The Mercury News

Government urges workers to avoid public networks

- By David E. Sanger and Julian E. Barnes

The Biden administra­tion would like you to get a vaccine and wear a mask. Oh, and one more thing: It has just proclaimed that it’s time for government employees and contractor­s to get off public Wi-Fi, where they can pick up another kind of virus.

In a warning to all federal employees, leading defense contractor­s and the 3.4 million uniformed, civilian and reserve personnel serving in the military, the National Security Agency issued an unusually specific admonition late last week that logging on to public Wi-Fi “may be convenient to catch up on work or check email,” but it is also an invitation to attackers. In an eight-page document, the agency described how, in a year marked by ransomware attacks on pipelines, meatpacker­s and even the police force in Washington, D.C., clicking on to the local coffee shop’s network was asking for trouble.

Government officials say they are fully aware that getting people to heed the

advice is about as likely as getting them to sit outside at a baseball game fully masked. But the message is a turning point: After a decade in which every restaurant, hotel and airline felt competitiv­e pressure to improve their free Wi-Fi, the nation’s leading signals intelligen­ce agency is trying to throw on the brakes.

“Avoid connecting to public Wi-Fi, when possible,” the warning says, stating that even Bluetooth connection­s can be compromise­d. “The risk is not merely theoretica­l; these malicious techniques are publicly known and in use.” The warning links readers to videos of how easy it is for hackers to use an open Wi-Fi network, one that requires no passwords, to harvest passwords and the contents of passing cellphones.

Cybersecur­ity experts have long warned about the dangers of public internet in coffee shops, airports, hotel rooms and similar venues. At conference­s like Black Hat, where government officials are hunting this week for new recruits, exposing the vulnerabil­ities of mobile devices is something of a sporting event. Some participan­ts take glee in revealing the contents of a visitor’s phone on a big display for all to see. It is meant as a vivid reminder that hooking on to public Wi-Fi, or enabling Bluetooth connection­s, or even the capability to make a purchase by tapping a reader with a phone, is an invitation to have nonencrypt­ed data seen by anyone.

Without citing particular incidents, the NSA warning includes a caution that criminals or foreign intelligen­ce agencies can

set up open Wi-Fi systems that look as if they are from a hotel or a coffee shop, but are actually “an evil twin, to mimic the nearby expected public Wi-Fi.”

When State Department officials were negotiatin­g the Iran nuclear accord in 2014 and 2015, many powers — from the Iranians to the Israelis — deployed such systems in hotels where the negotiatio­ns were underway, American officials warned at the time.

The NSA warning was not prompted by any recent uptick in criminals or nation-state adversarie­s using public internet to steal informatio­n or stage hacks, officials say. Instead, it appears to be part of a significan­tly accelerate­d U.S. government effort to raise awareness about a range of electronic vulnerabil­ities in recent months.

Newspapers in English

Newspapers from United States