Hackers might make use of public Wi-Fi at coffee shops, airports, and hotel rooms according to the National Security Agency, which issued a warning to federal employees. The Biden administration wants you to receive a vaccination and wear a mask. Oh, and one more thing: It’s time for government personnel and contractors to stop using public Wi-Fi, where they can pick up another sort of virus.
“Logging on to public Wi-Fi may be helpful for catching up on work or checking your email,” warns the National Security Agency in an unusually detailed caution to government workers, major defense contractors, and the 3.4 million uniformed, civilian, and reserve people serving in the military. As the agency said in an eight-page study, connecting to the network of a neighborhood coffee shop was asking for disaster in a year that saw ransomware assaults on pipelines, meatpackers, and even the Washington, DC, police department.
It’s about as likely that people will obey the government’s warning as they are to sit outside at a baseball game properly disguised. It’s a tipping moment, however: This is the first time in a decade that the nation’s main signals intelligence organization is trying to slow down.
If at all possible, avoid connecting to public Wi-Fi, as even Bluetooth connections can be hacked. Public knowledge and usage of these harmful tactics mean that the risk is not just theoretical. Hackers may easily capture passwords and contents of passing cellphones using an unsecured Wi-Fi network, which does not need credentials.
Since the early days of the internet in coffee shops, airports, hotel rooms and other public places have been a source of concern for cybersecurity professionals. This week, government officials are attending conferences like Black Hat, where exposing the vulnerabilities of mobile devices is like a sport. The contents of someone’s phone are displayed on a large screen for all to view by some of the participants. An important message is being conveyed: connecting to public Wi-Fi or turning on Bluetooth, or even using your phone to pay for something, invites the possibility of having your nonencrypted data viewed by anybody.
Lastly, there is always the possibility of being faked. N.S.A. warns that criminals or foreign intelligence agencies can set up open Wi-Fi networks that appear to be from a hotel or coffee shop, but are actually “an evil twin, to imitate the surrounding anticipated public Wi-Fi.” U.S. officials warned in 2014 and 2015 that several nations — from Iranians to Israelis — had installed similar devices in hotels where discussions were taking place.
Officials at the National Security Agency said there hasn’t been a substantial surge in criminals or nation-state adversaries using the internet to steal information or coordinate attacks. United States government attempts to raise public awareness about technological vulnerabilities have reportedly intensified in recent months.
Recent executive orders by Vice President Biden require federal government contractors to satisfy a set of cybersecurity criteria. Also, government agencies must employ two-factor authentication, similar to how customers receive a text message from their bank with a code before accessing their account.