In an incredibly connected world, it’s easy to feel as if the Internet is safe and accessible no matter where you are in the world. To a large extent, you can go online using computers in cyber cafes and hotel lobbies in nearly every country, but there are risks in doing so.
If you understand how your information can be compromised and take steps to counter those threats, however, you can safely log on to your most sensitive accounts from anywhere in the world.
Here are the three most serious threats facing travelers when they go online, and what to do about them.
Internet Security Threats to Travelers
The easiest way someone can learn your passwords is by recording your keystrokes on their computer, also known as keylogging. Keyloggers are freely available, easy to install, and can be nearly undetectable. Even if you had the time and skill to scan a public computer’s hard drive before using it, your efforts would be ineffective against a keylogger that might be installed in the keyboard itself. Criminals can even install a hidden camera that simply records your keystrokes while you are typing and have the private information emailed to them. If you are using a computer that does not belong to you, proceed under the assumption that every keystroke may be recorded.
How to Defeat Keyloggers
There are two ways to counter these devices. The first is simply to use your own computer at all times. Considering the size and price of netbooks, tablets, and other Internet devices, it is no longer impractical to own a small inexpensive computer that you use only for traveling. Even then, you should use a power-on password – a set-up that makes you enter a password when booting up the computer – to limit a thief’s access. As long as you can ensure that no one else can use your computer or is watching you type, your communications cannot be intercepted at the keystroke level.
The other method of defeating keyloggers is to ensure that you only gain access to your accounts with multi-factor authentication that changes each time you log in. For example, having to enter a user name and password is considered single-factor authentication. If you then must submit your mother’s maiden name, that would be multi-factor authentication (though even that extra step could be compromised by a keylogger nonetheless). To truly defeat this threat, you should use a system that asks you to provide a code that can only be used once. Unfortunately, most sites do not feature that level of authentication.
Some banks and corporations, however, do issue electronic cards with display codes that change over time. In that way, each code is only used once. The Google Gmail system now offers a level of security that sends verification codes to your cell phone each time you log in from a different machine. If you are a Gmail user, you have to activate this feature called two-step authentication. Under this system, you can also travel with single-use backup verification codes in case you can’t receive cell phone service. If your email system, bank account, or any other important site you visit does not offer a multi-factor authentication method that changes each time you log in, you should never access those accounts from a public computer.
2. Packet Analyzer
If you think of your Internet traffic like letters sent through the post office, a packet analyzer would be like an X-ray device that could see though your envelopes and read your letters without opening them. While a keylogger could be installed by any kid who has access to a public computer, employing a packet analyzer is a more sophisticated attack. These analyzers will essentially intercept all the traffic crossing over a network in the form of packets, or units of data, and break them down into a readable format so the perpetrator can retrieve seemingly secure personal information.
Countering Packet Analyzers
The only way to defeat an attacker who can see into your digital traffic is to have that traffic encrypted. Fortunately, this is a standard feature on most websites that ask for a password. To determine if the website you are visiting is encrypted, examine the address. Sites that begin with “https://” are encrypted, and sites that are just plain “http://” are not. The inclusion of the letter “s,” for “secure,” is the key.
Some sites, such as Google’s home page and even their Gmail, can be accessed either way. To protect against packet analyzers, make sure to access only the encrypted site. Also, ensure any WiFi connection you use is encrypted as well by examining the connection properties.
Finally, many companies provide their employees with a Virtual Private Network (VPN) system that also encrypts transmitted information and enables its employees to safely access specific websites while away from home and work.
3. Email Hacks
During the 2008 Presidential campaign, a college student was able to access Sarah Palin’s Yahoo email account by resetting her password. To reset her password, Yahoo asked for personal information about the candidate that had since become publicly available on the Internet. With the advent of social media, facts about your life that were once fairly private can now be found in seconds with a Google search even if you are not a candidate for public office. Your place of birth, your mother’s maiden name, and the high school you attended can probably be found on places such as Facebook or even a genealogy website used by a good-intentioned family member.
Once your email is compromised, a malicious hacker could email everyone in your address book with an invented story about how you have lost your wallet while traveling and need some cash wired to you as a favor. Since you are indeed traveling, and the message comes from your actual account, your friends and relatives could easily be duped into wiring their money without your knowledge.
Avoiding Email Hacks
Go into your email and your banking systems and ensure that the corroborating personal information necessary for a password reset is completely confidential. If there is any doubt, come up with a counter-factual alternative. For example, your mother’s maiden name could be listed as that of an obscure character from your favorite book or movie. Finally, when you let your family and friends know that you will be traveling, advise them that they should never send money to you without speaking with you on the telephone or being told something that only you two would know.
The Internet is an incredible tool for worldwide communication, but it is still the electronic equivalent of the wild west. As cool as it is to access your bank statements from a lodge deep in the jungle, it is terrifying to contemplate returning home to find that your account has been emptied. When accessing sensitive information away from home, your best bet will always be to use your own computer, ensure that your connections are encrypted, and be very careful about the personal information that you use for authentication.
Do you access your personal accounts when traveling? If so, what security measures do you take to prevent hackers and thieves from breaking in?