Time and time again, the best advice to householders who want to protect their home from thieves is: “think like a burglar”.
That may not be a very easy thing to do – after all, most of us, thank heavens, are not criminals. But empathy, putting oneself in the mindset of the ne’er do wells who seek to threaten us, is the key quality required of anyone who wants to stay safe.
That is why, when it comes to protecting your digital property, as well as your bricks and mortar, it pays to put yourself in a hacker’s shoes. If I were a cyber-criminal, here is how I would target your precious digital information whilst you go about your mobile lifestyle…
1. I go where the WiFi’s free
Free public WiFi is one of the hallmarks of our times. So addicted are we to staying connected, we can barely bear to be offline nowadays – mobile professionals, students and the growing army of freelance creatives are drawn to free WiFi, served by cafes and bars, like bees to a honeypot.
In fact, honey trap is a more apt metaphor, since free WiFi is the perfect way to lure punters in to giving me their bank details, travel plans, corporate information and more – pretty much anything and everything that network users do online.
After merely joining the same network as you, I can run freely available tools that slurp your data as you surf. Tools like Firesheep let me hijack your Facebook session, for example – but that’s only the tip of the iceberg. New applications are going online all the time.
I don’t even have to be perched on my laptop on the table next to you, pretending to work – I can run my packet sniffers on my Android mobile phone, right in my pocket.
2. I’d prey on familiarity
I don’t even need to be on the same network as you to ruin your life – all I have to do is take advantage of your trust.
Those who frequently connect to “Cafe WiFi” at their favourite coffee shop expect to see their favourite network name time and time again. As a criminal, I would play on that naivety by creating my own honey-trap network with an identical name.
Here’s where the show really gets started. When you’re using my internet – whether powered via my laptop or my mobile phone – I see everything you do. Your eBay account tells me your address, your travel bookings give me your away days, your webmail archive tells me everything about you – oh, and I’m probably able to sabotage that deal you’re trying to seal for your company, too.
This is a man-in-the-middle attack, and I will own anyone foolish enough to connect to the copy of their usual network without questioning the duplicate.
3. I’ll use what you tell the world
Still haven’t mastered Facebook’s too-difficult privacy settings? That’s too bad for you. As a cyber-villain, I would use that to my advantage.
I don’t have to be in the same room as you to get vital information to target your family. Chances are, you already broadcast enough info to give me a head-start.
Social networks are great. Telling the world you’re going on holiday next week? Thanks very much; I’m in. Announcing your birthday today? Great – that’s one piece of data I need to clear phone security with your bank. Likewise, thanks for complaining to HSBC via Twitter – until then, I had been posing as you to NatWest!
This is social hacking, and it has little to do with technology – and more to do with how victims, to their loss, lose their inhibitions when they go online. But not me – all I need do is lurk in the background as you cough up a treasure trove of nuggets.
4. I’ll abuse trust in HTTPS
Time was, a padlock in the URL bar indicated a secure, encrypted connection that I couldn’t snoop on. But those days are gone.
Instead, it’s recommended that you take additional caution when entering sensitive data such as bank or personal details into HTTPS sites by using a security service such as ZenMate. This will make it that much harder for prying eyes to get a hold of your data.