Public WiFi Protection Against Ghost Phishing (And Other Threats)
Public WiFi is a convenient way to stay connected wherever you go, but it can also provide easy access for unscrupulous hackers unless proper security measures are taken. And even with appropriate protection, a determined hacker can still gain access to private information.
Wireless access points are not always what they seem. Experienced hackers can emulate a WiFi access point on their own computer and force you to connect to the internet through them rather than through the public WiFi router. Malicious hackers can even force your computer to switch to their access point without you even noticing. The process of tricking devices to connect to a computer rather than a WiFi router is called ghost phishing, or evil twin emulation.
The Ghost Phisher program (package) comes standard on the Kali Linux hacker’s operating system. The Ghost Phisher package description on the Kali Tools website lists its potential functions, including HTTP, DNS, and DHCP server spoofing, webpage hosting and credential logging, WiFi access point emulation, session hijacking, ARP cache poisoning, and Metasploit penetration.
While ghost phishing is a useful tool for penetration testers and ethical hackers, the same tool can be used for nefarious purposes. Despite the legal warning displayed when opening the program on Kali (or another distribution designed for penetration testing), hackers can easily set up an evil twin access point and begin capturing private data, called “packet sniffing.”
A Ripe Harvest For Phishers
Public WiFi access points can be found everywhere, from airports and hotels to coffee shops, shopping malls, and office buildings. In her 2017 Catholic University Journal of Law and Technology article, “Is WiFi Worth It: The Hidden Dangers of Public WiFi,” Catholic University of America law expert Ellie Shahin claims that nearly 50 million public hotspots are active in the world, and the number is expected to rise to 340 million by 2018.
“Combining the rapid expansion of easily accessible hotspots,” she writes, “the number of devices that are capable of connecting to those hotspots, and the number of people owning those devices, consumers are opening themselves up to a dangerous world of privacy risks.”
In the world of hackers, you’ll find varying levels of expertise. Some hackers are known as “script kitties” by their peers, meaning they don’t really understand the theory behind the hacking. Rather, they simply use tools that were designed by elite hackers and posted online for anyone to use. Script kitty hackers tend to go after easier targets, so a few simple security measures should protect your privacy from them.
“While many of us tend to think of cyber criminals as mastermind hackers, the truth is the majority are simple scam artists,” cybersecurity writer Jonathon Crowe says in his security blog article, “Phishing by the Numbers: Must-Know Phishing Statistics 2016,” on the Barkley website.
“They don’t bother with coming up with sophisticated ways to break through complex security systems. Why bother going to all that trouble when you can simply trick an employee into giving up information or clicking a link?”
Crowe reports that, as of 2015, 85 percent of web-connected organizations have suffered phishing attacks, 13 percent more than in 2014. The number of unique phishing sites (false sites that look exactly like real sites, used to trick people into entering their login credentials) skyrocketed from nearly 50,000 to more than 120,000 between October 2015 and March 2016.
Dangers Of Connecting To An Evil Twin Access Point
Phishing scams are delivered by email, SMS messaging, and several other methods. Ghost phishing is a more difficult process for perpetrating a phishing scam and is harder to detect. Once victims are connected to the evil twin, all of their browsing and internet activity can be intercepted.
Ghost phishing also opens a victim’s computer to other types of hacks. Security and law experts Regner Sabillon, Jeimy Cano, Victor Cavaller, and Jordi Serra review several popular hacks that often accompany ghost phishing in their 2016 International Journal of Computer Networks and Communications Security article “Cybercrime and Cybercriminals: A Comprehensive Study,” including:
- ARP Poisoning – Address Resolution Protocol (ARP) is designed to send the right traffic to the right machine. ARP poisoning creates a spoofed MAC Address (a particular device’s identification) that is used to redirect traffic to the attacker’s device.
- DNS Poisoning – Domain Name Service (DNS) translates domain names into IP addresses. DNS poisoning causes corrupt DNS results to store the attacker’s IP address in the DNS cache, essentially rerouting information to the attacker’s computer.
- Session Hijacking – An active session can be taken over by an attacker who grabs an authenticated user’s session ID and uses it as his or her own. Once an attacker has hijacked a session, he or she can do anything the victim could do on the network.
- Metasploit Penetrations – Penetration testers and ethical hackers use a program called Metasploit to test the vulnerability of computer systems and networks. Metasploit is also very popular among hackers and offers dozens of “exploits” (small computer scripts used to take advantage of system weaknesses). Exploits give hackers access to private files, incoming and outgoing packets of information, messaging programs, cached data, and webcam usage, as well as to other computers networked to the victim’s computer.
Protect Yourself Against Ghost Phishing
A Virtual Private Network, or VPN, is the best way to protect your private data. “Privacy is increased with a VPN because the user’s initial IP address is replaced with one from the VPN provider,” says Brian Gilbert, WhatIsMyIP.com website administrator and author of “What Is My VPN?”
“This method allows subscribers to attain an IP address from any gateway city the VPN service provides. For instance, you may live in San Francisco, but with a VPN, you can appear to live in Amsterdam, New York, or any number of gateway cities.”
Some VPN providers charge for their services while others are available free of charge. The paid providers, however, offer stronger security and faster speeds. Dangers are still present, however, when using VPNs, especially on public WiFi hotspots.
“There is a hole in [VPN] protection, and it happens at connect time,” Ars Technica website tech writer Larry Seltzer says in his 2015 blog post, “Even With A VPN, Open WiFi Exposes Users.”
“The VPN cannot connect until you connect to the Internet, but the VPN is not instantaneous,” he writes. “In many, perhaps most, public WiFi sites, your WiFi hardware may connect automatically to the network, but you must open a browser [and] manually accept a TOS (Terms of Service) agreement first.”
In short, the best way to protect yourself is to not connect to public WiFi access points at all. The second best way to protect yourself is to be careful which sites you visit while connected to public WiFi. If you are going to make a purchase online, make it from your mobile network instead of WiFi. Or use your private home WiFi network (as long as it is passphrase protected with a complex passphrase). Watch what you log into. Remember, many of your devices connect automatically to public WiFi points as soon as they are in range.
There is no such thing as completely protected. You can take steps, however, that will reduce your exposure and make your computer more difficult for hackers to access. Not all hackers are skilled enough to tackle the more difficult hacks, so many will skip over protected computers and focus on those that aren’t protected.
Maryville University – Online Degree in Cybersecurity
Maryville University offers undergraduate and master’s degrees in cybersecurity. Coursework includes topics such as cryptography, cloud security, incident handling, mobile forensics, and penetration testing. Students can log into their classroom anywhere, on any device, at any time with the Maryville Virtual Lab.
More information is available at Maryville University’s online cybersecurity website.