Identity Theft via Airport??

Discussion in 'macOS' started by sotied, May 26, 2005.

  1. sotied macrumors regular

    Joined:
    Apr 12, 2003
    Location:
    Boston
    #1
    I've just gotten taken for $107 by someone who grabbed my info from my iBook while I was surfing at either Panera or while I was Wijacking on someone's network.

    They were able to grab my credit card info as well as all my personal stuff (likely with a sniffer that just soaked up a form I was using to buy stuff online).

    I need to know what can I do to protect myself in the future.

    I'm running 10.39. iBook 1.2. Safari is my browser. Mail is my mail app.

    Is there a simple encryption preference I can set so this won't happen again?

    Thanks,

    Jeff
     
  2. Applespider macrumors G4

    Applespider

    Joined:
    Jan 20, 2004
    Location:
    looking through rose-tinted spectacles...
    #2
    Safest way to protect yourself is not to carry out secure transactions while on a public wifi system. There was a recent article about people hijacking wifi hotspots by cloning the hotspot's ID on their laptop so they could watch all the traffic.

    You can encrypt stuff that's using VPN and tunnels back to another computer but I'm not sure how you'd do it generically with the web. Would be interested to find out.
     
  3. Blurg Guest

    Joined:
    May 3, 2005
    #3
    Even with encryption, I still wouldn't suggest doing anything even remotely private in a public wireless hotspot, especially credit card transactions. The signals you send out can be heard by any computer within range, and encryption can be broken.
     
  4. varmit macrumors 68000

    varmit

    Joined:
    Aug 5, 2003
    #4
    How are you sure that is was stolen over the Wireless. Because my mom doesn't even use the computer to buy stuff and she had her credit card stolen and used to register a domain and xbox subscription. There are many different ways to do it other than waiting and hoping that someone buys something while using their computer near you at a public Wifi.

    And also, I would not be using public Wifi, or someone else's unprotected Wifi, to make purchases over the internet.
     
  5. sotied thread starter macrumors regular

    Joined:
    Apr 12, 2003
    Location:
    Boston
    #5
    Not quite positive....but I know my risky behavior

    I'm inclined to think it came from some Wijacking session while in my car parked on Newbury Street in Boston or while waiting for my girlfriend to finish work while on the streets of Portsmouth, NH, or maybe while I bogarted some wireless while on Sanibel Ilsand, FL this spring.

    Yes, it could have come from the caddies at the Dominican resort I was at in April or it could have been some schmoe with a police scanner listening to me order stuff on my cordless phone.

    BUT, I do buy most of my stuff via the Web. I do punch in my info and let it fly freely over the airwaves. And that's probably my trouble.

    I wish there were an encryption standard that would stop sniffers from grabbing my info, and I also wish Verizon would hurry up and put their network up in Metro Boston as I think I'd be more protected using their Wifi than I am piggybacking on someone elses.

    A side note. I bought the Canary WiFi Hotspotter and it is the BOMB. It's great for finding an unprotected network and has yet to be wrong. Not that I'll be using it. From now on I'll break into government and collegiate buildings and plug in my ethernet cable....but maybe that's not safe either.

    Stupid Internet.

    Jeff
     
  6. Applespider macrumors G4

    Applespider

    Joined:
    Jan 20, 2004
    Location:
    looking through rose-tinted spectacles...
    #6
    I'd blame the low-tech method first of all. It's so much easier/quicker to skim credit cards when you let them out of your sight at a restaurant/resort etc than it is to hang around a hotspot on the off chance that someone will use a credit card online.

    I mean if you were a crook, which would you do? Set up a few waiters/caddies with skimmer and get hundreds of credit card details a week which you can use online or rip onto blank cards and use in person (with any signature) so you can take the goods immediately. Or hang around a hotspot to get a few cards if you're lucky.

    Do you shred your bills? Could someone have grabbed a bill/receipt from your trash?
     
  7. mad jew Moderator emeritus

    mad jew

    Joined:
    Apr 3, 2004
    Location:
    Adelaide, Australia
    #7

    Waaaay too much insight there Applespider. ;)

    For the ignorant among us (me :p ), would turning off filesharing help in foiling the evil plights of the wijacker? Or should that be wacker?
     
  8. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #8
    Assuming that you were using your credit card over SSL, I would find it extremely difficult to imagine that someone actually sniffed and cracked the SSL keys. See http://www.inet2000.com/public/encryption.htm


    I'm with Applespider, there are many other creative ways to acquire credit card numbers. Trash,mail, receipt, or over the shoulder wandering eyes being the easiest.
     
  9. Sweetfeld28 macrumors 65816

    Sweetfeld28

    Joined:
    Feb 10, 2003
    Location:
    Buckeye Country, O-H
    #9
    Did/Do you have your firewall turned on?
     

    Attached Files:

  10. 12ibookg4 macrumors regular

    Joined:
    Dec 22, 2003
    #10
    on almost every site you can use a credit card, you session will be encrypted with SSL. you can tell if the web site you are entering your card info is secure by looking at the url, it should be https:// instead of just http. Also, there will be a padlock in the corner of the brower window if you are on a secure page.
    Although it is possible that someone posed as a free wifi spot but directed you to false pages where your card info was collected.
     
  11. superbovine macrumors 68030

    superbovine

    Joined:
    Nov 7, 2003
    #11
    FYI:
    http://naughty.monkey.org/~dugsong/dsniff/
    http://crypto.stanford.edu/~eujin/sslsniffer/
    http://ettercap.sourceforge.net/
    http://www.thoughtcrime.org/ie.html

    I agree with you through. the weakest link in credit card security is the human link, and a low tech way would be a lot easier to do.
     
  12. aswitcher macrumors 603

    aswitcher

    Joined:
    Oct 8, 2003
    Location:
    Canberra OZ
    #12
    Agreed.

    Also make sure your email has the SSL enabled.
     
  13. Agathon macrumors 6502a

    Agathon

    Joined:
    Jan 19, 2004
    #13
    People are lax about this sort of thing.

    Sitting at my coffee table with my PowerBook, I notice that the guy across the way has left his wireless network open to anyone. I could get on and download goat porn if I wanted to.

    I will have a word with him next time I see him.
     
  14. CanadaRAM macrumors G5

    CanadaRAM

    Joined:
    Oct 11, 2004
    Location:
    On the Left Coast - Victoria BC Canada
    #14
    LOL.
    "I steal bandwith wherever I can by jumping on unprotected wireless networks. The schmoes have it coming to them if they don't secure their net. But someone jacked my card number. Wah."
     
  15. DeSnousa macrumors 68000

    DeSnousa

    Joined:
    Jan 20, 2005
    Location:
    Brisbane, Australia
    #15
    What is with that, someone has i network not protected which i can access the net through. I don't use the connection though because i have morals.
     
  16. sotied thread starter macrumors regular

    Joined:
    Apr 12, 2003
    Location:
    Boston
    #16
    Wijacking/Firewalls/Unprotected Chex

    Ok. Here are a few answers and a comment.

    Yes - firewall was on.
    No - I don't share well with others, so my sharing was all off.
    Yes - since it was a one-time thing (card has been cancelled and the charge took place in the smack, dab middle of my billing cycle) it was most likely a person at the resort.
    Yes - I do Wijack a bit, but I never said it was nice or right or my right to do so. I'm still surprised though, that I can drive into downtown Boston and grab Wifi from NINE places while parked on Federal Street in the Financial District. Makes you wonder about the brilliant minds installing and maintaining networks at this nation's financial institutions.
    No - I don't have a shredder, but my trash is picked up by a truck early on Thursday AM and since I have to run out to catch the guy each week, my trash sits in my room/office until five minutes before he comes. I also keep all my statements for too many years.
    *I have started paying all my bills online.
    *I have been using my card a lot more this year than ever before because I get points for purchases.
    *I have noticed that some places STILL print out receipts that show the full CC number.

    The thing that burns me with this issue is that the card that was stolen wouldn't even let me use it on a poker site and then they let some unknown use it on an online gaming site.

    AND, what burns me even more is the company that allowed the charge (IGE.COM) won't give me any info about "MY" account so I can try and track the dirtbag down who used my card. All the info is mine except for an email address the guy (or girl) used to access their site.

    Where's the justice?

    Jeff
     
  17. Foniks Munkee macrumors member

    Joined:
    May 15, 2005
    #17
    You know, there is such a thing as credit card number generators. The credit card numbers we receive are based on a very simple algorithm (Mod 10). You may have been unlucky and they hit your number - i've seen ones (when investigating internet fraud on an e-commerce site I was responsible for), that generated the number, expiry and cvs number.

    The customer was upset because she had never even used the internet (this was in 1998) - and couldn't understand why or how it had been used on our website. Of course, the reality it, the person who used the number had simply generated a random number based on a few parameters (card type for one) and kept trying until one worked. It just happened to be her number. Not much you can do about it.

    Of course as the others have already said always use encryption were possible.

    [EDIT] By the way, the CVS numbers that were generated were not "real" - I think they are numbers set by the merchant, but in Australia and in many other countries, they are not used, or used everywhere.
     
  18. sotied thread starter macrumors regular

    Joined:
    Apr 12, 2003
    Location:
    Boston
    #18
    Generator? Don't think so


    I don't think that would work because they had my name, address AND cell phone number. All the items I typically enter when buying stuff online.

    Which makes me think more that it was a sniffer or a faux hotspot.

    Jeff
     
  19. MrSugar macrumors 6502a

    MrSugar

    Joined:
    Jul 28, 2003
    #19
    Did you get your money refunded over a dispute?

    I have had irraneous charges too, Netzero charged me for two months of dial up that I never even knew existed, when I called them about it I couldn't get on the phone with anyone. I disputed, got the money back, canceled the card and went on my way. How did your situation end up?
     
  20. sotied thread starter macrumors regular

    Joined:
    Apr 12, 2003
    Location:
    Boston
    #20
    Not there yet

    It's not resolved yet because I'm waiting on IGE.COM to refund the money.

    I have disputed it with my credit card company and expect that they'll do more of the legwork for me.

    BUT, I did get that email address from "my" account with IGE. It's cufmouse@yahoo.com if you would like to send him a nice note.

    Thanks for all your input - if it turns out badly (like no resolution) I'll post it again. If it turns out fine, there's no need to clutter the board.

    Jeff
     

Share This Page