This is the third instalment in our series on methods one can employ in order to protect themselves online when surfing the web. We have already touched on key aspects of how browsing online could leave you susceptible to hackers. These included accessing your IP address to infecting your browser.
One of the most dangerous and easiest ways for a hacker to gain sensitive information from you is over an insecure network or public Wi-Fi. These seem innocent enough. You go to a local coffee shop and attempt to log into the Wi-Fi network. However, there are hack attacks that an individual can use in order to grab all of your sensitive information. We will go over these attacks and how you can defend yourself from them.
Man-in-the-Middle
With a Man-in-the-Middle attack, a hacker is able to intercept your communication. Your information is not sent directly from your PC to the server but is in fact being viewed by a hacker sitting between your connections. Then, instead of you visiting the site that you think is correct, the is rather linking you to a malicious one that is attempting to harvest your information.
This is possible because the connection that you have established is not a secure one. This is also particularly scary if you are doing any online banking or accessing your PayPal account or binary option accounts.
In order to protect yourself from this type of attack, you need to make certain that you are connected to an SSL secure site. This can usually be established by taking a look at the small lock next to the URL. If you have this it means that you are securely connected to that site. Similarly, if the site has a proper SSL certificate then it will have https with an additional "S" which implies that it is "Secure".
Packet Sniffing
When a hacker is "Sniffing" your packets, it enables him to monitor the information that is being released in the air by your wireless card. This is not a very complicated method and there are a number of programs that allow the hacker to do this.
Even more disconcerting about this is the fact that packet sniffing is not technically illegal. This means that people can collect your data over the airwaves and store it for later analysis. They can then also use data analysis to extract your password and user data.
As with the Man-in-the-middle attacks, you can avoid this by making certain that you have a secure SSL connection to the server. You could also use a VPN or Virtual Private Network. This encrypts all of your web traffic and routes it through a proxy server.
Session Hijacking
Session Hijacking involves the hacker gaining access to your stolen cookies. In a similar fashion to packet sniffing, the hacker intercepts airborne packets. However, in this case the hacker uses the information in real time to steal your cookies.
These cookies are sent by the site that you are visiting and are often not encrypted. They contain information you use to log into that website. When the hacker has access to your cookie, they are able to pose as you and log into the site. Although the hacker may not be able to read information from this cookie like usernames and passwords, he can still gain personal information from social accounts etc.
Hackers target public hotposts for this because of the amount of people who have live sessions on their browsers with these sites.
In order to avoid this, you can use a number of the protection mechanisms that we have outlined above such as secure https connection or a VPN.
Bogus WiFi Hotspots
If a hacker did not want to combat any security measures of a public Wi-Fi, then he could simply set up a Wi-Fi hotspot that impersonates the actual one. This is quite easy these days as a number of devices can serve as an access point for connection. These include mobile phones and other data devices. Once you connect to the fake router, all of your information is being sent directly to the hacker.
In order to avoid this type of attack, the most important key is to be suspicious of unknown Wi-Fi networks. Don't just join a network unless you are certain that is the correct one. Using a VPN can also greatly secure your information should you connect to a fake Wi-Fi network. Due to the fact that the data is encrypted, even if a hacker is able to gather your data, it is without use unless he is able to decrypt it.
Conclusion
Public WiFi connections are all around us and are essential for us to work remotely out of the office. This is something that is also known to the hackers. Hence, it is one of the most successful methods for them to gather personal information.
However, if you are prudent about where you connect and how you send your information, you are greatly protected from being compromised. This includes making certain that you have a secure connection via SSL or making use of a VPN.