We have finally moved into the age of encryption! Yea! This means that we don’t have passwords and really sensitive data flying all over the networks, right? WRONG! You could be more vulnerable than you realize. We went out on a research trip in Sweden, to analyze the possibilities an attacker would have, to gain access to different companies. The results were, unfortunately, what we were expecting…
How many times have you traveled for work? How often do you take public transportation? Trains buses? Do you frequently work in the airport, restaurants, coffee shops or when waiting for the train?
It is far too common to find people working in these locations on their company computers, getting a little bit more work done, watching a movie, snapping... How many of them do you think are actually working in a secure manor? Are they exposing themselves at all by this? Are they aware what is going on around them?
If we were hackers, the bad ones that is, these are the first places we would hang out! Why is that, you ask? Well, you have open public networks in all of these locations. And you also have lots of people connecting and working. One nifty thing about computers (especially if they are connected to a domain) is that they become very chatty. They love to talk with each other, ask for things, give things. And, no one would question just another person sitting on their computer. It’s the perfect place to blend in for someone like a hacker.
Also read: We know your password!
But, don’t worry, you probably will not have someone actively hacking into your machine while you are sitting there doing your work. That’s not what is happening here. It’s actually quite the opposite. All we need to do is follow the advice of Ram Dass and listen…
“The quieter you become, the more you can hear.”
If you knew the amount and type of information you can get just from listening to computers on a network, it might take you a step closer to the level of paranoia that we have! Almost… Nothing wrong with a healthy dose of paranoia.
If a nefarious individual is looking for a new target, public wifi networks would be the first stop to find one.
In this up and coming series of posts we will take you on a train journey through the beautiful countryside in Sweden. We have found a few routes that are heavily traveled by business travelers, as well as a route where some higher-ups might be targeted. This combined with a lazy approach to hacking makes for some interesting findings, some fun, and some that are pretty scary.
But it doesn’t have to be all that bad in the future. There are ways to prevent the issues we will demonstrate for you. So that you can be aware of what is going on around you, on the network, and on the internet to protect yourself accordingly.
Part II is coming soon! And in it we will discuss what we found, and how easy it actually was. We will also be discussing the further ramifications that the information can cause and why you should be concerned. As with most things, education is the best tool for the job.
See you soon…
This article is a part of a summary on what we found and how to improve in your organization’s security as well as the awareness of employees.
Read the whole report here: