Cyber Cafe Safety

Internet Cafe Safety Exploits and Tips

Cyber cafe safety / Internet cafe safety is often overlooked.  Cyber cafe's are often a convenient way to keep in touch with family and friends, update blogs, pay bills etc.  However because Internet cafe's are public by nature they are extremely vulnerable to being hacked.  This does not only apply to cyber cafe's, but to all public internet provisions commonly used by travellers on their round the world trip, and normal folk alike.  Public internet locations such as Hotel / Hostel internet facilities etc are locations that are just as, or more vulnerable then cyber cafes.  This article will seek to educate you to the commonly used tricks that are used to exploit cyber cafe's and public internet facilities. Practical advice to ensure your cyber safety (i.e. your online id is safe and not compromised) will be discussed.

Computers at public places such as internet cafe's can be a great place for hackers to glean sensitive information when you use the internet.  This section will highlight how this is possibly done and offer practical counter measures and safety tips to minimise the risk.

So how are hackers able to glean this information in cyber cafes?

This requires understanding identity theft occurs,  see below:

Overview of online identity threats

There are 2 main attacks surfaces used by hackers, namely the workstation and the network.

Hackers normally look for internet cafe computers that are vulnerable.  These are computers that are easy to manipulate as they are insecure (e.g dont have any anti virus software installed or updated, not locked down (admin access to all who use the machine) etc.).  This allows Hackers to:

  • Install Keyloggers - (Software / hardware which captures all your keystrokes that you type on a cyber cafe computer).  For example when logging into your email, the Keylogger captures the keystrokes typed upon entering your login details.  The hacker can install a keylogger on a internet cafe machines. The hacker can then visit the cyber cafe computer or the keystroke data can be sent to the hackers remote terminal as depicted above.  The keystroke data will then be analysed to determine credentials that have been typed.  If the hacker works out credentials to log into email account, the hacker can search emails at leisure and collect sensitive information that could facilitate their criminal activities.  You are advised (by websites like the FCO and / fellow travellers) to store personal information on your email, which could be useful if are in a crisis. (For example: a copy of your itinerary, passport details, travellers cheque numbers and other personal information). These details are also very useful to hackers for identity theft amongst other uses.

  • Network sniffing software - (This is a piece of software that captures the network traffic coming to and from a computer - also known as packet capture).  The hacker can install network sniffing software on a machine in a internet cafe.  The hacker may also perform a man in the middle attack (MITM) which would redirect all internet traffic from the machine in the internet cafe through the hackers machines.  The hacker would have network sniffing software installed on the hackers machine.  The network sniffer will then capture data that is transmitted on the wire.  For example if you fill out your login credentials on a site that is not encrypted, your login details can be read by the hacker via the sniffer capture files at a later time. When logging into a email account, the credentials are generally encrypted.  Encrypted data  and cannot be read by the sniffer, therefore the hacker cannot read the credentials.  However, when reading and sending emails, the entire email, in some instances can be read by the hacker as these are generally sent and received unencrypted.

  • Phishing scams - (The user is fooled into logging on to a fake site).  This is commonly as a result of receiving a spam email (sometimes from what appears to be your bank, also the machines could be tampered with (hosts file) to direct your web request to false website etc) and you click on the link within the message.  Once clicked you are directed to a website that looks identical to the real site.  Logging on to a fake site will capture your login credentials enabling the hacker to have access to your account.  These scams are typically spread by email, however the machine in the internet cafe can be exploited to redirect legitimate traffic to a phishing site. DNS poisoning is another way web site traffic can be redirected to a phishing website.

  • Shoulder Surfing  - When someone watches your keyboard in a internet cafe whilst logging into websites, thus they acquire your user and password.

These are just some of the risks that exist in Public internet facilities.   

Now that you have an understanding of the types of "hacks" that take place, I will suggest a few safety tips / countermeasures that will reduce the risk of getting hacked.  For one-stop-shop protection seriously consider purchasing a IronKey USB device. This should keep you safe and offer you more protection then the countermeasures produced below. The IronKey in addition to providing an effective countermeasure to the exploits discussed above, also provides password protected hardware encryption that facilitate the secure storage of sensitive data. The IronKey has won numerous awards amongst the security community and is widely trusted and used by US government agencies and fortune 500 companies. The countermeasures without the use of an IronKey are:

Shoulder Surfers - Nothing technical here, just good observation / awareness skills. Be aware of the people around you when typing in login details of any sort.  If there are people in the cyber cafe watching you,  cover the keyboard when logging in.

Phishing Scams - Use more up-to-date versions of a browser when using the internet in a cyber cafe as they have anti-Phishing measures built into them.  How do you run a modern browser when the version installed in the internet cafe is old ?  The options are to download and install it (which may not be possible due to restrictions), however a better way is to use portableapps (www.portableapps.com)and prepare a USB Flash Drive with the latest version of firefox.  This will give you the option to "carry the application with you" and use it on any Windows machine.  Also all your browsing history will be stored on your USB Flash Drive and leave no remnants on the computer. However be aware that any digital certificates are stored on the computer and will need to be deleted  A little education on how to identify a phishing site is the best form of protection, take a short quiz to see if you can recognise phishing websites and see if you can tell between a genuine site and a phishing site.  After the quiz you will be well aware of how to spot a phishing site and ensure safety of your online identity.

Network Sniffer - Most popular sites are secure as they protect credentials (user id and password) by encrypting them.  However you should be mindful about the typical surfing habits  performed in cyber cafe's. The messages on Email and Instant Messaging are not secure by default.  Messages sent and received are not encrypted and can be captured by the Network Sniffer, if installed on the internet cafe computer.  Do not send emails or messages by instant messenger which contain sensitive information.  If you need to send a sensitive message, consider using a browser which utilises the "Tor anonymity network" (a technology to maintains anonymity).  The Tor project are now offering a portable browse built upon firefox. This offering is knows as the Tor Browser Bundle and can be downloaded from the link previous. The Tor Bundle is a free which can be run off a USB flash memory.  The Tor network is rather slow, however it will ensure your session is encrypted and the Sniffer in the cyber cafe rendered useless.  Be aware that there are Tor Browser Bundle has limitations such as flash video and javascript are disabled and do not work.  This may result in certain websites not functioning.  So it may be better to fire up Tor Browser Bundle when you need to send something sensitive or keep your anonymity in the internet cafe.  On-line Banking on the other hand is quite secure as your session is normally encrypted (provided the machine has not been compromised (e.g modified hosts file) to redirect the online banking requests to a phishing site)or your credentials stolen by a keylogger trojan.

Keyloggers   There are various approaches that you can take to protect against keyloggers.  There are suggestions on other websites that using virtual keyboards or cut and paste methods can bypass the keyloggers.  The author has tested a few virtual keyboards that are marketed as offering protection against keyloggers, however the the keystrokes have been captured. Virtual keyboards certainly offer protection to hardware keyloggers, however sophisticated software keyloggers, sometimes installed as spyware / trojans can capture input from 'cut and paste' and virtual keyboard keypresses.  The video below illustrates logging in to an email account where the password is being captured by the keylogger.



pragmatic solution to defeat keyloggers is provided in the link previous is illustrated below amongst the many solutions to counter keyloggers, whilst not fool-proof it becomes difficult for the hacker to work out the credentials.

If the technique illustrated in the link above is too cumbersome, the author has tested the Safekeys virtual keyboard (again a portable app) againt 3 market leading keyloggers and this has evaded them all.  The Safekeys virtual keyboard also has various options to counter shoulder surfing (switching keyboard layouts, hiding the mouse cursor over the virtual keys.

Other general tips are:

  • As you  are advised (by websites like the FCO and / fellow travellers) to store personal information on your email, which could be useful if are in a crisis. (For example: a copy of your itinerary, passport details, travellers cheque numbers and other personal information), it would be a good idea to zip up the documents into an archive (using a free tool like 7-zip -  again a portable application) and encrypt the archive with a password.  This will protect you whilst sending the mail to your family in a cyber cafe (useless to the sniffer), or if your email is compromised, that hacker will not be able to access the sensitive information.
  • Close down your browser when you are finished using it and clear your history, cookies etc. Even better use the portable apps version of firefox or portable chrome, that way all your history etc is stored on your USB flash drive and there is nothing to delete. However you may want to delete any digital certificates stored on the computer.
  • If you have opened up a file from your email that contains sensitive information and that file is temporarily stored on a cyber cafe computer, delete the file using a utility called Eraser (a portable application).  When you normally delete a file, it simply deletes the index that references the file and not the file off disk.  A hacker can run some undelete tool to and restore this file.  Using eraser you will delete the index and the data, making it impossible for the file to be resurrected.
  • After you have finished your web session run the portable app CCleaner.  This will clean up all remnants of your internet across all the popular web browsers.
  • Give preference to Internet Cafe's where the machines appear to be locked down (i.e. you are unable to install software, or unable to access administrative tools such as control panel applets)
  • Never click on the 'save password' or 'remember me' options if prompted by websites
  • Do the obvious checks when you are entering your credential, look as the address bar and ensure it begins with HTTPS: also check for the Padlock and verify the certificate (normally by double clicking the padlock) and make sure the certificate is issued by trusted public certificate root authority such as Verisign.  If you are prompted to install a certificate or the certificate is not trusted, do not proceed.
  • Use a personal laptop or netbook (Netbooks are more practical due to their inexpensive cost, portability, battery life  and weight whilst travelling) at cyber cafe's.  This will eliminate the risk of using a compromised workstation and significantly de-risk the danger in using public internet facilities.
  • Type the HTTPS URL in the address bar of the internet service you require, so instead of using http://www.hotmail.com, use https://login.live.com.  Learn the HTTPS urls for all the sites you access and type them directly into the address bar of the browser.  This will circumvent the SSL strip exploit (a man in the middle attack that is used to extract credentials, testing in the authors lab confirmed that hotmail, yahoo, gmail, facebook, ebuyer, paypal were all susceptible to the SSL stip exploit.  The author discovered all credentials were extracted in the previously mentioned web services.




Hopefully armed with these safety tips will minimise your chances of being hacked and should maintain your cyber cafe safety / internet cafe safety.  For further general safety tips for keeping yourself safe online visit Get Safe Online.

                         Banner for Get Safe Online