How to Play it Safe in an Internet Café

| March 30, 2010 | 23 Comments
internetcafe How to Play it Safe in an Internet Café

Bottom line—how big is the risk, really?

Identity theft is an increasingly common occurrence—and the situation is likely to get worse in coming years. As a backpacker, working and blogging at an internet café puts you at particular risk because there is no simple sure-fire way to ensure that the computer on which you are working is free of malware, such as trojans or keyloggers. But how big is the risk to your average everyday traveller?

One simple step backpackers can take to better protect themselves from becoming a victim—never enter personal data while on a public computer. It is simply unsafe to enter passwords and private information while in an internet café owing to the proliferation of spyware, which is capable of tracking your keystrokes.

Keystroke recorders—known colloquially as keyloggers—are particularly dangerous because they are capable of recording your keystrokes and therefore can be used to steal logins and passwords to online accounts. That being said, there are a few simple ways to mitigate the risks posed by keystroke recorders.

1. Check for hardware keyloggers

keylogger 150x150 How to Play it Safe in an Internet Café

A hardware keylogger dongle...

A hardware keylogger is a small, inconspicuous USB device that is plugged into a computer between the keyboard and the tower. Unfortunately, a keylogger may be virtually indistinguishable from an extension cable or other device. Once installed, however, it captures all keystrokes into its own memory. This kind of device is completely self-contained and works just as well on a Mac as on a Windows system. The principal weakness of this particular keylogger—at least the varieties that are commonly available—is that it’s not remotely accessible. Therefore, the person who installed it has to return to retrieve the data from the device.

How can you protect yourself from this particular threat? When first logging into a terminal at an internet café, it’s a good idea to physically inspect the keyboard PS/2 or USB cables for ‘security breaches’. However, external hardware keyloggers are very difficult to detect. For example, there are a number of keyloggers that that built right into the keyboard! That being said, I suspect that hardware keyloggers are not very common in internet cafe—malicious software is a much more attractive option for those that want to gather information. Let’s face it, physical keyloggers attached to directly to a computer increase the likelihood of getting caught.

2. Run an operating system from a USB stick

It’s not always practical for vagabonds to carry a PC when on the road (even if it’s a netbook) and it’s often handy to do a quick Google search or check browser-based e-mail  at an internet café. But terminals at internet cafés don’t have your familiar desktop and personal files on them. Depending on where you are, they may not even have the applications needed to read and edit your data files on them. Still worse, they might be infected with viruses, trojans or worms. The solution?

With fast high-capacity USB thumb drives, you no longer need to bring a laptop along with you when you want to run your own applications and access your own data. Indeed, many people are adopting open source applications that load and run directly from a USB thumb drive. This means that backpackers can take along important applications and files along with them—a “computer on a stick” if you will! In fact, many of these USB thumb drive computers have applications which encode keystrokes in order to fool software-based keyloggers!

One such solution is an open-sourced Linux-based operating system, which comes complete with a suite of great applications. What is the advantage offered by such a solution? You will no longer be dependent on a PC running Microsoft Windows! Instead, all you will require is a PC that capable of booting from a USB port to run your “computer on a stick”!

Pendrivelinux.com is a site which offers a wide selection of available operating systems suitable for booting from a USB stick. The site includes simple and detailed instructions on how to load and run your very own USB flash drive–based Linux OS. And the best part? The software is free!

The downside?  Most internet cafés in countries which see a lot of backpackers are going be pretty well run—and they’ll all have software in them to keep their systems locked down. Most proprietors won’t take kindly to you rebooting their PCs and working ‘off the clock’. Of course, if you grease the palm of the person behind the counter running the café, you might be able to convince them. Bottom line, however, I would not plan on being able to run an OS off of a USB drive.

3. Bring your own system

This is the best—but not necessarily the most practical—solution. Netbooks offer a secure alternative to the ubiquitous internet cafés that line the tourist trail. Coupled with a good virtual private network (VPN), they offer a means to pay bills, make purchases and check bank accounts.

In our opinion—the HP Mini 110 is one of the best netbook options in the sub-$400 budget netbook category. It offers a nice hardware configuration, a good-looking design and an excellent keyboard. The HP is a very nice option for those on the lookout for a low-cost netbook that they can toss into their packs. For these reasons, it has won itself a place in both our real-world and virtual backpack! Check out our article here.

Conclusion

Ideally you should simply avoid online banking, shopping or other transactions that require you to enter sensitive information such as credit card or personal bank account details. If the matter is urgent, however, and you have to do it, take the precaution of changing all your passwords as soon as feasible from a more trusted computer.

Anil Polat, who worked as a security engineer for almost six years, has become an expert on advising companies how to better secure their networks and systems. He has since taken this expertise on the road and now does freelance security work, in addition to writing about technology and travel. In an article entitled “How To Keep Your Online Accounts Safe At Internet Cafés”, Anil offers up the following:

Don’t access any sensitive accounts. An obvious one, but it’s not a good idea to check your bank account, personal email or other sites that may be sensitive depending where in the world you are visiting. There are many parts of the world where you may not want anyone to know your nationality or would want to keep your browsing confidential. The best bet is to bring your own.

Bottom line—how significant is the risk, really? The answer to that is: “It depends”. I would expect busy internet cafés not far from the tourist track to be fairly reasonable risks. Busy internet cafés, airport terminals, libraries and the like seem like ‘target rich environments’ for potential keyloggers. These are certainly places where I’d make sure to take safety measures.

Less busy areas? Perhaps not so much. Regardless, it is possible—and moreover—it’s not all that hard for someone who’s technically savvy.


Related Posts