KUALA LUMPUR: If you are surfing the Internet on a public Wi-Fi, always assume someone is watching you out there.
Better yet, do not connect to any public Wi-Fi at all, said LE Global Services (LGMS) executive director Fong Choong Fook, whose private cybersecurity firm employs hackers to test the network security of the country’s major banks.
“I would never use a public Wi-Fi,” he said.
“Even an IT person may not be able to tell if the access point he is connected to is safe or if the activities are being watched.
“There may be signs like your Internet is slowing down but hackers can make it so elegant that you won’t even notice,” he said in an interview.
Malaysia’s national cybersecurity agency CyberSecurity Malaysia (CSM) said hackers could position themselves between a person’s device and the Wi-Fi router and are able to record sensitive data that the surfer is keying into his device.
Hackers can also “create” their own Wi-Fi and trick people into thinking they are connected to a credible public access point like the one from a restaurant, airport or office – when in actual fact these devices are connected to the criminals’ hardware.
Thus, they would be able to remotely watch everything a person is sending out on the Wi-Fi like passwords, e-mails or credit card information.
As frightening as these attacks may sound, Fong said this had been going as early as the 1990s.
Demonstrating to The Star how a hacker could steal information, LGMS set up an “evil twin” Wi-Fi using a laptop and named it after a famous franchise restaurant just below its office in Puchong, Selangor.
Fong connected two devices to this Wi-Fi and proceeded to log into social media, e-mail and Government websites.
Within seconds of logging in, the hacker’s computer began recording the activities in both devices in the experiment – recording every e-mail address, username and password that was keyed in.
Though the demonstration was only meant for the devices in the controlled environment of the LGMS office, three other users got connected to the dummy Wi-Fi, thinking they were linked to the franchise restaurant’s Internet, during the experiment.
“Hackers can target one specific person or they can target everyone in a cafe to get their devices to send all their data through their dummy Wi-Fi
“When they have your information, they can steal your identity. They can pose as you on Facebook, or send out e-mails to your contacts under your account,” he said.
Fong advised users to avoid connecting to public Wi-Fi or to only limit their browsing to Internet searches if they must connect to one.
The firm also suggested users to subscribe to VPN (virtual private network) technologies to secure their traffic.
VPN encrypts data on devices, making it hard for hackers to spy on the user’s online activities. Most VPNs are available on a subscription basis, much like an anti-virus programme.
So far this year, CSM has recorded eight instances where private Wi-Fi networks were hacked and 1,462 cases of online intrusions have been reported, which is nearly double the number of incidents compared to the same period in 2015.
It advised users to keep their Internet browsers up to date and to disable the feature which automatically saves password in the cache –as it makes it easier for criminals to steal.
by Nicholas Cheng The Star/Asia News Network
82% of travellers would use public Wi-Fi
KUALA LUMPUR: You are on a holiday in a foreign country. Naturally, you want to upload pictures to your Facebook or send messages to your friends back home or trawl the Internet for places to visit.
Chances are there is no Internet data connection where you are and you would search for whatever free Wi-Fi there is at the airport, hotel or cafe to stay connected.
An estimated 82% of travellers would choose to connect with unsecured public Wi-Fi, a practice which could up risks of cyberattacks, said Kaspersky Lab.
The cybersecurity company surveyed 11,850 people worldwide and found that people on holiday would be carefree when it comes to their personal data protection.
The study found that 42% of travellers said they were less likely to care about the credibility of the Wi-Fi when they were on holiday compared to on business travels.
A third (33%) admitted to visiting websites of sensitive nature using foreign Wi-Fi, while almost half of the respondents conducted online banking (48%), shopped online (46%) and made private calls (35%) when they were abroad.
In a separate study, it found that at least 22% of travellers who conducted transactions online had experienced money loss while 8% had had a credit card compromised while in a foreign country.
Most of the time, victims do not even know they are being watched.
CSM advised users to keep an eye on their devices’ firewall alerts. Any trigger may indicate that a third party may be trying to access their devices illegally.
A report by MasterCard estimates that 10.9 million Malaysians travelled for overseas holidays in 2014, with the numbers expecting to hit 15.2 million by 2020.
The Kaspersky study also found that people were more likely to throw caution to the wind while on holiday with respondents saying they were 18% more likely to let strangers handle their smartphones to take pictures, 28% more likely to leave their devices unsupervised, 18% more likely to contact strangers online and 6% more likely to engage in “sexting”.