Experts Say Wireless Internet Opens Up Laptop Users To Easy Data Theft

As communities push to turn themselves into massive wireless hotspots, unsuspecting internet users are stumbling directly onto hacker turf, giving computer thieves almost effortless access to their laptops and private information, authorities and high-tech security experts have said.

It's an invasion with a twist: People who think they are signing on to the internet through a wireless hotspot might actually be connecting to a look-alike network, created by a malicious user who can steal sensitive information, said a special agent for the FBI's Los Angeles cyber squad.

It is not clear how many people have been victimised, and few suspects have been charged with Wi-Fi hacking. "Over the past couple of years, these hacking techniques have become increasingly common and are often undetectable. The risk is especially high at cafes, hotels and airports, busy places with heavy turnover of laptop users", authorities said.

As the field of wireless connectivity expands, so too does a hacker's playground.

A survey at Chicago's O'Hare Airport revealed 76 peer-to-peer networks, or access points that are connected to via another user's computer, with 27 advertising access to free Wi-Fi. The company also found three networks had fake or misleading addresses, a sign that these hotspots could be hackers.

Corporate networks are sometimes the most vulnerable, as employers push for a more mobile work force without always educating its users on the security risks of wireless internet access.

Most laptops are configured to search for open wireless points and common wireless names, whether or not the user is trying to get online. That leaves people open to hacking.

In two new attacks, called "evil twin" and "man in the middle", hackers create Wi-Fi access points titled whatever they like, such as "Free Airport Wireless'' or an established, commercial name. In the "evil twin" attack, the user turns on a laptop, which might automatically be trying to connect behind the scenes. When it does connect, it is connecting to a fake access point, or "evil twin", and the hacker gets into personal files, steals passwords or plants a virus. The attacker can become a "man in the middle" when he funnels the user's internet connection through this false access point to a true wireless connection. The unsuspecting Wi-Fi surfer then might proceed to enter credit card information, access e-mail or reveal other sensitive data. Meanwhile, the session appears ordinary to the user.

Although the FBI has been aware of this kind of attack for about five years, its use has increased significantly in the past couple of years.

The creation of the access point itself is not generally considered criminal; it's what happens next - tracking people's internet traffic, that crosses the line.