A few seconds spent on wifi in a Media City cafe was all it took for Jason Hart to steal my identity, and probably gain access to my bank account.
The former hacker sets his laptop down on a table and connects a gadget that looks like a wifi router, with two small antennae (he asks we not name it as it’s 100 per cent legal to buy).
As soon I click on the wifi, Hart can see me and my colleagues. Our names and phone models pop up and with a single click he is soon shadowing our systems.
Like an IT manager remotely fixing your computer at work, he can see what you browse within a window on his computer. If you enter an email address or password he can see, and key strokes are not starred out.
“So now I’ve got full control of you. I can see everything you’re doing on the internet and be invisible”, he says. Hart can either wait for a user to log into a bank account or pay a bill or try to prompt you. “I can extract your sensitive information, send messages to your computer, inject content into your browser, all without you knowing,” he adds.
“In a pop-up screen, I can offer you free wifi, if you enter your credit card data. Or if you’ve been out with your device, they may have captured your [online banking] password already from your home log-in.”
Hart, who is Chief Technology Officer at security firm Gemalto, says the danger doesn’t end there. Once you log out of the public network and reconnect to a home or business wifi, your laptop or phone are tricked into thinking they are connecting to a trusted network, but really they’re connected to him.
With new technology such a data clouds which use one password to access multiple devices, it’s never been so easy for hackers, Hart says.
“For a bad guy nowadays it’s very, very easy for them to get data, and that’s what they want, data. In today’s world we have data everywhere in the clouds, virtually and in phones etc.
“From a bad guy’s point of view, data is the new oil.”
A cyber criminal may not get to your bank account the first time around, but they may have enough data to trace you.
Hart says they could attack your organisation or business by using personal information or corporate data. Hart says he expects to see an upsurge of what he calls “integrity attacks on any-sized businesses in the corporate world”.
“In today’s world, businesses rely on data. They use that data to make a business decision. What the bad guys will start doing is altering the integrity of the data.
“The business won’t know until years later that the data they’ve used was incorrect to make a wrong business decision.”
In his current position at Gemalto, Hart raises awareness of cyber threats. “If we start doing the basics: authentication, encryption, and key management this problem can be solved. That is what every organisation in the UAE should be doing right now.”
Tips to stay secure online:
You can mitigate 99 per cent of risks by doing the following, according to ex-hacker Jason Hart:
Replace your passwords with one-time logins – Google has a one-time password authenticator, that sends a password to your phone.
Don’t have your wi-fi switched on in public areas
Make sure any sensitive data that you’re creating on the iCloud or when you’re using cloud services, especially in a business environment, is encrypted.
To stay safe stick to your 3G or 4G in public places.