This article is primarily intended for travellers on their round the world trip, Gap Year or Sabbatical. Travellers are often the most vulnerable, being in a foreign land with limited funds with only the use of public internet facilities to contact family and friends. They are often advised by travel websites and fellow travellers to take copies of their itineraries, photo copy of passwords, emergency contact numbers, travellers cheques numbers, etc. in their email accounts so in the case of an emergency these details are available.
Internet Cafe's are often frequented by travellers and normal folk alike to update their blogs, pay bills and keep in touch with friends and family. Hopefully over the course of this article, it will educate the traveller and other users of public internet services about some of the possible risks associated with using these services.
so what are the potential risks?
Hackers can easily exploit public internet facilities where the desktop machines are not hardened (i.e. not fully patched with the latest security updates, anti-virus products, firewalls, unrestricted admin access etc).
In vulnerable environments hackers can install keylogging software / hardware keyloggers to capture keystrokes typed on a keyboard. If you enter credentials to log into email, the keystrokes entered into the keyboard whilst entering the credentials are logged. This allows the hackers to review the keylogger logs to extract your credentials. The hacker can then log into you email and peruse at their leisure sifting through your emails for sensitive data that can be used for criminal activity (identity theft etc). There is a suggestion that using a virtual keyboard can be used to defeat keyloggers. Whilst this may be true for hardware keyloggers, sophisticated software keyloggers can still capture the keyboard input of virtual keyboards.
Another tool hackers can install are Network Sniffers / Protocol analysers. This software will capture data packets to and from the workstation (data on the wire!). Therefore if you are using Instant Messaging / Email and are sending and receiving messages, the sent messages is converted to data packets if sent, and converted from data packets to messages if received (simplified view of what happens). This happens as the messages leave or enters the computer. Network sniffers capture the data while they are in the form of data packets. Anything not encrypted can be read by the hacker. Therefore a email / Instant messaging conversation that exchange sensitive information can be captured and sifted through by the hacker (to glean information to support criminal activities).
The non technical scam used by the the hacker is shoulder surfing, where your the hacker looks at your keyboard while you are entering your credentials when logging into a website or bank to uncover the password.
These are just some of the many techniques used by hackers to extract sensitive data. Some practical countermeasures are discussed in cyber cafe safety. Also accompany this with safe travel advice to ensure you are safe both online and offline whilst travelling.