How gullible are IT pros when free Internet access is offered? Very, according to a report this week.

The chairman of the youth wing of the Swedish Pirate Party claims he successfully fooled attendees at a major Swedish security and defence conference into connecting to an open Wi-Fi network that he controlled as a way to protest mass digital surveillance, reports Ars Technica.

It was pretty obvious the network wasn’t secure — it was called “Open Guest” — but that didn’t stop people from logging in and cruising the Internet. Given that it was a security conference, you’d think that attendees would have been more cautious. But I suppose these days everyone wants Internet access wherever they go. So it’s not surprising that  some people were foolish enough to log into their email and even a government mail server.

Security pros, politicians and reporters should know not to log into sites like these if they aren’t secure. Snoopers can snatch passwords and after that anything goes. One wonders where all that awareness training goes. There’s lots of evidence that logs can show a much about a person.

On the other hand, there may be less here to be worried about than is obvious.

The activist,  Gustav Nipe, is quoted as triumphantly claiming his group was spying on security people in exactly the way intelligence agencies spy on the general populace. Sort of giving them a dose of their own medicine.

And indeed, Nipe says there was a lot of metadata his group captured. Still, what was also admitted is that a number of people were doing perfectly secure things like going to public Web sites and monitoring eBay auctions — fine as long as they didn’t log into eBay.

Unsecure wireless networks aren’t poison, but they do have to be watched for and used with caution. Some at that conference should have known better and threw caution to the wind.

  • Beeeerock

    “So it’s not surprising that some people were foolish enough to log into their email and even a government mail server.”

    Maybe I’m missing something… how is https (we have to assume!) over an open wifi network any less secure than https sniffed anywhere else on the Internet?

    If the bad guy was offering the wifi but provided an encryption key, he could just sniff it over the LAN connection. The lack of wifi encryption only prevents others in the room, without control of the access point, to do some sniffing.

    I’m not seeing how this is big news…!

    • Beeeerock

      Typo: ‘The lack of wifi encryption only ALLOWS other in the room…”