More than a thousand Republican National Convention attendees have already put their personal information at risk by carelessly connecting to open Wi-Fi networks around Cleveland, security experts said Tuesday.
Researchers with Avast Software, a Czech security firm, set up open wireless networks around the Quicken Loans Arena and at Cleveland Hopkins International Airport over the weekend, then kept tabs on the internet activity of anyone who connected.
More than 1,200 users connected to the monitored networks during Sunday and Monday this week, and the majority failed to take any measures to protect their identities, Avast said.
“With Washington heatedly discussing cybersecurity issues virtually every week, we thought it would be interesting to test how many people actually practice secure habits,” Gagan Singh, Avast’s president of mobile, said in a statement.
“Understanding the talking points behind these privacy issues is very different from implementing secure habits on a daily basis. Though it is not surprising to see how many people connect to free Wi-Fi, especially in a location with large crowds such as this, it is important to know how to stay safe when connecting.”
According to the results of the “experiment,” as Avast called it, hundreds of RNC attendees have already exhibited negligent cybersecurity practices by connecting their smartphones and laptops to open Wi-Fi networks with names like “Google Starbucks,” “Xfinitywifi,” “Attwifi,” “I vote Trump! free Internet” and “I vote Hillary! free Internet.”
Around 1.6Gbs of data was transferred across those networks during the two days they were up and running. A large chunk of that information was seen by Avast because 68.3 percent of the 1,200-plus users failed to apply additional measures to protect their connections, such as using a VPN to secure and encrypt their traffic.
By monitoring traffic across these watering hole Wi-Fi networks, Avast was able to see what kind of websites and apps were being used by RNC attendees — potentially priceless data if it’s in the wrong hands.
Around 17.6 percent of the individuals who connected to the Wi-Fi networks checked their Gmail accounts, 6.5 percent shopped on Amazon.com, and 5.1 percent played Pokémon Go, Avast reported. Roughly 4 percent visited government domains or websites, and nearly a quarter of 1 percent of connected users browsed porn from the open Avast networks, the company said.
Avast’s monitoring also revealed what types of devices connected to its networks — valuable information that could be harnessed by hackers to target victims running specific operating systems.
Max Everett, the consulting chief information officer for the Republican National Convention, said earlier this week that a hacker had already attempted to compromise the convention by waging a phishing attack that sought to exploit the fact that its computers were running Microsoft Office 365 business software.
“The unique things we’re seeing are the typical spear-phishing attacks, with people sending links in phony emails telling users they need to reset their passwords,” Mr. Everett told CNBC.
“Somebody took the time to see that we were using that, and sent a link saying ‘click here to reset your password,’ ” he added. “The user wisely sent that one to us. That’s the most sophisticated attack we’ve seen.”