Simple Rogue WiFi Hotspot Captures High Profile Data

jones_supa writes Gustav Nipe, president of Sweden's Pirate Party's youth wing, was successful with somewhat trivial social engineering experiment in the area of the Sälen security conference. He set up a WiFi hotspot named "Öppen Gäst" ("Open Guest") without any kind of encryption. What do you know, a large amount of unsuspecting high profile guests associate with the network. Nipe says he was able to track which sites people visited as well as the emails and text messages of around 100 delegates, including politicians and journalists as well as security experts. He says that he won't be revealing which sites were visited by specific experts, as the point was just to draw attention to the issue of rogue network monitoring. The stunt has already sparked criticism in Swedish newspapers and on social media, with some angry comments saying that Nipe breached Sweden's Personal Data Act.

dupe

[Kunedog]

still on the first page
http://mobile.slashdot.org/sto...

some things for any judge to consider

[ihtoit]

An open network connection at a security conference. That's either a honeypot or a freebie. Were it me, I'd assume the latter, but I wouldn't be doing my online banking through it. If I were an attendee, I'd know better.
If he's guilty of providing free internet service then people the world over who open their wifi connections are also guilty. I say, and cue the flaming for this, that data security starts and ends with the owner of the data. Take some fucking responsibility for yourself instead of relying on a Government that doesn't give a fuck about you, to do it for you. If anybody should be prosecuted for leaking data in clear text through an unencrypted radio stream (he was literally the guy on the next bench listening in on a shouted conversation, here!), then it should be the administrators of the websites that were visited for not using properly secured data channels such as SSL, endpoint encryption, tunnelling or whatever.

Re: well

[Zontar+The+Mindless]

I always steal a car before informing people about their lord and savior Jebus Christ.

The Sub-Genii have been doing that for years.

Re:You want to protect your data?

[fuzzyfuzzyfungus]

What's wrong with that? Whenever I use an open hotspot, I *assume* the worst... if I can ssh to https into whatever, so what?

If I don't care about stuff, (e.g. reading cnn.com, for example), then who cares if it's encrypted or not?

Stunts like this scare people into not using/providing open internet access... I'd rather we have *more* open wifis (monitor whatever you want out of them), just have them be all over whenever I need them.

I largely agree with you, open hotspots are excessively demonized(both 'if you touch one you'll get cyber-syphilis!' and 'if you operate one pedophiles will smell it from miles away and you'll go to jail forever!'); but they can be dangerous, and people frequently don't take enough precautions.

Awareness of VPNs is actually pretty high, all things considered; but mostly for the purposes of getting Netflix in foreignistan, or getting to facebook at school/work. This tends to mean that even people who know about, and use, them typically don't ensure that all chatter from their computer(unless you are very careful, that's often a lot, from all sorts of updaters, autodiscovery agents, and annoying background processes) goes over the VPN, since their use of VPNs is all about ensuring that a specific, normally blocked, bit of traffic makes it out alive, rather than ensuring that no traffic leaks locally.

The area I would argue with you about is 'unimportant' HTTP: Do I care that somebody knows I visited CNN? No. However, if I make an HTTP connection, do I have the slightest assurance that I'm actually visiting CNN, rather than 'CNN, plus some rewrites that add a suite of common browser exploits'? Not so much. That can, and does, happen even on a trusted connection, through sites being hacked or ad network fuckery; but adding another party who can trivially rewrite the site with god-knows-what isn't really something you want.

If you have a proper VPN, with all traffic either heading over it or blocked before it leaves your system, though, all good.