You enter a café – a wireless internet hotspot – to enjoy your coffee while browsing online with your laptop. You connect to the wireless network and start conducting transactions, whether banking or purchasing items online…
As an end-user, you feel secure seeing the padlock icon at the bottom of your Internet Explorer browser. Your information, including username, password, account details, and credit card information, is encrypted with 128-bit encryption.
But is this transaction truly secure?
Generally, online banking and shopping transactions are quite safe, especially when conducted through SSL (Secure Sockets Layer). SSL is a protocol developed by Netscape to help transmit private documents over the internet. It uses a two-key encryption system: a public key that everyone knows and a private key – or secret key – known only to the recipient of the information. Both Netscape Navigator and Internet Explorer support SSL, and many websites use this protocol to securely receive sensitive information from users, such as account numbers and credit card details. By convention, URLs requiring a secure transaction will begin with https: instead of http:.
However, you might not realize that a hacker can steal information while you conduct your banking transactions or use your credit card. This happens when you are not directly dealing with the intended party (like the bank) but are instead communicating through an intermediary (the hacker), known as a Man-in-the-Middle attack.
How does the theft occur?
The thief connects to the same café and Wi-Fi network as you. They run a series of programs to capture data from the victim’s computer to their own. The hacker then runs additional programs to sniff out data, acting as an SSL Certificate Server, thus becoming the intermediary (Man-in-the-Middle) between the victim and the transaction they are attempting to complete. Figure 1 may help you understand this better.
An important concept that traders should know is the certificates used to establish a secure transaction. A valid certificate means a secure connection directly to the intended transaction site. In this case, all data you need to transact will be encrypted by the web browser you are using, then sent directly to the transaction site, where it will be decrypted for use. By following this method, even if a hacker obtains your data, it would be difficult for them to decrypt it.
However, it is unfortunate if the victim receives a counterfeit certificate sent by the hacker. In this case, the victim is not connecting to the necessary bank but to the hacker’s computer. Here, the information is transmitted from the victim’s web browser to the hacker’s computer, allowing them to capture that information. Since the counterfeit certificate is created by the hacker, they can easily decrypt the data sent by the victim.
Prevention
When hackers present counterfeit certificates to replace legitimate ones, most users will simply “agree.” Here are examples from the Security Alert center that users might encounter. Most people who are not well-informed will click “Yes” when a window appears like in Figure 2, thereby complicating their own situation:
By clicking “Yes,” you have inadvertently fallen into the hacker’s trap. However, if you click on the “View Certificate” button, you can see the issue. Below is a comparison between a fake certificate and a legitimate one for your reference:
Therefore, to avoid having your credit card information stolen, please keep the following points in mind:
* Visit the Security Alert website to read essential guidelines on how to prevent credit card information theft.
* Use one-time passwords and change them frequently to avoid password theft.
* When using SSL VPN, utilize advanced features.
* Use a firewall when accessing wireless internet in public places.
