Hackers are sneaky threats for wireless-network users
Posted on Thursday, May 4, 2006
NEW YORK — If Eric Schultze had known what was happening, he might not have slept so soundly that night in his Boston Marriott hotel room.
Schultze, chief security architect for Shavlik Technologies in Mankato, Minn., and a former Microsoft executive, had hooked up his computer to the hotel’s Internet connection the night before he was to make a presentation at a conference in October 1999.
“The hotel is just like one big network,” says Schultze, a “whitehat hacker” who is hired by companies to break into their networks to find gates that are unmanned by virtual security guards. “The moment you plug in, the other folks in that connection can see you, and you can see them.” The next morning, a wellknown hacker (whom Schultze declined to name ) walked up to Schultze after his demonstration. “By the way,” the hacker said wryly, “I really liked the tool you had on your computer last night. Thanks for that.” Schultze recalled the moment with a chuckle, “He broke into my machine and stole my code for hacking.” Schultze’s story is more than an embarrassing anecdote. It shows the abundant computer security threats that business travelers need to protect themselves against, experts say.
In the world of wireless networks, public Internet kiosks and laptops, a long line at the airport security checkpoint might be the least worry a frequent flier faces. Instead, keystroke loggers, spyware and unsecured hotel Internet connections let hackers and ne’erdo-wells tag along for the trip.
Many hotels may not know they have hackers in their midst. Most hotel chains offer Internet connections, through a cable connection or a wireless network.
Wireless networks offer opportunity to hackers. If a wireless network is public and unsecured — meaning it does not require a password — signing on seems very convenient. Many people piggyback onto such public connections. But it can be risky to use such networks, especially if a traveler connects back to his office network, Schultze says. Then anyone on the network, surfing from within the hotel or from a car parked outside, can browse the office network, too.
Many hotels offer wireless connections through a private company like T-Mobile. Others have a unique username and password that they give to each customer. But other hotels, like the Courtyard LAX, have more accessible systems. Paul Verduin, the hotel’s general manager, said wireless Internet was free in the lobby. To start surfing, visitors simply grab a laptop, open a browser window and “accept the terms and conditions” for the hotel’s Internet company.
Russell Dean Vines, author of the handbook Wireless Security Essentials: Defending Mobile Systems From Data Piracy, says, “Hotels have very poor security.” But he noted that hotel clerks are “not computer security experts,” so it’s up to the traveler to make sure a laptop is secure.
Vines and Schultze recommend one simple fix: firewalls. Firewalls act like a brick wall between a computer’s guts and the viruses or hackers that try to get inside. Firewalls are included in Windows XP operating system and in virus protection software (McAfee and Symantec are the favorites of experts ).
Before taking a laptop out of town, Vines and Schultze suggest letting your company’s IT administrator do a quick checkup. That way, if a firewall is turned off — or not even installed on the computer — it can be remedied before a hacker sneaks through a hotel network connection and starts rifling business records.
The National Institute of Standards and Technology’s Computer Security Resource Center Web site (www. nist. gov ) offers encryption tool kits that government officials use to prep their computers for travel. These tool kits are available to, and often used by, private companies as well. But if complicated encryption seems like it would be going overboard, the institute also has a Small Business Center Web site with an easy-to-understand cyber security newsletter.
And for total safety, setting the computer to automatically update virus software helps prevent infection. Downloading all updates for your browsing software can keep its patches — which are like digital flu shots — up to date. Meanwhile, spyware programs like Lavasoft’s Ad-Aware can help eliminate the risk of malicious spyware.
By being vigilant, travelers can eliminate most dangers.
“A determined professional hacker is going to get into your computer no matter what,” Vines says, but these digital protections are “like putting the Club on your steering wheel, so a lazy thief will just move to the next car.”
FEEDBACK:
Something to say about this topic? Submit a Letter to the Editor online
