Hackers hijacking free Wi-Fi, especially at airports

Better Business Bureau
Posted: Tuesday, November 26, 2013 9:15 a.m.

Everywhere you look these days, you see people using their electronic gadgets: smartphones, tablets, gaming systems, and e-readers. Most of these gadgets require Wi-Fi to access the Internet or the gadget itself is a Wi-Fi hotspot. May airports and other public spaces offer Wi-Fi for the public to log onto the internet from their laptop computers.

"Hackers are now taking advantage of travelers who want to stay connected," said BBB President Tom Bartholomy. "They are setting up fake Wi-Fi connections designed to steal your personal information without you even knowing it."

How it works:

Although hackers have set up fake Wi-Fi connections in many locations, airports are a favorite hot spot. When searching for connections, consumers may see a network connection available that could simply be named "Free Wi-Fi."

Unfortunately, the network may actually be an ad-hoc network, or a peer-to-peer connection. The user will be able to surf the internet, but they are doing it through a hacker's computer.

"While the user is online, the hacker is stealing information like passwords, credit card and bank account numbers, and social security numbers from the user's laptop computers," said Bartholomy. "Airports across the nation continue to report Wi-Fi security issues."

The BBB offers the following advice for travelers using Wi-Fi hotspots:

• Connect securely. Never connect to an unfamiliar wireless network--even if the name sounds genuine. A hacker can change the name of his network to anything he wants, including the name of the legitimate Internet connection offered by the airport.
• Disable automatic connections. Make sure that your computer is not set up to automatically connect to any wireless networks in your range. Otherwise, your computer could automatically connect to the hacker's network without your knowledge.
• Turn off file sharing when you are on the road to prevent hackers from stealing sensitive data from your computer. Turn off the Wi-Fi hotspot on your device so others cannot sign in to your network. 
• Create a Virtual Private Network (VPN). A VPN establishs a private network across the public network which prevents a hacker from intercepting your data. If your mobile device has a Wi-Fi hotspot feature, you definitely need a VPN to prevent other people from accessing the internet via your mobile device.

For more information, please visit BBB or cal 1-877-317-7236 toll free in N.C. and S.C.

http://www.salisburypost.com/article/20131126/SP01/131129767/

Target confirms massive credit-card data breach

Melanie Eversley and Kim Hjelmgaard, USA Today
8:29am EST December 19, 2013

Target says that its stores have been hit by a  major credit-card attack involving up to 40 million accounts.

Chief Executive Officer Greg Steinhafel confirmed Thursday morning earlier reports that a brazen data breach had taken place. In a statement, Steinhafel said "Target is working closely with law enforcement and financial institutions, and has identified and resolved the issue."

The retailer said that the unlawful access to customer information took place between November 27 and December 15.

Earlier, the Secret Service confirmed to USA TODAY that it is investigating the massive data violation involving shoppers' personal credit-card information.

The Secret Service will confirm it is investigating the incident at Target," spokesman Brian Leary said in telephone interview Wednesday night. "We don't have any further comment because its an ongoing investigation."

The breach began around Black Friday, the day after Thanksgiving and the busiest shopping day of the year.

The breach involves the theft of information stored on the magnetic stripe on the backs of cards used at nearly all of Target's stores around the country, according to the Krebs on Security website, who first reported the news.

KrebsOnSecurity.com is the website of Brian Krebs, a national computer security expert and former Washington Post reporter.

Target is based in Minneapolis and has almost 1,800 stores in the United States and 124 in Canada, according to its website.

James Issokson, vice president of MasterCard communications, said in an email to USA TODAY that a question regarding the potential breach "at this point is best directed to Target."

An expert with a global firm that helps companies respond to and mitigate breaches said while he could not address the Target situation specifically, many companies--large and small--are typically under-prepared when they face a breach.

Most important is that the potential breach be addressed quickly, to help get information out to those affected and to regulators, to bring in the right experts to address the breach (such as forensic experts who can stop cyber attacks) and to help preserve the public's trust in the company, said Mike Donovan, Global Focus Group Leader for Beazley Breach Response, headquartered in London.

"We see breaches across all sizes of companies," said Donovan, who is based in San Francisco. "You see the stories about the big ones in the news, but breaches are affecting companies all across the board."

Beazley recently responded to its 1000th breach and the company has seen a "significant number" of large breaches in the last four or five years, Donovan said.

It happens all the time, every day, with retailers, health care organizations, schools, and other operations, he said.

"Any company that handles personal data is vulnerable," Donovan said.

The potential breach does not appear to involve online purchases, Krebs reports. It appears the type of data stolen would allow thieves to create counterfeit credit cards and, if pin numbers were intercepted, would also allow thieves to withdraw cash from ATM machines, according to Krebs.

Visa did not respond to emails or telephone messages left with its corporate office.

How to Secure and Maintain your New Tablet

With the holidays just around the corner, many people and their family members will be receiving new tablets. With this comes the perfect opportunity to start learning about and securing your mobile devices. Check out SANS December issue of OUCH!, Securing your New Tablet here.

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201312_en.pdf