Free open WiFi suspected in Facebook hack of Missouri state representatives

Filed Under: Data loss, Facebook, Privacy, Social networks

Missouri State capitolIf you're using free WiFi hotspots to connect to websites like Facebook, you had best be careful.

A number of politicians in Missouri appear to have learnt that lesson the hard way - with five people reporting that they have had their Facebook accounts hacked since the beginning of the year.

And suspicious minds are leaning towards the theory that hackers took advantage of a free, open wireless network to sidejack state representatives' Facebook accounts and post mischievous messages such as

"I love lobbyist! All the free food and stuff you get. This job is awesome!"

Victims who had their Facebook accounts hacked in January included Democrat Stacey Newman and Republicans Donna Lichtenegger and Dave Schatz. Lichtenegger says that on the day a hacker posted an unauthorised message from her account, she had used the House's free public WiFi.

She later posted an apology on Facebook about the message which claimed she loved free gifts from lobbyists:

Donna Lichtenegger apologises on Facebook

To my Facebook Fans, I want you to know that my Facebook page has been hacked today. As I was traveling back home this afternoon someone decided to hack into my Facebook and write this false statement about me liking lobbiest and getting lots of free food. First of all I'm not eating most of the food at the Capitol because I've plegded to myself to loose the freshman 15 instead of gaining. The last posting I placed was to let folks know how to recieve my Capitol Report. Sorry for the statement. Donna

Hmm.. she might do well to buy a dictionary.

Firesheep

Tools such as the Firefox plug-in Firesheep make it easy for anybody within range to jump onto your Facebook account if you're using an unencrypted WiFi connection, for example at a coffee shop.

The victims of the current spate of Facebook hacking at the Missouri State Capitol building (three Republican legislators, one Democratic legislator and one Republican staffer) have all been using the free WiFi network provided for visitors and workers according to media reports, rather than a secure, encrypted connection.

Facebook recently allowed users to choose full SSL/HTTPS encryption throughout their session to stop accounts being compromised through unencrypted WiFi using tools like Firesheep.

Facebook hasn't rolled out that functionality to every user yet, but I would recommend that every user enable it as soon as possible. Here's a YouTube video showing you how:


(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)

If you're a user of Facebook, in addition to selecting the new HTTPS option, you also benefit from reading our guide on how to secure your profile.

And don't forget to join the Sophos page on Facebook, where we regularly alert on the latest security threats on the social network.

, , , ,

You might like

8 Responses to Free open WiFi suspected in Facebook hack of Missouri state representatives

  1. Pharasyte · 1354 days ago

    Of course if you're ultra-paranoid and have access to a server at home you could always set up a VPN with all the requisite route pushing. That's always a lot of fun.

  2. datahaunt · 1354 days ago

    "Hmm.. she might do well to buy a dictionary"

    Seriously?! Practice what you preach:

    "hacker posted an unauthorised message from her account"

    Stick to the aspects relevant to the story.

    • I'm guessing you're taking issue with the way I spell "unauthorised"? Sorry, I'm English so it's bred into me to spell it that way.

      I've tried spelling it with a "z" (pronounced 'zed') but I just can't bring myself to do it.

      Don't even start me on "burglarize"..

      • Mrs. W · 1354 days ago

        Americans, it would behove you to get with the programme and stop picking on Graham for how he's spelt things.

        Cheers,
        Your neighbour in Canada, where we can't keep either version of English straight.

        • datahaunt · 1354 days ago

          I was commenting on Graham for getting on someone else for spelling errors.

          I have seen far too many substantive discussions disrupted and belittle due to someone mentioning spelling errors of someone involved.

          • I apologise for any disruption in flow caused by my mention of getting a dictionary. I was trying to explain that I hadn't mistyped what had been posted on Facebook.

      • datahaunt · 1354 days ago

        Graham,

        The point I was trying to make was not to mention such trivialities. They simply detract from the substance of the article and topic.

  3. Roderick Poodge · 1333 days ago

    Um, she's a State Legislator. She should know how to spell simple words like "receive" and "lose", and also how to compose coherent sentences.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.