As a global recruiter of security professionals, Las Vegas has always been on the bucket list and this week I am incredibly excited to be attending DEF CON, Black Hat and Bsides.
As a Vegas security conference “novice”, I approached the last few weeks with excitement and I am grateful for all the advice I have been given by my contacts in the Australian security community.
Since here in person, I have been advised by a number of conference veterans on “how to survive black hat” and the “Top 5 things to do (and not to do) in Vegas”. Whilst many are here to sharpen their skills or make new connections, it’s obvious that some also come for the conference and stay for … well, all things Vegas.
The consistent piece of advice that I have been given by just about everyone I have spoken to is “not to log on to wifi” ANYWHERE. Now, in my defence (even as a novice), I know the conference venues will be a hive of activity and opportunity for the hacking community to show off their wares, but I was surprised to learn that most major hotels, shopping centres and even the Las Vegas airport are “open targets” during the weeks surrounding the conference.
The topic of “free wifi” and what it actually means to both the public and the provider got me thinking; “just how many users really understand the risks of accessing “free wifi” The list of free public hotspots is endless and the majority of people, particularly young people, will access a wifi connection anywhere, anytime without a seconds thought. It begs the question, “Is anything really free?” and should prompt us to consider what are the real issues with accessing (personal or browsing) online information via a service run and accessed by people unknown.
In a recent article from The Register, I was surprised to read just how easy it is for a hacker to break into a private wireless network. I also appreciated the tips around securing my work and private laptops. http://www.theregister.co.uk/2016/05/20/https_wifi_trust_in_a_public_place/
What also surprises me is that this isn’t just a concern for teenagers hanging out in their local malls or unwitting students. You only have to look at the recent Republican convention in the US where over a 1200 people logged on to the free Wi-Fi network labelled “I vote Trump! free Internet.” without fully understanding or appreciating the risks of doing so. As an aside – I couldnt believe that out of the 68% of users compromised through the fake wifi; only 5% were playing Pokeman go! http://nymag.com/selectall/2016/07/if-youre-at-the-rnc-you-might-want-to-double-check-your-wifi.html
I should point out that not every Internet café, shopping centre, hotel or public space is littered with hackers wanting to steal your info, but do you really want all your sensitive information in the wrong hands?” I know I don’t!
So, to protect yourself from appearing on the “wall of sheep” please consider the following tips:
- Don’t join wifi networks you can’t trust. Use international roaming with an international 3G data card or package from your Australian/National Telco. Or use a VPN when needing to jump online. You can also change the settings on your phone so that wifi and Bluetooth are turned off.
- Make sure you have RFID anti skimming software or a debit/credit block card in your wallet. Better still, leave your wallet and ID in the hotel safe and operate with cash where you can.
- Tell no one where you’re staying and never share your room number.
- And finally, sign up to every vendor party you can find; it’s the best way to drink for free!
After some soul searching I have decided to ditch the burner phone, but I am still brining the tin foil hat.
Wish me luck!