When Daniel Carter logged on to a shared computer at a hostel in Rome to check e-mail, he had no idea he was in a hacker's sights. After his trip was over, he discovered someone had hijacked his e-mail account and sent a message to hundreds of his contacts asking for money.
"Sorry i did not get you informed about my short trip to london ... i was attacked on my way to the hotel by some hoodlums and they took away all my belongings," the e-mail said, ending with a plea for money "so i can sort out my hotel bills and fly back home" and a promise of repayment.
Most of Carter's contacts recognized the scam from the poor grammar and lack of upper-case letters. Unfortunately, one older friend fell for it, sending some $2,000 to the scammers. Carter eventually regained control of his e-mail account and cleaned up the mess. But the money his friend sent was lost.
"This was a big wake-up call. I thought, 'Who's going to hack me, I'm not important or of large means,'" said Carter. But, as he found out, a hacker can make a quick profit off an ordinary traveler.
What happened to Carter is a relatively rare phenomenon. But travelers are especially vulnerable to hackers because they often use computers and Wi-Fi networks in hotel lobbies, cafes and airports.
"If you are using an open Wi-Fi network, you are extremely vulnerable," says computer security consultant Kevin Mitnick. He should know: Mitnick served five years in prison for computer capers that gained him notoriety and prompted an FBI manhunt.
Here are some steps you can take to protect yourself. Create a strong password. Carter says his e-mail was easier to hack because he had a weak password. Password advice can be found at: http://www.microsoft.com/protect/yourself/password/checker.mspx
You might also create a dedicated e-mail account for use on the road, with a password that is different from passwords you use for bank and credit card information. Let your contacts know you'll be using that account while on vacation. You can stay in touch, but if someone does hack into your account, they only get your vacation pictures.
If using a shared computer, try to cover your tracks. On Apple's Safari browser, under the Safari menu, toggle "Private Browsing." On Microsoft's Explorer, when you log off, go to "Tools" and "Delete Browsing History" to remove traces of your passwords and the Web sites you've visited.
Mitnick says he'd only use a shared computer to check e-mail as a last resort — and then he'd immediately change all his passwords when he gets to a secure computer. But wireless hotspots can be just as dangerous — with the hackers monitoring communication from your laptop or other electronic device. And a wired hotel network can also be dangerous, since a hacker could be in the room next door and access your computer through the network. "Sniffing a wireless network is really easy to do — any teen in junior high can do it." Mitnick says of a strategy that amounts to eavesdropping on computer communications in an open network in, say, a cafe or airport. Such vulnerabilities can yield mayhem with attacks known as "Packet Sniffing," ''Man in the Middle" attacks and "MAC Spoofing."
That's not to say every hotspot is dangerous. But when using your laptop in a public place, you obviously want up-to-date security programs, says Dave Marcus, McAfee's Director of Security Research and Communication. You should also disable file-sharing on your laptop, Marcus says. It's also a good idea to turn off Bluetooth, printer-sharing and disable ad hoc network connections. Each Windows and Mac operating system has a slightly different procedure to do this. Information for your computer can be found at: http://support.microsoft.com/ or http://www.apple.com/support/
Many experts say you should not send any sensitive data while in a hotspot. That's because many e-mail services and browser connections essentially broadcast in the clear, meaning someone can eavesdrop on information sent to and from your computer. If you want to be careful, that means avoiding banking, shopping and checking credit card accounts. Even though these sites usually encrypt your data, there are some workarounds a determined hacker could use. Even passwords for seemingly innocuous services could potentially lead to more sensitive personal data.
If you want to take your computer security a step up, consider a VPN, or Virtual Private Network. "The best way to protect yourself is a VPN," says Mitnick. "It's a tunnel, where all your communication is encrypted. A passive attacker can't intercept." Bill Bullock, co-founder of the VPN service WiTopia, calls such networks "the next weapon in the arsenal" after firewalls and antivirus software. His company offers plans starting at $39.99 a year, but there are plenty of competitors. And, if you are computer-savvy, you can even create your own VPN, connecting from the road to your secure computer at home and accessing the Internet through it. They can also work with iPhones and other personal data devices.
But Kelly Davis-Felner of the Wi-Fi Alliance, a group that promotes growth of Wi-Fi networks, says a VPN is probably overkill for travelers who are just checking the latest sports scores or e-mailing Mom from a cafe on the Champs-Elysees.
"It's a statistical possibility that you'll get hacked in a hotspot," she acknowledged, advising against banking, trading stocks or doing business-related work at an open network without VPN. But she added: "You are taking a much greater risk handing your credit card to a waiter than sitting in an airport sending e-mail."