LIVE VIDEO: 9NEWS Live at 11:00    Watch
 

9WTK: Hackers behind some 'free Wi-Fi' hotspots

10:06 PM, May 9, 2013   |    comments
  • Share
  • Print
  • - A A A +

DENVER-That free coffee shop or airport Wi-Fi signal you normally trust could be an evil twin, created by a hacker to steal your identity and other private information.

"It's not the hotspot that's free...it's your data that's free," John Sileo, an identity theft expert told 9Wants to Know.

Amid an increase in the number of businesses offering free Wi-Fi and the number of tablets in the hands of consumers, 9Wants to Know showed how hackers can sniff out your data and rummage through your hard drive while you're online.

"75 percent of the computers that authenticate to that Wi-Fi are vulnerable to this type of assessment or scam," said Tyler Tobin, a professional hacker who gets paid to test banking computer systems.

This scam is common at airports. Twenty suspicious Wi-Fi networks were discovered during a sweep at Chicago's O'Hare Airport, according to the Better Business Bureau.

The Colorado Attorney General's Office is aware of the scam and says victims may not even know they've been targeted until they see strange charges on their accounts or their bank accounts cleaned out.

How it's done

Using a Wi-Fi hotspot device, like an iPhone or MIFI equipment, a hacker can create their own Wi-Fi hotspot and disguise them under the names of businesses and airports you normally recognize.

Connecting to their bogus network is like handing your computer straight to the cyber thief. If your security settings are vulnerable, the hacker can easily sniff out your passwords, credit card data and other sensitive information you may keep on your hard drive.

Some hackers don't even have to set up their own networks. They can infiltrate weaknesses in legit Free Wi-Fi networks. "Don't check your bank. Don't check your email. Hackers can be on those networks as well and they can be sniffing the traffic," Tobin said.

"That's a man-in-the-middle attack. They can watch what goes across that Wi-Fi, connection. Emails, bank logins. Whatever it might be," Sileo said.

"Folks [Hackers] move very quickly," said Chief Deputy Attorney General Cynthia Coffman. "They may only have their site open for 20 or 30 minutes. They collect information. They disconnect and they're gone."

At 9NEWS Tobin and Sileo were able to simulate how a hacker can be on the same Wi-Fi network and download confidential and financial information from a 9NEWS laptop.

A "confidential" folder was created on a 9NEWS computer desktop containing tax forms. Tobin was able to demonstrate how the folder was accessible on his laptop and how he was easily able to see and download the tax forms on his computer.

What is also alarming is that Tobin used software that is free for download and often shared among hackers themselves. "

"Very, easy. It's point and click," Tobin said.

An Experiment

9Wants to Know created its own "FREE Wi-Fi" hotspot and visited several areas around Denver to see how many people would connect to the network without second guessing its security or purpose.

Within minutes of turning on the network, 9Wants to Know was able to see numerous people connect to the "FREE Wi-Fi" network along the 16th Street Mall downtown and the Auraria Campus.

At Denver International Airport, about a dozen people connected to the network within a matter of a couple of minutes.

9Wants to Know was able to talk to some of the people who connected to the network. One woman said she didn't have any concerns about connecting. 

"It just said 'Free Wi-Fi," she said.

A spokesperson for DIA says there haven't been any bogus or suspicious Wi-Fi spots discovered at their location. DIA uses the Boingo Wi-Fi service for public use.

How to protect your data

Many computer and data security experts say you should avoid public Wi-Fi all together. But if you need to check something on the internet, you can follow these suggestions to keep your risk to a minimum. Here are 9 suggestions and tips to help you out. You can also read more about FREE Wi-Fi tips from John Sileo.

  1. Use a VPN (Virtual Private Network) connection. Check with your work or school to see if it offers this connection. Turning on a VPN connection on a public Wi-Fi network is like creating a secure digital tunnel your data can travel through that is out of reach of hackers. Data is encrypted. Some companies will provide you with a VPN client, which is software on your computer. 
  2. Use encrypted browsing. When connecting to websites, see if there is an "s" after "http" in the your browser. It should look like "https://" This insures the data you're sending and receiving from this website is encrypted on a Wi-Fi network. Watch out while using websites that don't use this type of browsing. 
  3. Turn off sharing! Many laptops have "sharing" enabled on some of their hard drives and printers. This allows someone using the same network as you to open up whatever you have "shared." To find out how to turn off sharing, you can usually find the answer in the help section of your computer software. Right-clicking on your hard drive and folder icons can also open up the properties section in Windows so you can disable sharing. 
  4. Set up firewalls on your computer or device. Firewalls can be set up using software that will filter data. Firewalls can be set to stop connections to certain websites while on a public Wi-Fi network.
  5. Don't do any banking or shopping on public networks. Even if you're using an encrypted connection, it's best to avoid plugging in credit card numbers while using pubic Wi-Fi. Thieves have been known to watch people type in their credit card numbers on keyboards. 
  6. Don't automatically connect to Wi-Fi networks. Some devices and computers have a setting that allow you to "remember" Wi-Fi network so you don't have to repeatedly click on it to connect. Leaving this function on can cause your computer to connect to the network without your knowledge. 
  7. Use reputable anti-virus software. Hackers can also install malware on your laptop if you're using their bogus Wi-Fi network. The malware can be used to log your keystrokes. 
  8. Question the Wi-Fi network. If you must use public Wi-Fi, ask the business behind it to make sure you're connecting to the legit network. Employees or management at a hotel or coffee shop should be able to recognize the network. 
  9. Change your passwords routinely and use multiple passwords. Hackers know people have a habit of using the same two or three passwords for their email, banking and social media accounts. Try not to use the same passwords and routinely change them to something complex. Avoid incorporating children's names or birthdays in your passwords. 

If you believe your identity has been stolen, you can get help through the Colorado Attorney General's Office.

Have a comment or tip for investigative reporter Jeremy Jojola? Call him at 303-871-1425 or e-mail him
jeremy.jojola@9news.com

(KUSA-TV © 2013 Multimedia Holdings Corporation)

Most Watched Videos