Summary: In some instances, it might be possible for hackers to see data going to and from one's computer. Sometimes it matters, but sometimes it doesn't.
I've heard that instant messages through AOL/Yahoo/MSN can be read by hackers that "sniff" the messages leaving my network. Is this true?
•
Yes.
It's actually true for all the data that comes and goes on your internet connection: web pages, emails, instant messaging conversations and more.
Most of the time it simply doesn't matter. Honest.
On the other hand, there are definitely times and situations when you really do need to be careful.
•
Data traveling on a network such as the internet can be seen by many other machines. Local machines connected via a hub, for example, all see the data being sent to and from all the other machines connected to the same hub. As the data travels across the internet, it actually travels across many devices each of which can "see" the data.
Sounds scary.
The good news is that's actually pretty hard to find data transmitted to and from a specific machine unless you're on the same network segment. For example, if you're connected to the internet via DSL, other machines sharing that DSL connection might watch your traffic, but random machines out on the internet would have an extremely difficult time tracking it down.
It's not something I worry about much at home.
However, there are scenarios that you should be very aware of.
-
Wireless access points operate much like a hub. Any wireless adapter within range can see all of the network traffic in the area. Visited any open (meaning not WPA-encrypted) wireless hotspots lately? Anyone in the coffee shop or library, or even just outside on the street or a nearby building, could be sniffing your traffic.
-
Hotel or other third-party provided internet connections are also vulnerable, since you have no idea what, or who, is sharing or watching your connection. It's possible that you're on a hub, and the room next door or down the hall could be watching your traffic, or it's possible that the hotel staff themselves are tapped into the internet traffic to and from all the rooms.
-
Landlord-provided internet connections, or those provided by or shared with a roommate or housemate fall into the same category: whomever set it up could very easily be watching the internet traffic going to and from the connection(s) that they provide you.
-
Your connection at work can also easily be monitored by your employer. In fact, the only difference between your employer and a hotel or landlord provided connection is that in most places the employer snooping on your use of their connection is legal, whereas the others typically are not.
So, what to do?
Aside from avoiding the situations listed above where this kind of eavesdropping is not only possible but often downright easy, the answer boils down to encryption of one form or another.
If you can, make sure that your own wireless hotspots are configured to use WPA2 encryption. (WPA if that's all that's available. There's no point in using WEP, as it is trivially cracked.) This way your wireless connection is secure. Even if someone does sniff and see your data going by, all they'll see is encrypted noise.
If, as in most of the examples above, you do not have control over the wireless connection, and have no control over the actual connection to the ISP, then additional steps are necessary.
As a start, if you're on the road you might simply wait until you're home to access sensitive sites like online banking or others.
In terms of technologies to help keep you secure, the list includes:
-
https (as opposed to http) connections are encrypted. Even traveling over unencrypted media like wired connections or open WiFi hotspots, the https protocol securely encrypts the data that is being sent to and from the web site being accessed. In addition, it also provides an additional level of security that the site you think you are connecting to is, in fact, that site. Not all sites support https (Ask Leo! is one such example) but sites that provide you with access to any potentially sensitive information - including your web-based email - should provide an https connection, or should be avoided.
-
Secure email connections should be used with your desktop email programs such as Outlook, Thunderbird, or any program on your computer that uses POP3/IMAP and SMTP. By default most email services have you configure your email connection for downloading your email using unencrypted protocols. Many now offer the ability to specify encrypted equivalents. If you're in any of the situations above, only encrypted protocols should be used.
-
VPNs or virtual private networks are technologies that can be used to secure your entire internet connection by creating an encrypted "tunnel" to a third party. All of your internet traffic goes to this trusted third party - encrypted - and from there it connects to the rest of the internet. All your internet traffic traveling between you and that third party is safe from sniffing by virtue of being encrypted.
The "third party" might be your place of work, if they offer such a thing, and as noted above, if you trust them. Other alternatives include services like HotSpotVPN which are targeted at folks traveling a lot who make regular use of open public WiFi and other fundamentally unsecure internet connections.
In general, when people ask about the security of their data it falls into one of two broad categories:
Privacy and Security or folks who are concerned that they're being spied on. My general response is that most of us as individuals just aren't that interesting, and it is rarely anything to be concerned about.
Opportunistic Theft or situations where someone's looking not specifically for you or me, but rather for someone who's allowed their bank, email or other secure information to be available for stealing. By leaving information available out and available to thieves, you can become a victim.
The good news is that the advice and technologies above go a long way to addressing both issues. The bad news, of a sort, is that it's still your responsibility to make sure that you're secure and using them appropriately.
(This is an update to an article originally published in February, 2005.)
Related:
-
Ask Leo! - How do I stay safe in an internet cafe?
-
Can my ISP monitor my internet usage? Your ISP controls your internet connection and it's easy for them to monitor the data you send and receive. The question is, why would they bother?
-
Can hotels sniff my internet traffic? More and more hotels are offering both wired and wireless internet, but along with those connections comes a security risk most folks don't consider.
Article C2290 - January 9, 2010
Hi Leo
Posted by: Tina at August 27, 2009 12:00 PMCan a hacker see everything that is on your computer system like websites you've saved to your favorites?
I work from home and have access to an external system in a call center. I will like to know how much my boss can see on my computer while I'm working. For example, Office, internet, ...
Regards, Violetz
14-Nov-2009
Posted by: Violetz at November 14, 2009 4:01 AM
Hackers can take what ever they want. Stay away from blue areas ( Porn). Also Stay away from these dating games over the internet (Trouble). Use your computer / lap top for what you bought it for, sending emails to your friends and family. Turn off the internet while you are in your very privite Documents performing work or just writting letters. Also if you want to back up your computer (PC) get a USB port memory flash stick, what you do not see you not control. Do not give your documents, pictures or anything from your computer to any one; To keep for you in case your system crashes: If your system crashes, because you have the CD'S that came with your system, just reload and take the documents and family pictures from your flash stick, or CD's. You can do it if you try. Mark
Posted by: Mr.Mark Whitney Schultz at January 12, 2010 9:15 AMMy computer is owned by my husband's business and my email is
provided by his office. I know he reads my email which isn't exciting but I'd like to enjoy some privacy. Will I have to change my provider to get security?
14-Jan-2010
Posted by: Sara Jane Lubrano at January 12, 2010 10:48 AM
From time to time -- there is a need for my to enter my credit card when I purchase items from Tigerdirect or Amazon. When this occurs I get a message that says the page I am entering on is secure and when I leave that page it tells me I am going to a page that is NOT secure. Assuming I am careful to check for internal programs that "watch" the keys that I type -- can a hacker intercept and obtain my credit card number? I should add that I have an unencrypted router for my home network but do not have any "shared" folders other than the one entitled "public".
Posted by: Richard J. Lawrence at January 30, 2010 5:39 AM