Editor's Note: This is the latest in a series of analyses from STRATFOR on personal security issues. In an Aug. 10 analysis, "Safeguarding Personal Information in the Wireless Age," STRATFOR discussed the fact that wireless communication, though convenient, brings with it a threat to privacy. Although there is no way to completely guard against electronic eavesdroppers, steps can be taken to minimize the risk. Even in the physical world, snoopers can steal and read the private mail of others. They also can steal briefcases, tap phones and bug offices. These types of activities, however, are much more invasive, require more effort and leave more evidence than wireless snooping. Because wireless communication involves broadcasting information over a radio signal, wireless snooping can be done from a distance, is very non-invasive and almost effortless. Take as a simple example the case of a person sitting in a Starbucks reading a business document or a private letter. Someone would have to look right over that person's shoulder in order to discover its contents, which of course would not go unnoticed. Were the person reading that same document or letter in an unencrypted e-mail message, someone sitting all the way across the shop could read the letter — and no one would be the wiser. Our Aug. 10 article discussed vulnerabilities in the use of analog cellular and cordless phones. Quite frankly, those who do not want the entire world to be able to listen into their conversations should get rid of their analog cell and cordless phones. Also, if their cellular provider does not have a 100 percent digital network — there most often is a "D" on the phone's screen that shows a phone is operating on a digital network — one must assume that anyone can listen in. Even digital phones can be compromised, but the eavesdroppers must be determined professionals. The measures required to secure a wireless data network depend on whether the hookup is a personal or a public one. Networks in the home or office should be made as secure as possible — keeping in mind that no network or PC connected to the Internet can ever be considered totally secure. Wireless networks share the same vulnerabilities as hardwire networks — meaning all those vulnerabilities must be addressed as well. Some users may find it useful to consult an IT professional, although there are a few simple steps one can take to harden his or her personal system:
Turn off SSID broadcasting. By default, wireless routers will broadcast the name of a person's network. The owner knows the network is there and they have its name, so it is not necessary to broadcast it for the word to see.
Use encryption. WEP and even the newer WPA encryption can be hacked, but it will be one more obstacle for hackers to get past before getting into a network. Good password protocols also must be followed.
Enable the firewalls on routers and PCs. There are also some very good commercial firewall programs that help protect networks and computers, such as the firewall that comes free with Microsoft's Windows XP. Also, just like on hardwire network, security patches must be downloaded, and the computers must have updated anti-virus and anti-spyware software installed and activated.
Reduce broadcast strength. The signal only needs to be able to reach the area or areas where a person works on his or her computer. Reducing the signal strength reduces the chance of someone from the outside, such as a hacker, getting a strong enough signal to connect to the network. Wireless network hookups in airports, hotels and coffee shops have their own vulnerabilities. A person going to stratfor.com or looking up baseball scores on an unsecured public network is not facing a high security risk. Those who are working with sensitive information or reading private e-mail, however, should use encryption to protect their privacy. Many corporate users use VPN (virtual private network) technology on all their laptops, which provides a secure shell around all the data on their Internet connections. Those who do not have VPN can protect their privacy by using a Web e-mail provider that uses SSL (secure socket layer) encryption. A padlock icon in the bottom right corner of a browser window and usually an https at the beginning of the Web address indicate the data is being encrypted. Several companies offer SSL-encrypted Web e-mail — some for free. Bluetooth-enabled devices, such as PDAs and cell phones, also are vulnerable to information theft. It is not uncommon to find people in public places with their Bluetooth devices set to "discoverable" and their security protocols set so low that one can "pair" his or her device to theirs and read their files without them knowing it. With a cell phone, the snooper might only be able to access a person's address book and call logs. PDAs, however, often contain much more sensitive information — such as social security numbers, passwords, bank and credit card account and PIN numbers, for example — that can be ripe for the taking. The best defense against information theft from a PDA is not to enter sensitive information into such a device in the first place. If the information must be readily accessible in a PDA, the device should be set to the non-discoverable state, and turned back to discoverable only for transferring files. Even then, files should be exchanged only with a person one knows. For further protection, anti-virus software should be installed on a PDA, its operating system regularly updated with the latest security patches. Finally, it is important to take the time to read the owner's manual to learn how to turn the Bluetooth on and off, how to securely pair with other devices and how to adjust the security settings. There is no simple solution for protecting personal privacy in the wireless age. Those who take all the steps necessary to keep snoopers from peering over their electronic "shoulder," however, are far more secure than those who do not. When running from a bear, one need not run faster than the bear — just faster than the next person. Hackers often will go for the easiest mark.