Hot spots, weak spots: Unsuspecting users falling prey to Wi-Fi hackers

Next time you are sitting in a hotel lobby checking e-mail on your laptop, be careful: The "businessman" in the next lounge chair may be tracking your every move.

Many Wi-Fi users don't know that hackers posted at hot spots can steal personal information out of the air relatively easily. And savvy criminal hackers aren't settling for just access to credit cards, bank accounts and other personal financial information; they love to sneak into your company's network, too.

Whether you're using a Wi-Fi hot spot at a hotel, airport or cafe, "you've got to assume that anything you are doing is being monitored," says Shawn Henry, deputy assistant director of the Federal Bureau of Investigation's cybercrimes division.

Home Wi-Fi networks are also vulnerable, but it is far more fruitful for a hacker to pitch his tent in a busy hotel lobby or convention-center lounge where he can collect data from dozens of users. And Wi-Fi hot spots have proliferated, multiplying the potential targets for hackers. There were 66,921 hot spots in the United States last year, up 56 percent from 2006, according to advertising firm JiWire Inc.

T-Mobile USA Inc. has 8,700 hot spots across the nations in such places as Starbucks and Borders Books & Music. AT&T Inc. has 10,000 hot spots in places including McDonald's, Barnes & Noble and Coffee Bean & Tea Leaf.

Henry says businesses that offer Wi-Fi, such as hotels, often don't know that their networks have been breached and many times don't report incidents they know about, for fear of bad publicity.

Users are frequently unaware they have been hacked. As a result, there aren't solid figures on the number of wireless-hacking incidents. But for several years the FBI has received reports from educational institutions, private security companies and other federal and local law-enforcement agencies about such attacks.

While the chances any one person will be hacked aren't high, the payoff for criminals can be great, says Tom Brennan, a manager for AccessIT Group, which assesses companies' security vulnerabilities.

In early 2006, when he was working for a different firm, Brennan helped a financial institution determine how its data network had been breached. An employee working on a laptop in Midtown Manhattan's Bryant Park used what he thought was a publicly available Wi-Fi signal to get Internet access. In fact, the signal he used had been set up by a hacker. When the employee reached his company's network, the hacker nabbed the employee's corporate user name and password.