F-Secure teamed up with penetration testing expert Mandalorian Security Services and the Cyber Security Research Institute to find out how easy it is to hack a politician.
The politicians, deliberately selected from the most powerful chambers in UK politics, were Rt. Hon. David Davis MP, Mary Honeyball MEP and Lord Strasburger. The exercise was carried out with the permission of the politicians who, despite holding important positions within the different parliaments, admitted that they had received no formal training or information about the relative ease with which computers can be breached while using public Wi-Fi – a service they all admitted to using regularly.
To underline the risk, an email was drafted by ethical hackers Mandalorian and left in Davis’ drafts folder destined for the national press, announcing his defection to UKIP. His PayPal account was then compromised, as it used the same username and password as his Gmail – a common habit.
“Well, it’s pretty horrifying, to be honest. What you have extracted was a very tough password, tougher than most people use. It’s certainly not ‘Password’,” said David.
Alarmingly, F-Secure explained that the password would have been broken no matter how strong it was. Public Wi-Fi is inherently insecure - usernames and passwords are shown in plain text in the back of a Wi-Fi access point, making them simple for a hacker to steal.
In the case of Lord Strasburger, a Voice over IP (VoIP) call he made from a hotel room was intercepted and recorded using technology freely available on the internet, and relatively easy to master.
Mary Honeyball MEP, who sits on the EU committee responsible for the ‘We Love Wi-Fi’ campaign, was browsing the internet in a café when the ethical hacker sent her a message seemingly from Facebook which invited her to log back into her account, as it had timed out. This was how she unwittingly gave her login credentials to the hacker, who then accessed her Facebook account.
Sean Sullivan, Security Advisor at F-Secure, has this advice for people using public Wi-Fi: “People shouldn’t be afraid to use public Wi-Fi – it’s a fantastic service. But they must understand that there are risks and it is their responsibility to protect themselves. This is simply done using a piece of software called a Virtual Private Network (or VPN).
“For phones and tablets, these are available as an app. Our Freedome VPN will encrypt all data travelling from the device to the network, meaning that the hacker will steal nothing of use. Simply turning it on gives you the best protection you can possibly have to stay safe over public Wi-Fi, so you can focus on what you’re doing instead of worrying about staying safe.
Image source: Shutterstock