How gullible are IT pros when free Internet access is offered? Very, according to a report this week.
The chairman of the youth wing of the Swedish Pirate Party claims he successfully fooled attendees at a major Swedish security and defence conference into connecting to an open Wi-Fi network that he controlled as a way to protest mass digital surveillance, reports Ars Technica.
It was pretty obvious the network wasn’t secure — it was called “Open Guest” — but that didn’t stop people from logging in and cruising the Internet. Given that it was a security conference, you’d think that attendees would have been more cautious. But I suppose these days everyone wants Internet access wherever they go. So it’s not surprising that some people were foolish enough to log into their email and even a government mail server.
Security pros, politicians and reporters should know not to log into sites like these if they aren’t secure. Snoopers can snatch passwords and after that anything goes. One wonders where all that awareness training goes. There’s lots of evidence that logs can show a much about a person.
On the other hand, there may be less here to be worried about than is obvious.
The activist, Gustav Nipe, is quoted as triumphantly claiming his group was spying on security people in exactly the way intelligence agencies spy on the general populace. Sort of giving them a dose of their own medicine.
And indeed, Nipe says there was a lot of metadata his group captured. Still, what was also admitted is that a number of people were doing perfectly secure things like going to public Web sites and monitoring eBay auctions — fine as long as they didn’t log into eBay.
Unsecure wireless networks aren’t poison, but they do have to be watched for and used with caution. Some at that conference should have known better and threw caution to the wind.