Free wi-fi hotspots pose data risk, Europol warns By Dan Simmons

Click presenter Published duration 7 March 2014

media caption Rory Cellan-Jones explains why Europol is warning people to change their habits

Sensitive information should not be sent over public wi-fi hotspots, to avoid hackers stealing it, Europe's top cybercrime police officer has warned.

Troels Oerting, head of Europol's cybercrime centre, told BBC Click people should send personal data only across networks they trusted.

He said the warning was motivated by the growing number of attacks being carried out via public wi-fi.

Europol is helping a number of countries after such attacks, he said.

Stolen data

"We have seen an increase in the misuse of wi-fi, in order to steal information, identity or passwords and money from the users who use public or insecure wi-fi connections," he said.

"We should teach users that they should not address sensitive information while being on an open insecure wi-fi internet.

image caption Sensitive data should only be swapped via home networks

"They should do this from home where they know actually the wi-fi and its security, but not if you are in a coffee shop somewhere you shouldn't access your bank or do all of these things that actually transfer very sensitive information."

Mr Oerting said Europol, which helps co-ordinate investigations into organised crime across Europe, was assisting several member states who had seen attacks carried out on wi-fi networks.

The attackers were not using novel techniques, he said, but relied on well-known approaches that attempt to trick people into connecting to a hotspot that, superficially, resembles those seen in cafes, pubs and restaurants and other public spaces.

'Man in the middle'

The attacks meant that data swapped when people communicate with a bank, shop via the web or log in to social media sites could be captured by attackers.

"Everything that you send through the wi-fi is potentially at risk, and this is something that we need to be very concerned about both as individual users but also as police," he told Click.

Mr Oerting's warning comes only a few months after the European parliament turned off its public wi-fi system after it was discovered that a "man-in-the-middle" attack was being perpetrated via the service.

As its name implies, in this attack thieves attempt to insert themselves between users and a hotspot to gather all data passing between the two points.

The warning was echoed by Charlie McMurdie, former head of the UK's cybercrime unit and now a senior security analyst at PWC.

"A lot of mainstream criminals have identified there are easy opportunities and vulnerabilities just walking down the street and exploiting wi-fi networks that exist in every coffee shop," she said.

Rogue hotspots

Large companies were also falling victim to this type of crime, said Ms McMurdie, because they were not watching out for the rogue hotspots that are regularly turning up.

Sometimes, said Ms McMurdie, attackers used hotspots to get at particular individuals rather than to grab all the data flowing from everyone using a public network.

Everyone needed to be aware of what they were putting at risk when they use wi-fi networks and the data it can potentially hand over to criminals.

"There is the need for raising awareness of what the vulnerabilities are and what you should be doing to protect yourself whether you're on the move or in a physical location," she said.