You've Been Hacked. Is Public Wifi Safe?
“We regret to inform you that, you’ve been hacked”
Following the Florida Association of Professional Employer Organization (FAPEO) conference in Tampa this past Summer, I had to skip a flight to Las Vegas to visit with Brother Abram Finkelstein and his extended Staff Link family. Little did I know that such a seemingly mundane flight to “Sin City” would frighten the hell out of me, and for once, not just because I was 40,000 feet in the sky. As I sit on another flight to San Antonio going to the National Association of Professional Employer Organization (“PEO”) annual conference, it occurred to me, I had not shared a story with my extended family.
I sat on the aisle, and beside me were a couple normal gentlemen who appeared to be already “Vegas-ready”. Both in their thirties, the white and black gentlemen were close friends it appeared. As usual, I was trying to clean out my second home (aka inbox), minding my own business, and then I hear “You going to Defcon?”, from the seat next door.
I paused; I had heard of Defcon and knew that it was a big cyber/computer-related conference, but answered no. Being a computer/data nerd that sells property and casualty insurance, to include cyber coverage, I started to ask some questions. My curiosity was now piqued.
The cyber market is extremely dynamic at present, with both the frequency and severity of cyber events are moving targets. Too many people with too much time on their hands and open access to “loot” through the world wide web. Due to my intrigue, and with four hours to spare; I got a quick overview of the biggest hacker convention/bash in the world.
“I’m not going, but have heard of it. What is Defcon about?”
For those that are interested in the history behind Defcon, it was founded in 1993 by self-proclaimed hacker, Jeff Moss. In the first year, Jeff’s parent’s left him in Las Vegas for a weekend. Bad idea. Shortly thereafter, one hundred invited hackers converged to the desert from the US and Canada and created what is now the world's largest and most notable hacker convention, held annually still by Mr. Moss, still, and always in, Las Vegas, Nevada. There have been many documentaries made about this event and the incredible history behind it, in which I have since checked out. A mini-series, never-mind an article, on its own.
Now split into two conferences week after week, “Black Hat” and “Defcon”, attendees at both events include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be "hacked". The event consists of several tracks of speakers about computer- and hacking-related subjects https://forum.defcon.org/node/236142. Black Hat is more geared to the cyber professionals, engineers and law enforcement meant to prevent hacks. A higher cost and more formal event. Defcon is anyone and everyone. The “curriculum” for Defcon is widely varied with many contests and prizes based on who can hack who, to include the Defcon tickets themselves. That's the fun of it all.
My internal IT department was less than enthused about "the fun of it all" when it was understood I was going to be in the cyber equivalent of Beirut. Hacking is encouraged and celebrated, and you are an unknown participant to the theater if not careful. This is where the hackers and the enforcement that tracks them converge. The “white hats” use their knowledge for good; protection and identification of perils. The “black hats” use this same knowledge, or new technologies/intelligence, for malicious intent. It is the “gray hats” that create a more opaque quandary; the vigilantes of the cyber community, gray hats are “for-pay” mercenaries used for either side, arguably the most dangerous based on the unknown purpose of their mission and who is behind it.
Defcon was virtual last year (2020), so was sure to be an “out of control” cyber bash in 2021, in accordance too my two new friends. Some of the highlights that they were looking forward to attending:
- A follow up to the 60 minutes special on “could the election have been hacked”
- The ease to “pirate” any commercial marine vessel without ever having to go aboard – in essence, through nothing but the internet, take over all command of a c-5 vessel
- “Sky Talks” – this is when hackers (black, white or gray hat) go into a sealed off environment and without identity, explain some act of hacking that moves the needle in one way or another
- Finding fellow ham radio operators because, "what are you going to do if the grid goes down?"
Is public Wi-Fi safe?
As we continued our discussion, my new friend Tom, probably seeing the fear in my eyes, made the comment “one really should not use the public wi-fi”. I nervously chuckled, as of course, my computer was connected to the airplane’s wi-fi. He proceeded to turn his computer towards mine, where my inbox appeared on his screen, and with a big smile asked, “do you want to send your mom an email”. Ha! Big smiles...
This type of hack, very common, is called “Man/Machine in the Middle”. It is when one computer is taken over by a hacker, whereby the new user has full control, and access, to anything. Passwords, emails, health info, share drives... anything.
Getting into my system, finding the name of my mother and teeing up an email in Outlook to her took all of three minutes… maybe.
After the fear settled down, I came to a very personal realization that we all need someone like Tom in our lives to help us navigate the cyber threats that accelerate by the day. The convenience and efficiency of the internet, and all it brings to us, is scattered with unknown perils to most anyone that is not expert to it. And if you are expert today, tomorrow is yesterday in this field, at the rate it is growing in intellect, opportunity and impact. Due to our lives now revolving around a “wi-fi Sun”, our control of who comes in and out of our “digital lawns” will be paramount in protecting our business, and ourselves. Make sure to build a fence and lock your doors, as to our hacker friends, "Freedom is Slavery".