Beware of new hacking tool on the loose

Posted: Updated:
By Alicia Barron By Alicia Barron

If you're among the many who take advantage of public WI-FI, we've got an alert. A new hacking tool is on the loose and the data doctor has a prescription to help maintain your privacy.

“Public WI-FI has always been kind of dangerous, but the people who would potentially hack you had to be pretty smart and really understand a high level of technology,” Data Doctors Ken Colburn said.

Well not anymore. A new hacking tool is letting anyone access other people's accounts from Facebook to Flickr. It's all happening in un-secured public WI-FI networks.

“I's like any want to be hacker can now install this tool and start monitoring what other people are doing,” Colburn said. “The tool is pre-designed to monitor things like Amazon, Facebook and Twitter. It’s a lot of very common places.

Colburn with Data Doctors says this tool can cause big problems just about anywhere from coffee shops to airports.

“The key is if it's not an https transmission, it's subject to being intercepted by this tool,” Colburn said.

To show just how vulnerable you can be, Colburn headed to Urban Beans in Phoenix. While this coffee shop has a secured public WI-FI network they pulled it down for our story.

“We have this tool running and within a minute or two of us turning on the capture a couple different sessions or cookies were intercepted,” Colburn said. “One for a Facebook account and one for a Google account.

Those accounts belong to Arizona State University student Dee Farrand. We did not open them until she gave us permission.

“There are a lot of people out there that might be sitting next to you,” Colburn said. “It's called side jacking and I'm sitting next to you hijacking your account. “

“He [Colburn] can just be me for as long as I’m sitting in here and  have my Facebook open even if I'm not using it,” Farrand said.

Colburn had a few suggestions on how consumers like Farrand can protect themselves.

“In those cases you want to have another free download that basically forces the s during the entire process,”
Colburn said. “So it will tell Facebook every time you ask for a page that you want it in the secure format.”

Those free downloads include a Firefox add-on called Force TLS and if you use Google's chrome install KB SSL Enforcer.

“It forces that s, you see that https,” Colburn said.  “It's going to force the s or at least try to force it with every website that you use,”

“I expected it to take several minutes and it was quick and it makes me feel a lot more secure,” Farrand said.
Another level of security consumers can use.

“This coffee shop does a great thing,” Colburn said. “They actually require you to have or use a password.”

“We're one step ahead of the game,” Urban Beans manager Rebecca Clark said. “We let people know that we really care about them and whatever they're doing on their computer, it's secured.”

While protecting yourself from hackers is key, Colburn said if you’re curious about downloading this side jacking tool, don't.
 
“This is a felony,” Colburn said. “This is a violation of computer crimes law. I do not recommend you go out there and start playing around with this tool for fun.”

Colburn also said when it comes to banking online or other secure websites you may use, as long as they use the https protocol, then the side jacking tool won't work.