How Easy Is It To Sniff One's Packets?

Published June 25, 2010

Since writing about the Google data mining case, I’ve been wondering just what kind of information we’re broadcasting into the air — and how easy it is to intercept those bits. I called Richard Smith, a software forensics expert in downtown Boston.

Even if you’re on an open, unsecured Wi-Fi network — say, at a coffeeshop or an airport — your most sensitive data is usually still secure, Smith says. That’s because virtually all e-commerce sites and banks encrypt user names, passwords and secret numbers in the Web browser.

The real danger lurks in your e-mail client, he says. Maybe Outlook on Windows, or Mail on Mac OS. Too often those connections aren’t encrypted, and the latte-sipper across from you could be, erm, sniffing your packets.

“An e-mail address and a password can be the keys to the kingdom,” Smith says. With those two bits of information you could break into virtually any site with a “forgotten password” request.

I remember the old days of Wi-Fi. They called it “wardriving” — cruising through a neighborhood, laptop in hand, looking for open wireless networks and using freely available software to see what you can intercept. I was amazed by how insecure people left their data.

“In general I think a lot of people have gotten the message about Wi-Fi security,” Smith says. Most routers now ship with encrypted passwords set by default. But there is still a lot of unencrypted data floating around out there. One of my neighbors — I don’t know who — runs an Apple wireless network wide open. I could easily use software bundled on my Mac to log on, change the settings, add a password and lock the out the owner. I wouldn’t, but I could. Anyone could.

I suggested doing some wardriving myself as a part of a story to demonstrate this — but Smith said I might be breaking federal wiretapping laws. Never mind that idea.

“Try wiretapping yourself,” he suggested. Two computers, a “hacker” and a lovely assistant, all connected to the same Wi-Fi network.

That’s exactly what I am going to do on Monday, when I meet Smith at Downtown Crossing for a little experiment.