Next time you are sitting in a hotel lobby checking email on your laptop, be careful: The "businessman" in the next lounge chair may be tracking your every move.

Many Wi-Fi users don't know that hackers posted at hot spots can steal personal information out of the air relatively easily. And savvy criminal hackers aren't settling for just access to credit cards, bank accounts and other personal financial information; they love to sneak into your company's network, too.

Whether you're using a Wi-Fi hot spot at a hotel, airport or cafe, "you've got to assume that anything you are doing is being monitored," says Shawn Henry, deputy assistant director of the Federal Bureau of Investigation's cybercrimes division.

Home Wi-Fi networks are vulnerable, too, but it is far more fruitful for a hacker to pitch his tent in a busy hotel lobby or convention-center lounge where he can collect data from dozens of users. And Wi-Fi hot spots have proliferated, multiplying the potential targets for hackers.

Businesses that offer Wi-Fi, like hotels, often don't know that their networks have been breached and many times don't report incidents they know about for fear of bad publicity. Users are frequently unaware they have been hacked. As a result, there aren't solid figures on the number of wireless-hacking incidents. But the FBI for several years has received reports from educational institutions, private security companies and other federal and local law-enforcement agencies about such attacks.

While the chances any one person will be hacked aren't high, the payoff for criminals can be great, says Tom Brennan, a manager for AccessIT Group, which assesses companies' security vulnerabilities.

In early 2006, when he was working for a different firm, Mr. Brennan helped a financial institution determine how its data network had been breached. An employee working on a laptop outside the office used what he thought was a publicly available Wi-Fi signal to get Internet access. In fact, the signal he used had been set up by a hacker. When the employee reached his company's network, the hacker nabbed the employee's corporate user name and password.

Prosecutions involving wireless hacking have been few, though there have been some high-profile cases. In September 2007, Max Butler, known on the Internet as "Iceman," was indicted on charges of wire fraud and identity theft. Mr. Butler allegedly went "war driving" -- searching for unprotected Wi-Fi networks -- and stole user names and passwords that gave him access to several banks' networks, according to the U.S. Department of Justice.

Some of the big Wi-Fi providers offer software that users can employ to protect themselves. Such software confirms that the user has connected to a genuine hot spot or offers authentication and encryption.

However, even with additional security, users shouldn't pass sensitive information over the Web at public hot spots. "It's the same thing as talking on a phone on a crowded bus, you probably don't want to give out your sensitive information”.

Protecting Yourself

1. Stay current. Make sure your laptop is up to date. Keep your firewall, antivirus and antispyware software current, too.
2. Avoid conducting financial transactions at a hot spot. "Don't go sell your stocks or do any online banking," says David King, chief executive of AirTight Networks.
3. Turn off your laptop's Wi-Fi capabilities when you don't need to connect to the Internet. Most laptops search for Wi-Fi signals automatically and the connection stays open even if you don't boot up your Web or email application.
4. Where available, use a wired/network cable connection that plug into the laptop rather than Wi-Fi.

 
Summarized by WOUGNET TechSupport Team from an article by Joseph De Avila, in the Wall Street Journal on January 16, 2008.