I received an email yesterday from one of my correspondents and it was an innocuous message telling me to click on a link. A not-unusual suggestion for me because frequently I get tips from readers about fire/rescue news and events that I might like to post about. But this link led me to an advertisement for a sexually-explicit product and I knew right away that he didn’t generate that email himself. So I sent him a note telling him that somebody hacked his email address book and was using it.
Plenty of people already had told him about it and he was aware of it and attempting to cleanse his address book. He also told me that he thought he knew where he picked up the virus. Recently he and his girlfriend had spent a few days at a hotel in a vacation-spot and her laptop had picked up the same bug. So it was obvious where they probably got “hacked.”
This came just a couple of days after I read online about how hotels are havens for hackers who use evil means to not only plant bugs, but hack into credit card accounts. It only makes sense that hotels are popular gathering points for the privacy pirates, with their rapid turnover of financially stable customers. There are two parallel problems working here. One is the “free” WiFi connections that are available for the occupants, and the other is the hack attacks on the credit card registering systems. First I will mention the credit card theft that has become so widespread throughout the hotel industry. A recent story in the New York Times told us:
At hotels with inadequate data security, “the greatest amount of credit card information can be obtained using the most simplified methods,” said Anthony C. Roman, a private security investigator with extensive experience in the hotel industry.“It doesn’t require brilliance on the part of the hacker,” Mr. Roman said. “Most of the chronic security breaches in the hotel industry are the result of a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems.”
Last month, Destination Hotels and Resorts, a chain of luxury properties in the United States, notified customers that credit cards “may have been compromised.”
ABC News reported that Destination had been victimized by “an intense database attack that lasted over three months,” and quoted law enforcement authorities saying that losses, which totaled hundreds of thousands of dollars, averaged $2,000 to $3,000 on each of the estimated 700 credit card numbers stolen.
Some people have begun the practice of using a low-balance credit card for just such uses as hotels and other travel-related locations. That makes it easier to spot intrusions and lessens the likelihood of the thief expanding into other pools of your finances like bank accounts. Oftentimes the thief will use your credit card for a swarm of small amount purchases, such a iTunes downloads, that you might not even recognize unless you really watch your bills carefully. One very important point that security experts keep emphasizing is to NEVER use your bank debit card for this type of transaction. That just opens the door to your checking account and your entire bank balance can be plundered in a flash.
Read some related articles on this scam HERE, and HERE.
The other vulnerability that affects an even-greater number of people is the one that nailed my friend last week. That is the public WiFi connections that are showing up everywhere these days. Coffee shops and cafes, for example, that used to at least require you to use a random code number assigned to paying customers, are now offering their WiFi to anybody that drops by and sits down. All your professional hacker has to do is park his car just outside the shop, turn on his bogus Wifi network, and start fishing.
CBS News ran a report on Thursday on this topic where they hired a professional “ethical” hacker to demonstrate how the WiFi thief works.
Tim Pierson, an ethical hacker, told CBS News, “Information you’d send to and from your bank, information coming off of your credit card — any of those types of information you’d rather people not have, goes over wifi.” Security experts estimate hackers can easily take in $1,000 worth of data from just one hacked computer. Pierson said hackers can even access bank accounts and change the value of an account.
Pierson explained, “I can basically do anything you would do on your computer and the best part about it, from the perspective of the hacker is, you’re never going to know I’ve done it.”
“The Early Show” asked Pierson and a fellow ethical hacker — whose name was given only as Dino — to show how easy it is to follow someone’s every move online, using just a laptop and some hacking software.
When the hackers seen on “The Early Show” set up their own wifi access point at a Manhattan hotel, which they called “Best Free Public Wifi,” it wasn’t long before dozens of wireless devices tried to log on, including, as part of this demonstration, an “Early Show” producer using an iPhone. When someone is given access, the hacker can then communicate with your device and attack it using the network.
One precaution that is suggested is to download a free or low-cost program to your computer that is called a Virtual Private Network, or VPN. You can read the full story and watch the video report from CBS News HERE.
Well, you feel better now? Let’s get back to work and get the equipment checked out. I’m going to start some more coffee.
Also on FireGeezer…
- Morning Lineup – January 25 – January 25, 2011
Pingback: Morning Lineup – July 14 | Firegeezer