nomad4ever

If you are traveling without your own laptop for an extended period of time – chances are you will use Computers in public Internet Cafes to stay in touch with loved ones and friends around the world.

Using a computer in any Internet Cafe in Shanghai, Vientiane or Fiji sounds like a comfortable form of getting things done, considered you have decent connection speed and bandwidth. Sure, sometimes those places feature outdated equipment and the comfort factor isn’t on par with your hotel room – but hey!

Unfortunately there are much darker dangers lurking in the shadows of those locations, some not clearly visible to the unsuspecting eye:

When the Internet started out more than a decade back – not everyone had access right away. Not all of us owned a computer or ever planned of buying one. The needs of those were soon catered for by smart businesses – setting up a couple of outdated machines in a room or empty factory hall, connecting them to the net and charging potential users per minute, hour or via prepaid packages.

So far so good.

With the growing popularity of Online Banking, Blogging and sites and services like Paypal, Amazon and eBay, personal data grew more and more important. Even to a point where it’s becoming valuable and like money in the hands of shady subjects. Nigerian Internet Mafia or Identity Theft anyone?

These days everyone has at least one e-mail address and a half dozen accounts with social network sites like Facebook, LinkedIn or MySpace.

Most people I know also prefer Internet Banking to taking a cue number in a bank branch – if there is any at all in the country you are traveling.

Sending money via Paypal or bidding on your favorite backpack or GPS device on eBay is another common phenomenon; with the data and money involved things could be very painful if your account credentials were accessible by a criminal mind.

Over the last few years you could hear more and more travelers complaining that suddenly they didn’t have access to their e-mails accounts anymore or that their blog was hacked or scrambled and they didn’t know what and how that happened.

Be aware but not paranoid

Unfortunately the reputation of Internet Cafes came quite a bit down over the recent years. With all that valuable data transported via their computers and networks and increasing competition – quite a few Internet Cafe Owners were thinking of options to exploiting these even further and improving their income – in shady ways. Sometimes even the users of said Cafes abuse its computers of fostering their own agenda – getting access to e-mail, blog or banking accounts of the many users who pass through them during the day.

If an Internet Cafe isn’t well maintained – basically everyone can install malicious applications or other scamware on those computers. They are sometimes detected only weeks or months later or worse – not at all – and could wreak havoc with your personal data or submit account credentials via the permanent connection through the internet to the ones who will surely exploit them to your disadvantage.

The most common evils you can find on Public Computers are

• Keystroke Loggers (or short Keylogger – record the letters you type on the keyboard – including your account details and passwords – and submit them for further abuse)
• Viruses (most of them have the simple purpose of infecting your documents, applications or destroying what comes in their way with a maximum effect)
• Trojans (similar to Keyloggers – spying out your personal data or redirecting you to pages which could download more malicious software with unpredictable effects)

While the last 2 kinds of Malware are affecting you only indirectly and are easily avoided (just don’t open any unknown or untrusted websites, mail attachments or applications) Keyloggers are working in a more subtle and not so easily spottable way. Yet they can cause you more troubles or even cost you money, if your account details get abused.

So what can you do to avoid them like the plague they are on public computers?

1. Bring your own Computer!

Seriously – while plenty of people refrain from bringing a fragile electronic gadgets with them during traveling – more and more people do so. It’s simply easier working while traveling and you have full access to all your favorite programs and files. This way you can use your own protection and security features like Firewall, Antivirus and Spyware Programs, while only transmitting your Data Stream in an encrypted way via the Internet Cafes wireless network. Of course it’s still possible to intercept and unscramble that data – but it’s much more difficult and requires time and probably brute force (more computer power) than it’s worth while there is much easier prey around. Some more links regarding Traveling with Laptops I had in this post as well.

A Computer for travels doesn’t have to be necessarily big and bulky. While there are many nice and small notebooks around – the current trend is to getting an even smaller device, so-called subnotebooks, like the Asus Eee PC or similar. Check for some of the rave reviews for the Eee here. These small machines are simply for connecting to the internet, writing that document or memo to your parents, friends or employer and storing or uploading you pictures or videos.

2. Check for Hardware Keyloggers

If you don’t want to carry a laptop or subnotebook around you have to use other ways of making sure that you are using a secured connection. The first step should be to check for Hardware Keyloggers.

These are devices plugged between the keyboard and the computer and are most easy to find. Simply look behind the computer you are using. If you see any kind of adapter or device between the keyboard and the motherboard connector – switch the computer or the Internet Cafe!

3. Use an USB Stick to secure your Personal Data

Now – instead of simply typing ahead – bring at least an USB Thumbdrive or Flashdisk with some pre-installed essential security programs. There are even ways of booting your own Operating System from a USB stick or setting up you own complete suite of applications like this service called Portable Apps. While this probably doesn’t get you the connection to the internet (it can – if the Internet Cafe manager provides you the IP addresses used for his LAN ports) – it’s still good to have some essential applications with you.

This way you can make sure, that the public PC you are using is virus-free and make use of your own set of useful applications, which can save your day – but fool those malware and spy programs. You can even run your own favorite full-blown Firefox on it, or run smaller brethren like Firefox Portable Edition or Opera USB from it, with all your bookmarks or favorites right at hand. Here is a list of programs especially designed for running from an USB stick.

4. Use Anti-Keylogger or KeyScrambler Programs on your USB drive

Here is one good example of a Free Anti Keylogger Program and here an extended list of even more, which would make sure that the PC you currently use isn’t infected with any known Keylogger. The key here is to update those programs regularly, as Keylogger Programmers do everything of staying ahead in this cat and mouse game. Add to that a good Antivirus and OnScreen Keyboard (see paragraph 8 below) and you are set to go and most likely be secure. A KeyScrambler basically encrypts the letters you type with the keyboard. A free version for personal use can be found here.

Another tip I read somewhere is to have your Passwords saved in a Password Manager Software installed on your USB stick and then simply drag and drop the password into the web form. Most Keyloggers are said of being unable to cope with Drag & Drop. But then – some of them even take a snapshot of the whole screen from time to time, so that could end up even more disastrous, having many more of your passwords exposed. Although it seems unlikely in Internet Cafes with plenty of users and data generated in a short time – it’s still not recommendable.

5. Set a Tripwire for E-Mail Hackers if you suspect your Mail Account was compromised

If you suspect that your e-mail account was hacked, you should get proof. While it is certainly easy for someone reading your e-mail to disguise his/her action by simply setting the read mails to ‘unread’ again – there are ways to find out for sure. You could use other services which log your login date/time and inform you if anything unusual happened. Here you can find a guide on how to do it.

If that all sounds too complicated – there is an even easier method:

Simply change your password often and regularly to lock out unwanted people who gained access to your password one way or the other.

6. Subscribe for OTP – One Time Passwords for Online Banking

Most Banks around still make use of the antiquated PIN/TAN system. With the PIN you login to your account. The TAN is usually a transaction password which you take from a long list of approved codes which should secure you from fraudulent transactions. The only problem is that your PIN to login to your account stays the same for most of the time. It may prevent identity thieves from transferring your money out of your account – but still it’s easy to gain access when your account credentials are exposed. Ask your Bank if they provide OTP Tokens to login to your account!

An OTP (One Time Password) device is basically a quartz which shows a different login password (number) every few minutes.

7. Use Mail Forwarding for simply checking your Yahoo or Gmail

While more and more banks these days switch to OTP devices, One Time Passwords for E-Mail Accounts are unfortunately not so common at all. Is there any way of securing your main e-mail account from being spied out and hacked?

Thankfully most Webmail programs (Yahoo, Gmail and even Hotmail) allow a ‘Mail Forwarding’ option these days for free.

Simply create another free Webmail account and let your main account forward a copy of your mails to that address. This way you still can’t answer using your main account, yet you can stay updated and check for ‘that important mail’ you are expecting almost anywhere without giving up too much privacy. If you are in need for a reply you then have to make sure using a safe PC.

8. If all else fails – check out these tricks to fool Keyloggers

If you must access a public computer and have none of the other choices at hand – fear not! There are ways of fooling installed Keyloggers. It will take a bit of effort but is surely worth the while.

While basic Keyloggers do just that – logging your keys – you could use an OnScreen Keyboard to copy/paste the letters and put in your credentials this way. Windows comes with it’s own built in (Character Map); but it isn’t the best of ways and will trick only the simplest one, as it uses the copy/paste method via the Clipboard.

More sophisticated Keyloggers also record and monitor your Clipboard, the place where you copy and paste text or pictures or the letters from Windows’ OnScreen Keyboard. Gotcha again!

It’s better to download and use an OnScreen Keyboard to that Public PC which prevent copy/paste recording as well. The smallest program in this list is only 8 kbyte which should be possible to download and start in most Internet Cafes.

Now simply copy/paste your password letter by letter into the password form. Add some difficulty by copying it from back to front or even in another than the original direction. For example, if your password is ‘Snoopy23’ – copy and paste it like n-o-s-o-p-3-y-2, just simply put the letters to the right spot before you press ‘submit’.

One way to do it without all preparations is this:

Just open the page you want to login to and navigate to the login form. Type the first letter of your user credentials and click somewhere else outside the form (but not outside the current window!), so the cursor disappears. Now type a series of random/meaningless characters. Those will not appear in the form, but will still be recorded by the Keylogger. Now click back to the input field and type the second character. Click out again type a few more random character. Continue this until you are finished and press submit. The method is described in detail here (pdf).

Conclusion: for best results – preparation is the key!

Don’t go unprepared into any Internet Cafe – if you are planning to access your E-mail, Social Networking sites or Bank Account. While there isn’t any bulletproof way of fooling the most sophisticated of Keyloggers which record everything from mouse movements, window positions, focus changes or even take snapshots of open windows – every little step helps in camouflaging your online credentials and making it more difficult to get readable data out of the stream of logged inputs for the Hacker.

It might be enough already to fool the harvesting program or a quick manual scan through the logfiles to leave you out of the misery. Oh yeah – and make sure you log out completely from the account you open. Sometimes closing the active window is not enough, right Yahoo?

If you really want to be on the safe side there is only one way – use your own computer or device and and don’t rely on Public Computers at all.

What do you think? Ever had your E-Mail Account exposed and hacked while traveling? What methods do you use to protect your account information from Hackers, Keyloggers and Identify Thieves?

Please help to find the best ways for savvy travelers by sharing your knowledge using the comment form below.

—
Nigerian Internet Mafia or Identity Theft anyone?

or save article to your Facebook with 1 simple click:

Share

written by Chris