You're traveling for business, and for one reason or another, you need to access your work PC. You've thought ahead and installed remote-access software on your desktop system, so you're able to control it remotely from any machine with Internet Explorer or Netscape. You head to the nearest Kinko's, log on to the Net from one of the PCs there, and take care of your business remotely. Works great, right?
Not this time. Once you return to the office, you find you've indirectly caused a security breach. It turns out a hacker gleaned your password by logging your keystrokes on that Kinko's PC and used the info to break into your company's network.
Security begins with you
While commonly used remote-access applications, such as pcAnywhere
, are themselves relatively secure, the terminals used to access systems running them may not be. Unfortunately, the only sure way to protect yourself and your company is to give up the convenience of using public PCs for remote access.
The victim later recalled using a terminal at the Kinko's.
The scenario described above is not far-fetched. A similar situation occurred last year in New York City, where a man named JuJu Jiang was arrested for allegedly hijacking the accounts of several GoToMyPC customers. Jiang supposedly obtained
the victims' passwords by installing a keystroke logger on the Kinko's computer.
The victim who alerted the Secret Service about this exploit did so after noticing, while sitting in front of his home computer one day, that it was being accessed remotely. He watched his computer screen as an online account was created and account information for one of his credit cards was entered--though he wasn't touching the keyboard or the mouse. The victim later recalled using a terminal at the Kinko's where Jiang had installed the keystroke logger. Keyboard spies
Keystroke loggers are no joke; they're extremely effective for stealing personal information. Last February, a former Boston College student allegedly purloined
computer access codes, building access codes, and credit card and social security numbers from nearly 5,000 college students and faculty members. Authorities believe he accomplished this by installing more than 100 keystroke-logging apps on campus computers.
Always be careful when using a system that you're not sure is secure.
What I think happened with remote-access apps is that we became so awed by their tremendous convenience that we let down our guard. Security-minded person that I am, when I see new products or services, I immediately think: how could someone abuse this?
But when most people hear about a new piece of software or hardware that can make their lives better, they don't stop to think about the security consequences. They just want to start using it. Be careful out there
My advice: Always be careful when using a system that you're not sure is secure. And it's better to use some old-school technology, such as the phone, than to compromise your personal information or the security of your company. If you need to know your bank account balance while you're traveling, call the bank. If your boss needs a file that one of your colleagues has while you're out of the office, call the colleague and ask him or her to send it to your boss.
Your best bet, though, is to carry your own laptop when you travel. It's not that every computer in a copy shop or public library is tainted. It's just that if the one you use does happen to be compromised, the consequences could be dire. What do you think? Would use stop using remote-access software or public computer teminals because of the security risks? Why or why not? TalkBack to me.