Free wi-fi hotspots pose data risk, Europol warns

 

Sensitive information should not be sent over public wi-fi hotspots, to avoid hackers stealing it, Europe's top cybercrime police officer has warned.

Troels Oerting, head of Europol's cybercrime centre, told BBC Click people should send personal data only across networks they trusted.

He said the warning was motivated by the growing number of attacks being carried out via public wi-fi.

Europol is helping a number of countries after such attacks, he said.

Stolen data

"We have seen an increase in the misuse of wi-fi, in order to steal information, identity or passwords and money from the users who use public or insecure wi-fi connections," he said.

"We should teach users that they should not address sensitive information while being on an open insecure wi-fi internet.

Sensitive data should only be swapped via home networks

"They should do this from home where they know actually the wi-fi and its security, but not if you are in a coffee shop somewhere you shouldn't access your bank or do all of these things that actually transfer very sensitive information."

Mr Oerting said Europol, which helps co-ordinate investigations into organised crime across Europe, was assisting several member states who had seen attacks carried out on wi-fi networks.

The attackers were not using novel techniques, he said, but relied on well-known approaches that attempt to trick people into connecting to a hotspot that, superficially, resembles those seen in cafes, pubs and restaurants and other public spaces.

'Man in the middle'

The attacks meant that data swapped when people communicate with a bank, shop via the web or log in to social media sites could be captured by attackers.

"Everything that you send through the wi-fi is potentially at risk, and this is something that we need to be very concerned about both as individual users but also as police," he told Click.

Mr Oerting's warning comes only a few months after the European parliament turned off its public wi-fi system after it was discovered that a "man-in-the-middle" attack was being perpetrated via the service.

As its name implies, in this attack thieves attempt to insert themselves between users and a hotspot to gather all data passing between the two points.

The warning was echoed by Charlie McMurdie, former head of the UK's cybercrime unit and now a senior security analyst at PWC.

"A lot of mainstream criminals have identified there are easy opportunities and vulnerabilities just walking down the street and exploiting wi-fi networks that exist in every coffee shop," she said.

Rogue hotspots

Large companies were also falling victim to this type of crime, said Ms McMurdie, because they were not watching out for the rogue hotspots that are regularly turning up.

Sometimes, said Ms McMurdie, attackers used hotspots to get at particular individuals rather than to grab all the data flowing from everyone using a public network.

Everyone needed to be aware of what they were putting at risk when they use wi-fi networks and the data it can potentially hand over to criminals.

"There is the need for raising awareness of what the vulnerabilities are and what you should be doing to protect yourself whether you're on the move or in a physical location," she said.

The BBC Click investigation into how safe public wi-fi hotspots are can be seen on the Click TV show this weekend.

 

Hacking Resources: Top 6 VoIP Analysers

Hacking could be so much fun,

Especially with the right tools at hand.

VoIP allows users to make voice calls over the internet. It allows free calls, no matter what the distance between the caller and the receiver. Moreover, it is a very good way not only for an individual, but for enterprise clients too, who can reduce their costs by quite a bit using these services. However, we are discussing hacking in the current article. Therefore we intent on hacking/analysing VoIP and the following tools are good for the purpose.  

1.CommView

CommView is a powerful network monitor and analyser designed for LAN administrators, security professionals, network programmers, home users etc. This application captures every packet on the wire to display important information such as a list of packets and network connections, vital statistics, protocol distribution charts, and so on. CommView includes a VoIP analyser for in-depth analysis, recording, and playback of SIP and H.323 voice communications.

2.Cain & Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analysing routing protocols.

3.VoIP Security Tool List

This VoIP Security Tool List provides categories, descriptions and links to current free and commercial VoIP security tools.

4.OmniPeek

OmniPeek gives network engineers real-time visibility and network analysis into every part of the network from a single interface, including Ethernet, Gigabit, 10 Gigabit, 802.11a/b/g/n/ac wireless, VoIP, and video to remote offices.

5.vomit

The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file. Vomit is not a VoIP sniffer also it could be but the naming is probably related to H.323.

6.VoIP Hopper

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop security test. VoIP Hopper is a VoIP infrastructure security testing tool but also a tool that can be used to test the (in)security of VLANs.