[The Epoch Times, September 30, 2024](Comprehensive report by Epoch Times reporter Xingyu) What cybersecurity experts call “evil twin” attacks are increasing, targeting public Wi-Fi in airports or coffee shops. The cybercriminals behind these frequent attacks are rarely caught. VPNs and mobile hotspots are the best defense for using the Internet while traveling.
CNBC reported that for years, travelers have been warned repeatedly not to use Wi-Fi in public places such as airports, hotels and coffee shops. Airport Wi-Fi is particularly popular with hackers because security measures here are often relatively lax. At many airports, responsibility for Wi-Fi is outsourced, and the airport itself has little involvement in securing Wi-Fi.
But while many people know they should stay away from free Wi-Fi, it’s proving irresistible to travelers and hackers alike, who are now updating an old cybercrime tactic to Take advantage of it.
An arrest in Australia this summer set off alarm bells in the United States that cybercriminals are finding new ways to profit from so-called “evil twin” attacks. The “evil twin” also belongs to a type of cyber crime called “man-in-the-middle” attack. Hackers set up fake Wi-Fi in public places where many users can connect to trick users into logging in.
In this case, an Australian man has been accused of carrying out Wi-Fi attacks on domestic flights and airports in Perth, Melbourne and Adelaide. He allegedly set up a fake Wi-Fi network to steal email or social media login credentials.
“As people become more accustomed to free Wi-Fi everywhere, you can expect nefarious attacks to become more common,” said Matt Radolec, vice president of data security company Varonis. No one will read Terms of conditions or check the URL on free Wi-Fi.
“When users see a fake website, they may not even know what a legitimate website looks like,” Radolek said.
‘Evil twin’ technology is easier to hide
One of the dangers of this attack is that the technique is easier to hide. The “evil twin” could be a tiny device that could be hidden behind a monitor in a coffee shop, and that little device could wreak havoc.
“Such a device could replicate a valid login page, inviting an unsuspecting user to enter a username and password, which information would then be collected for future use,” said Brian Alcorn, an IT consultant in Cincinnati.
The website doesn’t even have to actually log in the user. “Once you enter your information, the theft is complete.” A busy, tired traveler may only think there is a problem with the airport Wi-Fi and not think about anything else, Alcorn said.
People who use simple passwords, such as their pet’s name or favorite sports team, are more vulnerable to “evil twin” attacks. For those who reuse username and password combinations online, once the login credentials are obtained and fed into the AI, the AI can quickly give cybercriminals a green light, Alcorn said. All your online information can be stolen, including bank account information.
“You can easily be exploited by someone with less than $500 of equipment and less skill than you think,” Alcorn said. “The attacker only needs to have basic IT skills.”
How to avoid becoming a victim of cybercrime
“My favorite way to avoid an ‘evil twin’ attack is to use a mobile hotspot,” said Brian Callahan, director of the Cybersecurity Lab at Rensselaer Polytechnic Institute.
He said that if hotspots aren’t an option, a VPN can offer some protection because traffic to and from the VPN should be encrypted, “so even if others can see the data, they can’t decipher it.”
Editor in charge: Lin Yan#
