[h1]Don't fall victim to the 'Free Wi-Fi' scam[/h1] [div class="storyby"]Preston Gralla
[/div]January 19, 2007 (Computerworld) The next time you're at an airport looking for a wireless hot spot, and you see one called "Free Wi-Fi" or a similar name, beware -- you may end up being victimized by the latest hot-spot scam hitting airports across the country. [/p]You could end up being the target of a "man in the middle" attack, in which a hacker is able to steal the information you send over the Internet, including usernames and passwords. And you could also have your files and identity stolen, end up with a spyware-infested PC and have your PC turned into a spam-spewing zombie. The attack could even leave your laptop open to hackers every time you turn it on, by allowing anyone to connect to it without your knowledge.[/p] If you're a Windows Vista user, you're especially susceptible to this attack because of the difficulty in identifying it when using Vista. In this article, you'll learn how the attack works and how to keep yourself safe from it if you use Windows XP or Vista.[/p]
How the attack works[/p] First, let's take a look at how the attack works. You go to an airport or other hot spot and fire up your PC, hoping to find a free hot spot. You see one that calls itself "Free Wi-Fi" or a similar name. You connect. Bingo -- you've been had![/p] The problem is that it's not really a hot spot. Instead, it's an ad hoc, peer-to-peer network, possibly set up as a trap by someone with a laptop nearby. You can use the Internet, because the attacker has set up his PC to let you browse the Internet via his connection. But because you're using his connection, all your traffic goes through his PC, so he can see everything you do online, including all the usernames and passwords you enter for financial and other Web sites.[/p]In addition, because you've directly connected to the attack PC on a peer-to-peer basis, if you've set up your PC to allow file sharing, the attacker can have complete run of your PC, stealing files and data and planting malware on it.[/p] You can't actually see any of this happening, so you'd be none the wiser. The hacker steals what he wants to or plants malware, such as zombie software, then leaves, and you have no way of tracking him down.[/p] All that is bad enough, but it might not be the end of the attack. Depending on how you've connected to that ad hoc network, the next time you turn on your PC, it may automatically broadcast the new "Free Wi-Fi" network ID to the world, and anyone nearby can connect to it in ad hoc peer-to-peer mode without your knowledge -- and can do damage if you've allowed file sharing.[/p]
There are other steps you can take to keep yourself safe, including turning off file sharing and running your company's VPN when at a hot spot. You can also pay to use a VPN such as [a target="NEW" href="vny!://www.hotspotvpn.com/"]HotSpotVPN[/a]. For details and many other tips for keeping yourself safe, see [a href="vny!://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007142"]"How to protect yourself at wireless hot spots"[/a].[/p] In addition, [a target="NEW" href="vny!://www.authentium.com/"]Authentium[/a] is working with financial institutions to create a product called VirtualATM, which will help protect you when you connect to a financial institution. It's expected to be released later this year.[/p] Preston Gralla is a contributing editor for Computerworld.com, and the author of more than 35 books, including How the Internet Works.[/p]