This week we are bringing you stories that ask the question: “Just how vulnerable are you in today’s digital world.” The reality is more than you probably think.
This is a look at what you might be giving away when you simply tap into public Wi-Fi.
Public Wi-Fi is readily available these days. It could be at a local coffee shop, your workplace much like this. Everyone just trying to save their own data, right?
Jerry Irvine is the CIO with Chicago based Prescient Solutions, an IT company. He calls himself a geek and a white hat hacker and roote out weak spots in his clients’ networks.
We invited Irvine to WGN. Gave him an office and asked him to get to work to see what he could learn about our building’s Wi-Fi and what’s moving throughout it.
We have over 500 employees traveling in and out of our doors nearly 24 hours a day. This well-intended hacker wanted to create “a man in the middle attack” to truly understand the workings of our Wi-Fi.
” ’A man in the middle attack’ using a tool allows me to connect to your network and inject myself in front of your wireless access point,” Irvine said.
Irvine’s tools include a “Wi-Fi pineapple” that plugs in and listens, a LAN Turtle that logs every one of your keystrokes and a tool that picks up Bluetooth traffic with the help of an application called Cain and Abel. All of it helps put Irvine in the middle of the digital work taking place at WGN on an average day. And with the right tools and know how, he could do it anywhere.
“I’m going to a coffee shop and I want to capture everything in there, I can sit down, put this in, capture it all, drink my coffee, nobody even look at me. And when I walk out the door I have everything in my computer,” Irvine said.
A couple of hours later, Irvine had results.
“I can see 47 different wireless access points from right here,” he said.
Irvine expected more like a dozen. But he was picking up Wi-Fi from all over the neighborhood, including nearby private homes.
47 access points and 25 machines running on one of WGN’s wireless guest networks. He also found no file servers and no financials. He found web watchers on YouTube and someone shopping online – an invasion of their privacy at the very least. But Irvine is only taking the first step of discovery when it comes to hacking.
Doing the least he could without breaking any laws, Irvine even came up with two of WGN employees emails and their allegedly protected passwords. He calls that kind of information the keys to the castle.
“I can look at their email, but I can send email as them, as well.”
Irvine says the biggest threat out there today when it comes to wifi attacks is “enterprise business email compromise,” otherwise known as phony phishing scams.
“Today, phishing scams are an art. It’s no longer people just making the typos and everything,” Irvine said.
Irvine said to protect your digital privacy he recommends you don’t use public wifi. Use your phone and tether to your phone or use a personal hot spot.