Last week we looked at what happens behind the scenes when you sign-in to an Internet-based account, whether email, banking, shopping, etc. To summarize, your username and password fly across the Internet in the blink of an eye, knock on the door of your provider and say, “Here I am. Here is my password. Let me in.”
What are not so apparent are the multiple places your username and password (a.k.a. “credentials”) visit and must pass through on the way to their ultimate destination. Many people think this information goes straight from their computer to their email provider, or wherever it’s supposed to go. Au contraire mon frère.
Take, for example, Yahoo email. Millions of people use Yahoo Webmail, which means they visit the Yahoo website to do email. They visit the Yahoo website and click the “Sign In” button. They are then sent to a different website page which contains the actual sign in box. Sometimes, their browser automatically enters their credentials into the Yahoo ID and Password boxes; otherwise, that information is typed in manually. Finally, the big “Sign In” button is clicked. What happens next? Where do the credentials go?
If you use a home network, which most of us do, and if your computer connects to a wireless router, which many do, then the first place your credentials go is out into the air. Your computer is a radio transmitter, and radio signals are broadcast from your computer to anyone within range of the signal. Your credentials, transformed and broken up into numerous tiny packets of information, are part of this signal and, if not properly protected, can be intercepted and stolen.
The next part of the journey is from your router, down the wire, out the house, up to the utility pole, down more wires across town to wherever your Internet Service Provider’s “headquarters” are located. Along the way, your credentials may pass through numerous junction boxes, signal boosters and may even be broadcast across the landscape using giant microwave transmitters and radio towers.
Your credentials also bounce all around the Internet from computer to computer, seeking the fastest and most efficient path to their destination. Using a free program called PingPlotter, I traced the route taken from my house to the Yahoo Sign In page, using Cox Internet as my service provider.
From Oklahoma, my Internet connection went to a Cox facility located somewhere around Atlanta, Georgia. Next, it jumped through three different computers located at a Cox facility just east of Newton, Kansas. From there, it seems to have left Cox’s jurisdiction, being routed through a computer in the same general area, but controlled by Equinix, a giant data center provider.
Finally, my connection arrived in Yahoo-land, being processed by six different computers in Sunnyvale, California, before reaching the Yahoo email sign-in page. All told, including my wireless router and modem, it took 13 different Internet addresses located all across the U.S. to get my Internet connection to where it needed to go. Even more locations and Internet addresses would have been used had I actually signed in.
Each one of these connections represents a potential surveillance location, where my information could be intercepted, tapped, siphoned off, copied, read, hacked, analyzed, stored and exploited for who knows what purpose by Internet criminals and government zealots. It is common knowledge that countries like Russia, China, Iran, Saudi Arabia, Thailand, India and most of the “stans” (Kazakhstan, Kyrgyzstan, Tajikistan, etc.) routinely read their citizens communications, sometimes in blatant collusion with crime syndicates like the Russian Mafia and hacker groups with military and religious agendas.
What’s a regular “Joe” to do, then? How can normal Internet users protect their electronic communications from misuse? More on that subject next week.