Watch out for the 'Man In the Middle' and the 'Evil Twin' — Wireless Security and You


If the title of this post confuses you, don't be too worried because these terms probably confuse, or completely escape the notice, of most people. So, what then do they mean? Well, they refer to different types of cyber attacks on you and your computer that take place every day here in Los Angeles. Attackers use these types of attacks, and others, to gain access to your computer and your data with sometimes unfortunate results.

According to a recent LA Times article, these cyber attacks are all part of a plan by hackers to exploit unsuspecting computer users using fake wireless networks set up for the sole purpose of obtaining users valuable data. Sadly, according to the article and my experience with this problem, the process of gaining access to someone's computer and their personal data is often relatively simple.

As most computers these days are set up to search for wireless networks automatically, its pretty easy for would-be hackers to set up wireless networks with inviting names like "Free Wireless" or a well-known commercial name like "T-Mobile" and once your computer finds the network and you sign onto the supposedly free or known-safe wireless network, that's when the hackers attempt to steal your data. This is what's known as the "evil twin."

Another way a potential hacker can exploit your computer is by using a method known as the "man in the middle." In this scenario, the hacker gets you to connect to his fake network and then runs your connection through his computer and then out to the legitimate internet. Doing this allows the hacker to grab whatever bits of data you send out to the internet including credit card numbers, passwords and other bits of information usually kept secret.

Yet another problem is the sheer number of people using wireless networks at home these days. Unfortunately, most people simply take their wireless routers out of the box, connect them and then connect to the default wireless network named "linksys" or "d-link" (two of the most popular wireless equipment makers). Because of this, its far easier for potential intruders to get your computer to connect to their fake networks.

All they have to do is set up their trap and use a network name like "linksys" or "d-link" and in many case, your computer will connect to that network automatically -- without you even having to agree or click any buttons. Unfortunately, the computer doesn't know the difference between your network at home named "linksys" and the fake network set up by the hacker trying to get into your computer. All its looking for is the name and if the name matches, it will connect.

So what can you do to protect yourself? First of all, configure your wireless network at home properly and don't just use the default settings out of the box. Pick an obscure network name and use a complex password. That way your computer won't try to automatically connect to any network out there with the same name. Also, be more aware of public and seemingly free wireless networks, especially in high-traffic areas like coffee houses and airports -- two frequent places for would-be hackers to find exploitable computers.

If you're a Windows user, make sure you keep your computer updated with the latest patches and security updates and also make sure to have up-to-date anti-virus software as well. And, be sure to set up a complex password on your computer. In many cases people start using their computers without putting a password on them at all. Don't do it and don't choose something like 'password' as that wail be easy for an attacker to guess.

Choose a password far more complicated but easy for you to remember. Use a combination of letters, numbers and symbols for even greater security. Lastly, even though it sometimes can cause other issues, turning on the Windows Firewall can also help prevent intruders from getting into your computer. If you happen to use a Macintosh, your computer is less vulnerable to attack but that doesn't mean you shouldn't take security seriously.

The point of all these security precautions is to make your computer as unattractive and difficult as possible for a would-be attacker to exploit. If it becomes too hard for them or too time consuming to access your computer and your information, they may simply move on to another computer that is less protected than yours. Plus, if they can't get access to your computer in the first place because you took proper precautions and didn't connect to that suspiciously free wireless network, that's even better.