You're at the airport waiting for your flight. With time to kill, you're thinking of connecting your laptop to the airport's Wi-Fi to check your office e-mail...do some personal banking...or shop for a gift for your spouse.
But first, consider this: odds are there's a hacker nearby, with his own laptop, attempting to "eavesdrop" on your computer to obtain personal data that will provide access to your money or even to your company's sensitive information.
Here's something else to consider: there are 68,000 Wi-Fi "hot spots" in the U.S. (see the graphic below for the top Wi-Fi countries), at airports, coffee shops, hotels, bookstores, schools, and other locations where hundreds or thousands of people pass through every day. While many of these hot spots have secure networks, some do not, according to Supervisory Special Agent Donna Peterson of our Cyber Division. And connecting to an unsecure network can leave you vulnerable to attacks from hackers.
How do hackers grab your personal data out of thin air? Agent Peterson said one of the most common types of attack is this: a bogus but legitimate-looking Wi-Fi network with a strong signal is strategically set up in a known hot spot...and the hacker waits for nearby laptops to connect to it. At that point, your computer—and all your sensitive information, including user ID, passwords, credit card numbers, etc.—basically belongs to the hacker. The intruder can mine your computer for valuable data, direct you to phony webpages that look like ones you frequent, and record your every keystroke.
"Another thing to remember," said Agent Peterson, "is that the connection between your laptop and the attacker's laptop runs both ways: while he's taking info from you, you may be unknowingly downloading viruses, worms, and other malware from him."
Businesses that offer free or ad-hoc Wi-Fi often don't know their networks have been breached. Individual victims usually don't realize they've been targeted either until it's too late. That's why, according to Agent Peterson, there aren't reliable stats on the number of these breaches, although the FBI does periodically receive reports on them. It's also very tough to trace a hack that originates on an open, unsecure network.
Agent Peterson explained that the criminal aspect comes into play once data taken by the hacker is used to commit a crime. If the hacker, armed with your personal or corporate information or access codes, tries to break into a secured network—whether it's a case of intrusion, identity theft, bank fraud, theft of intellectual property, or any other type of crime—then law enforcement gets involved.
What can you do to protect yourself? Agent's Peterson's best advice is, don't connect to an unknown Wi-Fi network. But if you have to, there are some precautions you can take to decrease the threat:
Make sure your laptop security is up to date, with current versions of your operating system, web browser, firewalls, and antivirus and anti-spyware software.
Don't conduct financial transactions or use applications like e-mail and instant messaging.
Change the default setting on your laptop so you have to manually select the Wi-Fi network you're connecting to.
Turn off your laptop's Wi-Fi capabilities when you're not using them.
For more basic information on computer security, see the FBI's How to Protect Your Computer webpage.