Today, security must be a key component of a media professional’s work. However, we often don’t think about where and what kind of information to use. Public network access points, for example, are a simple tool for accessing our personal data.
Below are a few ways of how cybercriminals can steal your personal data and what can be done to protect it.
MITM is a type of attack where a third party intercepts messages between two participants. The direct communication between a server and client is disrupted, and this communication includes another element. Uninvited attackers can then provide their own version of a website, including their personal messages, for display.
Anyone who uses public Wi-Fi is particularly vulnerable to MITM attacks. Because information is usually transmitted without encryption, not only an access point but also your data becomes public. You may as well just shout out your personal data loud. A hijacked router can quite easily pull out a lot of personal information – just by entering your mail, a hacker can get your logins/passwords, pictures, and personal messages, and much more.
The words things happen if you use online banking or send payments data through emails or messengers.
What can you do? Do not enter any data if you notice that a site may not be real. Even if you need it very much. The authenticity of the site is verified with SSL/TLS certificates, so take the authenticity notices seriously.
Public Wi-Fi networks may not use encryption, but web commerce companies such as PayPal, eBay, and Amazon use their own encryption technology. (In fact, almost all of the major sites where you need to enter a password use encryption). You can check this by looking at the link. If this is an address that starts with HTTPS (the additional “S” stands for “Secure”), then there is certain encryption on the site. Plugins like HTTPS Everywhere will force your browser to use encrypted data forwarding by default, if possible.
2. Fake WiFi
One type of MITM attack is the so-called “Evil Twin.” The technology intercepts your data during transmission but bypasses all security systems that can operate at a Wi-Fi access point. Victims can transmit all their personal information simply because they were tricked into connecting to a fake network.
Organizing a fake access point is quite simple and definitely worth the effort of a cybercriminal. You can use any device with Internet connectivity, including a smartphone, to set up an access point with the same name as the original. All transmitted information sent by a victim after connecting to a fake network will go through a hacker.
What can you do? Start doubting if you see two networks with the same name. If they belong to a store or cafe of the same name, talk to the staff. Similarly, notify management in case you notice a fake access point at work.
We always recommend using a private VPN network. It sets up encryption between an end user and a website so that potential intercepted information cannot be read without a decryption key.
This method allows a hacker to receive information through the air and then analyze it casually. It is an easy way, and it is not always illegal.
The device transmits data packets over an insecure network, and they can then be read with free software called Wireshark. Google it and you can even find some guides to use it. Why? Because it’s a handy tool for analyzing web traffic, including, paradoxically, finding cyber criminals and vulnerabilities that need to be patched up.
However, hackers can retrieve information and then scan it later for something they need, like passwords.
What can you do? Rely on strong encryption again, so I recommend a VPN. If you have doubts about that, make sure that websites require you to use SSL/TLS certificates (so always look for HTTPS).
Sidejacking is taking data from the wiretap and using it on the spot. Even worse, a hacker beats several levels of encryption.
Login data is usually sent over an encrypted network and compared to user profile data stored on the site. The site then responds with cookies that are sent to your device. But that data is not always encrypted – a hacker can intercept a session and access any personal profiles you have logged in to.
Although hackers cannot read your password in this type of attack, they will be able to download “malware” programs that will receive this information even from Skype. Moreover, hackers may have enough information to “steal your identity.” Just look at how much data you can pull out from Facebook alone! A free Digital Shadow app shows you all the information that can be found about you online.
Public access points are particularly vulnerable to this kind of hacking because, usually, a large percentage of users have unfinished sessions. An extension for the Firefox browser called “Firesheep” shows how easy it is to hack into a session, making Facebook and Twitter require access via HTTPS when logged in.
What can you do? Here we go again. HTTPS provides a good level of encryption, so if you really need to login to a website that requires personal information, use a secure connection. Similarly, a VPN should prevent this.
As an additional security measure, always exit an app when you leave an access point, or someone may continue to use your session. On Facebook, you can at least check where you are still logged in and log off remotely.
5. Shoulder surfing
This may seem obvious, but we often forget these simple security measures.
When using an ATM, you have to keep an eye on the people around you so that no one can peek at how you enter your PIN. This also applies to the use of public Wi-Fi. If one or more people are circling around you when you visit personal websites, be suspicious. Do not enter anything personal, e.g. passwords. This is a very simple scam, but it still works.
A peeper doesn’t even need to stand behind you – just watching what you’re dialing can give the criminal something to work with.
What can you do? Be vigilant. Know who is next to you. Sometimes a little paranoia can be useful. If you’re not sure who’s around, don’t go to any personal websites.
Don’t underestimate the importance of what you fill out or read: for those who steal personal information, things like medical information may be quite useful. If there is a document or web page that you do not want anyone to see, make sure it does not happen.
Another option is to purchase a screen protector that limits the number of people who can see what is on your screen or to do so themselves.
The main problem of public Wi-Fi networks is the lack of encryption. VPNs encrypt your personal data in such a way that it is impossible to read it without a correct decryption key (at least in most cases). If you often use public networks, it is essential to use a VPN. Fortunately, you can use many VPNs, most of which are completely free. Think about it and have a safe life.