get a VPN at the very least for when you’re using public Wi-Fi, and to change your passwords often and religiously.
That’s all I have for you, thank you so much for joining me this week. I hope that you found this interesting and informative.
As always, if you have a creepy story or audio clip that you would like to share with me or your fellow listeners, you can send it over to WYN@Lshompole.com and your story will be featured on our upcoming episodes.
You can find Creepy Tech on Instagram @Tech_Creepy or Twitter @TechCreepy. You can also find me Lydia Shompole and the show notes with the links at Lshompole.com