Hacking is so easy these days, even non-hackers can do it. Some kinds of hacking, that is. Like public wifi, for example. To spy on people’s Internet browsing while they’re sipping a cup of brew, you don’t need to be a pro. Thanks to freely available online software, you barely need to know anything about coding.
Mellisa Michael from F-Secure says ‘’ I tell you this not to encourage you to start snooping around at coffee shops and airports. But so you’ll be better aware of the need to protect yourself against shady characters that do that sort of thing. Because the barrier to entry is not high.
In the same way that tools like Blogger and WordPress made it easy for anyone to have a good-looking blog without knowing a stitch of code, freely downloadable “sniffing” software has made it easy for anyone to be able to hack into someone’s wifi session and see what they’re surfing.These software tools are actually meant for IT administrators to troubleshoot network problems. But like everything, they can be used for good or for evil.
Unsuspecting surfing
Let’s say you’re grabbing lunch at your favorite café, waiting for your order to arrive. You pull out your tablet and begin browsing some news sites over the cafe’s wifi to catch up on the latest headlines. Unbeknownst to you, that guy in the corner is snooping on your traffic and can see everything you’re seeing.
You may not care that he now knows you’re interested in the media buzz around Donald Trump. But let’s say you decide to log in to a forum you belong to. Now the hacker has your username and password. With those credentials, he can try logging into some other accounts you might be re-using them on – Facebook, Gmail, etc.See, if the sites you’re surfing are not https-encrypted, the guy in the corner will be able to see everything you’re seeing. And the majority of sites still aren’t – out of the top 100 most popular sites, only 25 use encryption by default.
If you think you’re safe because the wifi you’re using is password-protected, think again. Anyone else with the password (and the right software) would be able to spy on your browsing.
Watch out for that hotspot
And it gets trickier. For a very small hardware investment, a snoop can set up his own rogue wifi hotspot that appears legitimate. If you use it, he can not only see what you’re seeing, he can also jump in and alter what you’re seeing. So you think you’re logging into Gmail, but you’re actually logging into his spoofed Gmail page – and now he has your credentials. This is known as a man-in-the-middle attack, and you can see some fun examples of it being done in this video where three politicians were hacked. This kind of attack is more complicated, but it can still be picked up pretty quickly in online tutorials.
But why would someone do this? It gives them a way to snag some sensitive info about you, which opens the door to plenty of opportunities for exploitation. And the end goal is usually, of course, money.
