NATO or not, protect your computers, phones from bad guys and freeloaders
ANDY IHNATKO firstname.lastname@example.org May 16, 2012 1:48PM
Updated: June 29, 2012 8:45AM
I’m not sure if the influx of a large number of protesters specifically means that homes, businesses, and mobile users in the area are at a greater risk of cyber attacks. But a crowd of people, whether they’re coming in for a political protest or a clam chowder cook-off, always means two things relating to wireless security:
1) More people will be trying to find and use open WiFi networks in that area.
So if you’ve set up your home or business WiFi so that total strangers can join the network without providing a password, or if it’s been secured with WEP encryption (which is practically the same thing) . . . expect some rough sledding. At minimum, you’re opening your network to the same risks as a public bathroom: ordinary, decent people who wish you no harm can create immense problems for you just by overwhelming your infrastructure. At worst? Jerks will enter your network to see what they can find. (On your computer’s settings page, you usually can pick WEP — Wired Equivalent Privacy — or WPA. WPA is the good one.)
Why do you have an open network, anyway? You should secure that sucker whether 20,000 people in Guy Fawkes masks are coming or not. If you don’t know how to do that, maybe you’d better just switch off your router until this whole thing blows over. In the meantime, make sure that your PCs have received the latest security updates. Particularly old Windows XP machines, which are the most vulnerable to attack.
2) People will be expecting to encounter more people who are looking for open WiFi networks. And a jerk who liked to intercept and exploit personal information via WiFi is drawn to that kind of environment like flies to that substance famous for drawing flies.
“Man in the middle” attacks have never been easier to pull off. Simple, easy-to-obtain hardware and software allow a notebook or even a pocket device to masquerade as the trusted open WiFi of your local library or coffee shop. Your phone or computer reconnects to it and logs you in to your mail or an online service without your even asking it to. Bang: the weasel suddenly has your online IDs and passwords. Another piece of software is scanning your ongoing traffic for other useful data.
And you should never, ever under any circumstances trust an unfamiliar network just because its name is something innocuous, like “Free City Wifi.”
Well, why are you sending data in clear text over open networks, anyway? You should never ever do that. You should be using a VPN service like WiTopia.net. Your data is still being transmitted over an open WiFi, but it’s encrypted both ways. WiTopia works on PCs, Macs, and most handheld devices.
How about cellular data networks? Those are (cautious intake of breath) generally thought of as safe, in that intercepting cellular traffic is several orders of magnitude more complicated. All the same, it’s possible for an enterprising criminal to operate an antenna that masquerades as a digital cell tower. Another vote in favor of installing WiTopia.
It’s also a good time to remind yourself of all of the services on your device that allow incoming connections. Inside your office, it’s probably OK that your PC is configured for file sharing, photo library sharing, and remote access. In public? Not so much. Ditto for that feature that turns your phone into a mobile WiFi hotspot. Again, if your phone broadcasts “I’m a free connection to the Internet!” the crowd will roar with approval and hammer it into atoms.
You don’t need a political protest or a national sporting event or even a weekend house guest to do any of these things. Any computer or phone is loaded with cloud features that make them more useful. But most of these features make them vulnerable to Bad People and Good-Hearted Incompetents. Your computers need protection from both.