Watch for packet sniffers, over-the-shoulder threats
4/2/2005Mention online theft of personal information, and people think of credit card numbers and passwords stolen during transactions over the Internet.
Over-the-shoulder theft of personal information, however, may be a bigger risk, according to computer security experts. They even have a term for this low-tech but highly effective ploy: Shoulder surfing.
Online theft is a major threat, especially with the growing use of wireless networks those Wi-Fi hot spots in homes, offices, cafes, airports, hotels, and other places.
Wireless Fidelity transmits an Internet connection over radio waves. Anyone with a wireless-ready computer, smart cell phone, or personal digital assistant can receive the signals and use the Internet without connecting any wires.
Crooks with packet sniffers also can intercept passwords, user IDs, and other private information sent through the air.
Packet sniffers are programs or devices that work like a wiretap.
Information goes from one computer to another in units termed packets. Wireless packet sniffers scoop up all the available packets zipping through the air, including packets containing personal information.
Many safeguards protect against such theft.
Almost all banking and other financial services sites, for instance, use secure servers that make online transactions from Wi-Fi hot spots in public places very safe. Many online merchants also have secure sites. Some e-mail providers offer SSL or other secure connections that prevent interception of e-mail messages. Newer computers have firewalls and other protections turned on.
People who often use public wireless connections should take advantage of the available safeguards. Individuals with home wireless networks especially those living in apartment buildings should do the same. Those wireless signals can pass through walls and doors into the hands of neighbors and strangers.
Watch for a future column on this topic.
Shoulder surfing is much easier than packet sniffing. It involves simply peeking over an unsuspecting person s shoulder while they type characters, or check a written password/PIN list.
There are older variations on shoulder surfing, which involve stealing telephone credit card numbers and PINs for automatic teller machines (ATMs). Lines at ATMs leave a few extra feet of space behind the person at the keyboard as a safeguard against shoulder surfing.
Crowded, busy places like Internet cafes and airport departure areas are high-risk zones for computer shoulder surfing. People using computers in these places often try to block out the hubbub by focusing on their work.
Under those circumstances, it can be easy to overlook snoops even someone standing right behind you with a direct view of your keyboard. Shoulder surfers also may work from a distance, using binoculars or a low-power telescope.
To prevent shoulder surfing, experts recommend using a cupped hand or your body to shield the keyboard from view. In addition, be aware of people nearby. If someone seems to be glancing at your screen, move or ask the person to stop.
Mind your own Wi-Fi manners, too, and keep your eyes on your own screen.