BolehVPN

I Love Free Wifi, But So Do Hackers

January 12th, 2016

danger free wifi KATV

Most people are aware that free public Wifi can be unsafe for anyone looking for secure online surfing. Personally, having to resort to connect to a public Wifi leaves me with a somewhat grimy feeling, akin to using a public washroom. (Or is it just me?) However, upon having a conversation with a few older relatives during recent travels, they seemed completely unaware that there was even such a possibility for hackers, and that private information could be compromised over public Wifi. Like many others, they were eager to jump onto any free hotel, airport or café Wifi without much second thought, especially when travelling abroad.

 

Londoners agreed to give up firstborn child for free Wifi

Even for individuals who are somewhat aware of the dangers of public Wifi hotspots, still find the lure of free Wifi hard to resist, especially with the extortionate roaming charges overseas from our telecommunication providers. So much so that one experiment from Cyber Security Research Institute showed exactly how prevalent public ignorance of security issues can be with regards to Wifi usage, and how quick people can be to click “I Agree” for the sake of free Wifi.

The social experiment saw Londoners unknowingly agreeing to sign away their first-born child in exchange for a free Wi-Fi connection. Before they were granted access to the free Wi-Fi, a list of terms and conditions they should agree to included the false clause, promising free WiFi, if ‘the recipient agreed to assign their first born child to us for the duration of eternity.’

 

The true dangers of public Wifi

Although the idea of anyone signing away their kids for free Wifi seems laughable and you probably may be thinking “That will never happen to me”, there is a certain degree of risk every time we decide to access public Wifi.

When CBS4’s David Sutta invited a group of hackers called HackMiami to demonstrate exactly how hackers are using free Wifi to steal information, it was clear how easy the whole process was. In fact, the cost of the process was considered ‘cheap’, required little education and literally took seconds.

Text of emails, content of text messages, email addresses of the sender and recipient, passwords, usernames, private photos even on SD cards; these are all fair game for anyone with the knowhow and at the stroke of a few keys.

 

How do they do it?

As explained by the folks at Norton, Wifi uses radio waves. The openness of these signals at public hotspots, combined with the right eavesdropping software, can allow the hackers to gain access to your information without your knowledge, very much like someone overhearing a private conversation in a crowded restaurant. Because your data is being sent through radio waves to a router, it can easily be intercepted by someone given the right tools and knowledge.

img_wifi_hidden_dangers_norton

Source: Norton

 

Two common ways it’s done

1) Software. Hacking software called “sniffer software” is a typical method of choice among hackers to intercept data as it is transmitted over a network. After using such software to intercept signals, hackers can see everything from any screen any of any of the users sharing the same public Wifi. Hackers would then be able to look at traffic traveling to and from a wireless router to extract important information.

2) Rogue Wifi hotspots. This method is considered so easy to be taken advantage of that in one hacking demo a 7-year-old kid was able to break into a public network in under 11 minutes after watching a couple of online tutorials. This popular method is often carried out in areas where large numbers of users are likely searching for a connection. Hackers would set up rogue Wifi hotspots with generic names or names to mimic the area they are operating in (for example, setting up a rogue hotspot named “Starbucks Free Wifi” in the vicinity of a Starbucks coffee shop.

ITV

Betsy Davies (age 7) watched an online tutorial before successfully managing to hack the public network within 11 minutes of setting up a rogue access point. (Source: ITV)

 

Tips when accessing public Wifi

– Check if the public Wifi network you are accessing is genuine by confirming the name of the network with a staff on-hand.

– Restrain from accessing sensitive information over the public Wifi. Performing banking or financial transactions should be a big No-No when one is doing it over unsecured free Wifi spots. Keep the visiting of such sites until you are back on a secure, private network.

– Turn on the Wifi only when you it. Even if you may not have actively connected to a network, the Wifi hardware in your device is still transmitting data between any networks within range. If you are only using your laptop to perform offline work such as writing a Word or Excel Document, it is advisable to keep your Wifi off.

– A Virtual Private Network (VPN) comes in handy for times like these. Even if a hacker manages to intercept your connection, under a VPN your data extracted will be strongly encrypted, making it a lengthy process for the hacker to decrypt.

– Upon leaving a public network, be sure to ask your device to ‘forget the network’. Do not just log off so that in the future your device will not automatically log onto the network whenever it is in range.

 

For further reading, check out this pretty scary article on how one hacker accessed a café’s public Wifi, and how in 20 minutes knew where everyone else was born, what schools they attended, and the last five things they Googled. You may never want to connect to free Wifi again!

 

Sources

[1] CBN News

[2] CBS Miami

[3] Dell

[4] Kaspersky

China Extends Its Control with the Passing of First Ever Anti-Terrorism Law

January 9th, 2016

daily beast

Source: The Daily Beast

China; the country notoriously known for ruling its web with an iron fist. The Communist Party in charge of the country has constructed The Great Firewall (aka. Great Firewall of China) to keep tight control over what information Chinese internet users may post and access. It may not come as a surprise when China was ranked last out of 65 nations in terms of internet freedom during the 2015 annual study by American pro-democracy group, Freedom House. However, according to researchers at the Berkman Center for Internet and Society at Harvard University and stated by CNN, only about 1 to 3% of Chinese Internet users regularly jump the Firewall to browse the open Internet. Seeing that at 667 million netizens, China has the world’s largest population of internet users, but they are only able to access the small portion of the web they have been granted permission to. Among the prominent websites currently blocked are Facebook, Twitter, YouTube, Instagram, the New York Times and Bloomberg, sites that many of us could not imagine going without on a daily basis, while the only way for China’s netizens to access them is by using a virtual private network (VPN), an external server.

 

The walls are getting higher

In a country where its central internet regulator, the Cyberspace Administration of China (CAC), makes it no secret that they vow to make the views of the ruling Communist Party the “strongest voice in cyberspace”, following a two-day meeting the agency also said a priority this year would be “using Chinese views, Chinese plans to lead to a transformation in the governance system of the Internet globally”.

Here comes the latest law in addition to the China’s efforts to strengthen its tightening grip on the net: the new counter-terrorism law just passed this past 27th December 2015 which has already taken effect on 1st January 2016.

The new legislation which requires the setting up of a state-level leading group on counterterrorism also calls for governments of at least city level to set up affiliated agencies. China’s first-ever counter-terrorism bill requires technology firms to provide information to the government obtained from their products and by assisting to decrypt any information if the need arises, although the law does not demand tech firms to install security backdoors as initially drafted. Moreover, it allows the military to venture overseas to conduct counter-terror operations, provided approval is granted by the foreign country in question, which could well lay the groundwork for future military initiatives as China continues to expand its capabilities.

 

Overly broad breadth of scope

Critics argue that the content of the new law is extremely broad, generic and so vague that it would be open to misuse. The legislation recognises “terrorism” to be defined as:

“Any proposition or activity – that, by means of violence, sabotage or threat, generates social panic, undermines public security, infringes on personal and property rights, and menaces government organs and international organizations – with the aim to realize certain political and ideological purposes.”

Thus, this has been the definition opted by China’s government when they may choose to investigate terrorist threats and plots, using a new counterterrorism leading group and national intelligence center designed to streamline anti-terror work. The new law targets the organisation, planning, preparation and implementation of terrorist acts, which have caused or are intended to cause casualties and significant damage to property or public facilities.

 

What it means for telcos & ISPs

The law implies to telecommunication and internet service providers (ISPs) that they are required to assist public security bureaus and national security authorities in any technical support, monitoring and reporting, including technological interface and decryption, all under the premise of preventing and investigating terrorism activities. Hence, it not only bequeaths the state such vast access to sensitive commercial data, but will encumber tech companies operating in China as well as possibly affect Chinese companies trying to enter foreign markets.

Telecommunications operators and ISPs have been saddled with the legal responsibility of ensuring that content generated by terrorists are not made available on their network or else they are bound to face legal action. The companies are advised to take security measures and adopt monitoring mechanisms to identify terrorism and extremism information which would require the companies to immediately stop the transmission of extremism information, retain the records as evidence, delete such information, and report the incident to the public security authority or other relevant government authorities. However, critics argue that the law’s cyber provisions may be used against service providers for the purposes of forcing them to comply with Chinese law and to give access to information.

 

Decryption & access to sensitive data

Rather than curbing domestic and international terrorism, some analysts believe that the purpose of the bill is aimed more at control of the Chinese population. In fact, China are so obsessed about security and counter-terrorism that the country is dedicating its first anti-terrorism university which would award Masters degrees and Doctorates in anti-terrorism studies in the region of Xinjiang.

Nevertheless, the law has attracted deep concern in Western capitals, because it could violate human rights such as freedom of speech and expression, with even the US President Barack Obama expressed worry about the law directly with Chinese President Xi Jinping, and raised his concern to Reuters that tech companies may not go along with the intrusive demands laid out.

Peter Nicholson

Source: Peter Nicholson

Under the law, coverage of terrorist attacks and government anti-terror efforts in the media are restricted, including a provision that media and social media cannot report on details of terror activities that might lead to imitation, nor show scenes that are “cruel and inhuman”. Although under the premise of a first ever counterterrorism law, many do believe it is just the latest expansion of China’s authoritative powers under President Xi Jinping.

“While the Chinese authorities do have a legitimate duty in safeguarding their citizens from violent attacks, passing this law will have some negative repercussions for human rights. Essentially, this law could give the authorities even more tools in censoring unwelcome information and crafting their own narrative in how the ‘war on terror’ is being waged,” William Nee, researcher on China for Amnesty International.

 

Sources

[1] South China Morning Post

[2] The Diplomat

[3] The Huffington Post

[4] New York Times

[5] The Irish Times

Possible Updates on GEO DNS Servers

January 7th, 2016

Dear Bolehians,

Through feedback from you guys and our routine trials and checks, we are currently looking at fixing our GEO DNS servers in efforts to continuously improve your experience with BolehVPN.

Thank you for all your feedback along the way. :)

Italy & Japan Back Online

January 6th, 2016

Dear Bolehians,

Our Italy and Japan servers are back online and operational. Thanks for waiting it out. :)

Italy & Japan Servers Temporarily Offline

January 6th, 2016

Dear Bolehians,

Our Italy and Japan servers will be offline for the next 24 hours or so as we are currently undergoing maintenance and reconfigurations. Thanks for your patience, guys!

patience yoda