By Paul Jordan Jr.
The Internet has provided people with quick and easy access to all types of information. Unfortunately, it may also be providing quick and easy access to its user”s personal information.
There seems to be a mentality among BYU students that their personal information is safe when they connect to an unsecured wireless network, including BYU”s wireless network, byuc0ug4rs.
Michael Bailey, assistant professor of information technology in the School of Technology, teaches a broadband communications course at BYU.
Bailey said although BYU”s wireless connection has improved its security, holes still exist.
“By default, communications between a client and an access point are unencrypted and can be easily intercepted and viewed by anyone,” he said.
BYU”s wireless connection is not encrypted. This allows anyone with a computer with wireless access to eavesdrop on a computer”s communication. This includes being able to view unsecured pages that are being viewed and capturing any user names and passwords that are entered over an unsecured site.
Bailey said he has always wanted to display what students in his classes were viewing on their laptops on the projection screen just to show how easy it is to hack into them.
Phishing is a practice among Internet hackers where a hacker reproduces a legitimate Web Site, such as the one that comes up to enter Route Y information. The intent of phishing is to fool users into thinking that they are on a trusted site and enter personal information. These sites look the same as their legitimate counterparts but allow their creators to view any information entered on the pages.
“It”s really easy to do,” Bailey said.
Although these hacker techniques are simple, there are also easy preventative measures.
There are certain sites on the Internet that will encrypt all data sent and received from them. The computer being used sends a coded message to a specific computer that knows how to decode the message. Only the computer that sends the message and the one intended to receive it know how to encode and decode the message. This makes it more difficult for hackers to intercept and view information being sent through the Internet.
“Both parties have secret information,” Bailey said.
If a site being viewed is encrypted, a small padlock will appear at the right side of the URL box. If the site is open in the Firefox browser, the entire URL box will turn a golden color. If the site is being viewed in Internet Explorer, the URL box will remain white but the padlock will appear to the right of the URL box.
The padlock also verifies that the site being viewed is not a reproduced version made by a hacker.
“That little padlock is your best defense,” Bailey said.
Route Y information entered into BYU”s home page is encrypted. However, not all pages where Route Y information is requested are encrypted. A link from BYU”s wellness page, wellness.byu.edu, requires users to enter Route Y information through an unencrypted page.
Route Y information entered through this page over BYU”s wireless network can be easily intercepted and recorded by anyone with access to the byuc0ug4rs connection.
Login information can be used to access routing numbers of BYU employees and even Blackboard. If the information belongs to a teacher”s assistant or professor, the information may even be used to change grades.
“If you connect to any unsecured wireless access point, you are vulnerable to anything,” said Dustin Hinton, a senior from St. George majoring in information technology.
Hinton said hackers can set up measures to monitor all of a computer”s traffic while it is connected to the unsecured network. While a hacker is monitoring computer activity, they can collect any passwords, logins or any other material put out over the net while a computer is connected.
“It”s just game over for anyone else who”s connected to [that network],” Hinton said. “They can do whatever they want to you.”
Hinton said people create unsecured networks for one of three reasons: They may not know what they are doing, they may not care that the network they are creating is unsecured or they are trying to steal information.
Not only is connecting to someone else”s unsecured network potentially dangerous, it may be illegal. The courts are not unified in their decisions and there is much controversy, but people have been prosecuted and fined for connecting to wireless networks that are not their own.
Some people see an unsecured network as in invitation to connect to the Internet, like a bench in a public park invites anyone to have a seat. Other people see the act as stealing bandwidth.
Even if the owner of the unsecured network is not stealing information, someone else can be doing it.
“Nowadays, it”s just not secure,” Hinton said.
The FTC suggests five key principles to safeguard information in “Protecting Personal Information: A Guide for Business.” These principles can also be applied to help individuals protect their own personal information. The FTC suggests that companies know the amount and type of personal information stored on a computer, keep only the information that is needed on a computer, protect the information that does need to be kept, properly dispose of what is not needed and know what to do if the information is stolen.