If you’re using free WiFi hotspots to connect to websites like Facebook, you had best be careful.
A number of politicians in Missouri appear to have learnt that lesson the hard way – with five people reporting that they have had their Facebook accounts hacked since the beginning of the year.
And suspicious minds are leaning towards the theory that hackers took advantage of a free, open wireless network to sidejack state representatives’ Facebook accounts and post mischievous messages such as
"I love lobbyist! All the free food and stuff you get. This job is awesome!"
Victims who had their Facebook accounts hacked in January included Democrat Stacey Newman and Republicans Donna Lichtenegger and Dave Schatz. Lichtenegger says that on the day a hacker posted an unauthorised message from her account, she had used the House’s free public WiFi.
She later posted an apology on Facebook about the message which claimed she loved free gifts from lobbyists:
To my Facebook Fans, I want you to know that my Facebook page has been hacked today. As I was traveling back home this afternoon someone decided to hack into my Facebook and write this false statement about me liking lobbiest and getting lots of free food. First of all I'm not eating most of the food at the Capitol because I've plegded to myself to loose the freshman 15 instead of gaining. The last posting I placed was to let folks know how to recieve my Capitol Report. Sorry for the statement. Donna
Hmm.. she might do well to buy a dictionary.
Tools such as the Firefox plug-in Firesheep make it easy for anybody within range to jump onto your Facebook account if you’re using an unencrypted WiFi connection, for example at a coffee shop.
The victims of the current spate of Facebook hacking at the Missouri State Capitol building (three Republican legislators, one Democratic legislator and one Republican staffer) have all been using the free WiFi network provided for visitors and workers according to media reports, rather than a secure, encrypted connection.
Facebook recently allowed users to choose full SSL/HTTPS encryption throughout their session to stop accounts being compromised through unencrypted WiFi using tools like Firesheep.
Facebook hasn’t rolled out that functionality to every user yet, but I would recommend that every user enable it as soon as possible. Here’s a YouTube video showing you how:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like.)
If you’re a user of Facebook, in addition to selecting the new HTTPS option, you also benefit from reading our guide on how to secure your profile.
And don’t forget to join the Sophos page on Facebook, where we regularly alert on the latest security threats on the social network.
8 comments on “Free open WiFi suspected in Facebook hack of Missouri state representatives”
Of course if you're ultra-paranoid and have access to a server at home you could always set up a VPN with all the requisite route pushing. That's always a lot of fun.
"Hmm.. she might do well to buy a dictionary"
Seriously?! Practice what you preach:
"hacker posted an unauthorised message from her account"
Stick to the aspects relevant to the story.
I'm guessing you're taking issue with the way I spell "unauthorised"? Sorry, I'm English so it's bred into me to spell it that way.
I've tried spelling it with a "z" (pronounced 'zed') but I just can't bring myself to do it.
Don't even start me on "burglarize"..
Americans, it would behove you to get with the programme and stop picking on Graham for how he's spelt things.
Your neighbour in Canada, where we can't keep either version of English straight.
I was commenting on Graham for getting on someone else for spelling errors.
I have seen far too many substantive discussions disrupted and belittle due to someone mentioning spelling errors of someone involved.
I apologise for any disruption in flow caused by my mention of getting a dictionary. I was trying to explain that I hadn't mistyped what had been posted on Facebook.
The point I was trying to make was not to mention such trivialities. They simply detract from the substance of the article and topic.
Um, she’s a State Legislator. She should know how to spell simple words like “receive” and “lose”, and also how to compose coherent sentences.