Cyber Cafe Safety
Internet Cafe Safety Exploits and TipsCyber cafe safety / Internet cafe safety is often overlooked. Cyber cafe's are often a convenient way to keep in touch with family and friends, update blogs, pay bills etc. However because Internet cafe's are public by nature they are extremely vulnerable to being hacked. This does not only apply to cyber cafe's, but to all public internet provisions commonly used by travellers on their round the world trip, and normal folk alike. Public internet locations such as Hotel / Hostel internet facilities etc are locations that are just as, or more vulnerable then cyber cafes. This article will seek to educate you to the commonly used tricks that are used to exploit cyber cafe's and public internet facilities. Practical advice to ensure your cyber safety (i.e. your online id is safe and not compromised) will be discussed.
Computers at public places such as internet cafe's can be a great place for hackers to glean sensitive information when you use the internet. This section will highlight how this is possibly done and offer practical counter measures and safety tips to minimise the risk.
So how are hackers able to glean this information in cyber cafes?
This requires understanding identity theft occurs, see below:
There are 2 main attacks surfaces used by hackers, namely the workstation and the network.
Hackers normally look for internet cafe computers that are vulnerable. These are computers that are easy to manipulate as they are insecure (e.g dont have any anti virus software installed or updated, not locked down (admin access to all who use the machine) etc.). This allows Hackers to:
- Install Keyloggers - (Software / hardware which captures all your keystrokes that you type on a cyber cafe computer). For example when logging into your email, the Keylogger captures the keystrokes typed upon entering your login details. The hacker can install a keylogger on a internet cafe machines. The hacker can then visit the cyber cafe computer or the keystroke data can be sent to the hackers remote terminal as depicted above. The keystroke data will then be analysed to determine credentials that have been typed. If the hacker works out credentials to log into email account, the hacker can search emails at leisure and collect sensitive information that could facilitate their criminal activities. You are advised (by websites like the FCO and / fellow travellers) to store personal information on your email, which could be useful if are in a crisis. (For example: a copy of your itinerary, passport details, travellers cheque numbers and other personal information). These details are also very useful to hackers for identity theft amongst other uses.
- Network sniffing software - (This is a piece of software that captures the network traffic coming to and from a computer - also known as packet capture). The hacker can install network sniffing software on a machine in a internet cafe. The hacker may also perform a man in the middle attack (MITM) which would redirect all internet traffic from the machine in the internet cafe through the hackers machines. The hacker would have network sniffing software installed on the hackers machine. The network sniffer will then capture data that is transmitted on the wire. For example if you fill out your login credentials on a site that is not encrypted, your login details can be read by the hacker via the sniffer capture files at a later time. When logging into a email account, the credentials are generally encrypted. Encrypted data and cannot be read by the sniffer, therefore the hacker cannot read the credentials. However, when reading and sending emails, the entire email, in some instances can be read by the hacker as these are generally sent and received unencrypted.
- Phishing scams - (The user is fooled into logging on to a fake site). This is commonly as a result of receiving a spam email (sometimes from what appears to be your bank, also the machines could be tampered with (hosts file) to direct your web request to false website etc) and you click on the link within the message. Once clicked you are directed to a website that looks identical to the real site. Logging on to a fake site will capture your login credentials enabling the hacker to have access to your account. These scams are typically spread by email, however the machine in the internet cafe can be exploited to redirect legitimate traffic to a phishing site. DNS poisoning is another way web site traffic can be redirected to a phishing website.
- Shoulder Surfing - When someone watches your keyboard in a internet cafe whilst logging into websites, thus they acquire your user and password.
These are just some of the risks that exist in Public internet facilities.
Now that you have an understanding of the types of "hacks" that take place, I will suggest a few safety tips / countermeasures that will reduce the risk of getting hacked. For one-stop-shop protection seriously consider purchasing a IronKey USB device. This should keep you safe and offer you more protection then the countermeasures produced below. The IronKey in addition to providing an effective countermeasure to the exploits discussed above, also provides password protected hardware encryption that facilitate the secure storage of sensitive data. The IronKey has won numerous awards amongst the security community and is widely trusted and used by US government agencies and fortune 500 companies. The countermeasures without the use of an IronKey are:
Shoulder Surfers - Nothing technical here, just good observation / awareness skills. Be aware of the people around you when typing in login details of any sort. If there are people in the cyber cafe watching you, cover the keyboard when logging in.
Phishing Scams - Use more up-to-date versions of a browser when using the internet in a cyber cafe as they have anti-Phishing measures built into them. How do you run a modern browser when the version installed in the internet cafe is old ? The options are to download and install it (which may not be possible due to restrictions), however a better way is to use portableapps (www.portableapps.com)and prepare a USB Flash Drive with the latest version of firefox. This will give you the option to "carry the application with you" and use it on any Windows machine. Also all your browsing history will be stored on your USB Flash Drive and leave no remnants on the computer. However be aware that any digital certificates are stored on the computer and will need to be deleted A little education on how to identify a phishing site is the best form of protection, take a short quiz to see if you can recognise phishing websites and see if you can tell between a genuine site and a phishing site. After the quiz you will be well aware of how to spot a phishing site and ensure safety of your online identity.
Keyloggers There are various approaches that you can take to protect against keyloggers. There are suggestions on other websites that using virtual keyboards or cut and paste methods can bypass the keyloggers. The author has tested a few virtual keyboards that are marketed as offering protection against keyloggers, however the the keystrokes have been captured. Virtual keyboards certainly offer protection to hardware keyloggers, however sophisticated software keyloggers, sometimes installed as spyware / trojans can capture input from 'cut and paste' and virtual keyboard keypresses. The video below illustrates logging in to an email account where the password is being captured by the keylogger.
A pragmatic solution to defeat keyloggers is provided in the link previous is illustrated below amongst the many solutions to counter keyloggers, whilst not fool-proof it becomes difficult for the hacker to work out the credentials.
If the technique illustrated in the link above is too
cumbersome, the author has tested the Safekeys virtual keyboard (again
a portable app) againt 3 market leading keyloggers and this has evaded
them all. The Safekeys virtual keyboard also has various options
to counter shoulder surfing (switching keyboard layouts, hiding the
mouse cursor over the virtual keys.
Other general tips are:
- As you are advised (by websites like the FCO and / fellow travellers) to store personal information on your email, which could be useful if are in a crisis. (For example: a copy of your itinerary, passport details, travellers cheque numbers and other personal information), it would be a good idea to zip up the documents into an archive (using a free tool like 7-zip - again a portable application) and encrypt the archive with a password. This will protect you whilst sending the mail to your family in a cyber cafe (useless to the sniffer), or if your email is compromised, that hacker will not be able to access the sensitive information.
- Close down your browser when you are finished using it and clear your history, cookies etc. Even better use the portable apps version of firefox or portable chrome, that way all your history etc is stored on your USB flash drive and there is nothing to delete. However you may want to delete any digital certificates stored on the computer.
- If you have opened up a file from your email that contains
sensitive information and that file is temporarily stored on a cyber
cafe computer, delete the file using a utility called Eraser (a
portable application). When you normally delete a file, it simply
deletes the index that references the file and not the file off
disk. A hacker can run some undelete tool to and restore this
file. Using eraser you will delete the index and the data,
making it impossible for the file to be resurrected.
- After you have finished your web session run the portable app
CCleaner. This will clean up all remnants of your internet across
all the popular web browsers.
- Give preference to Internet Cafe's where the machines appear
to be locked down (i.e. you are unable to install software, or unable
to access administrative tools such as control panel applets)
- Never click on the 'save password' or 'remember me' options if prompted by websites
- Do the obvious checks when you are entering your credential, look
as the address bar and ensure it begins with HTTPS: also check for the
Padlock and verify the certificate (normally by double clicking the
padlock) and make sure the certificate is issued by trusted public
certificate root authority such as Verisign. If you are prompted
to install a certificate or the certificate is not trusted, do not
- Use a personal laptop or netbook (Netbooks are more practical due
to their inexpensive cost, portability, battery life and weight
whilst travelling) at cyber cafe's. This will eliminate the risk
of using a compromised workstation and significantly de-risk the danger
in using public internet facilities.
- Type the HTTPS URL in the address bar of the internet service you
require, so instead of using http://www.hotmail.com, use
https://login.live.com. Learn the HTTPS urls for all the sites
you access and type them directly into the address bar of the
browser. This will circumvent the SSL strip exploit (a man in the
middle attack that is used to extract credentials, testing in the
authors lab confirmed that hotmail, yahoo, gmail, facebook, ebuyer,
paypal were all susceptible to the SSL stip exploit. The author
discovered all credentials were extracted in the previously mentioned
Hopefully armed with these safety tips will minimise your chances of being hacked and should maintain your cyber cafe safety / internet cafe safety. For further general safety tips for keeping yourself safe online visit Get Safe Online.