Anything you send via email over the Internet can be intercepted and viewed by anyone who has the technical capability and perseverance to access it. Anything you send via insecure wireless can be intercepted and read by anyone in the vicinity. Anything you send at home or at work can be intercepted and read by anyone at your home or work’s ISP.
Stranger Danger! How easy it is to snoop over unsecured networks?
There is an old saying: ‘An iron tongue makes a sharp head’. Throughout day-to-day life we monitor and filter what we think into something appropriate to say. For example, it would be dangerous and inappropriate to shout out a pin number at a cash machine or whilst paying for something in a shop. Doing so would make us immediately vulnerable and make that valuable data open to exploitation.
This street-wise behaviour is rarely transferred online however and there are a number of situations during day-to-day Internet activity where our data can be criminally monitored, stolen and exploited within a matter of seconds.
News reports debating the value of national security over personal privacy are increasing in number and prevalence. Much like in the U.S., the UK government is working on laws which may require ISPs to relinquish data to GCHQ – allowing the intelligence agency to intercept and monitor the calls, emails, texts and website visits of UK citizens. Beyond this, the illegal interception and theft of data is a real problem which needs to be tackled.
It is important for daily Internet users to understand the process behind data theft and how to secure valuable data such as passwords and vital bank account details.
Technology used to mine data has evolved beyond the use of key-loggers into more sophisticated wireless network analysis technology which can be acquired for free on the Internet.
Programs of this type scan and capture Wi-Fi signals, effectively recording 802.11 packets – small pieces of information transferred across a network. These pieces of information appear on screen within milliseconds of the data being sent from an unsecured PC or mobile device and if that data is unsecured at source, it will appear in a network monitoring program and can be exploited.
Similar programs can be downloaded onto mobile devices which achieve the same end, such as: Droidsheep or Deep Whois,
These are not sophisticated, in that they won’t allow access to login details. However they do scan for unsecured sessions and can provide access to live sessions of popular web based services; for example anything you search for on most search engines, purchases made and emails sent. The key is to understand where your personal information is at its most vulnerable.
- Unsecured wireless hotspots – usually found in coffee shops or out and about.
- Data transferred across a work network can be easily viewed by an administrator.
- Data transferred across your home or work network can be viewed by employees of that ISP.
How do you secure your data?
Essentially, it is about basic vigilance and gaining an understanding as to what to look for in terms of secured and un-secured networks.
- Each time you log into a website in a public space, ensure your session is encrypted. Check that your URL address begins with https not just http.
- Ensure as you browse that this security does not change. For example, many websites will take your login details via https but remove that security beyond that point. Many sites give you the option of encrypting the entire session; you can do this by enabling Secure Browsing.
- If you use POP3, SMTP or IMAP through an email client such as Outlook, Thunderbird or Mail – the general advice is to ensure your account is configured with an encryption. However this is only partly true. Configuring an account with an encryption will only secure the connection from mail client to mail server – we would stress the importance of encrypting the email itself given that the transfer of an email is carried out across the internet, without any security and in plain text.
- Browse using a VPN. (Virtual Private Network)
In addition, it is important to refrain from sending send personal information over an unsecured public network. For example the use of online banking services, social media login details and web-based email services should be avoided unless through https; it is better to save this kind of browsing until you are on a secured connection.