So, I have been a lot of places. It’s fun, it’s interesting, and hey, if someone will pay you to come and speak in Indonesia, you really ought to go. That said, there are a lot of issues with travel that make people nervous. That said, my favorite thing to do is to go and watch pickpockets and con men working the tourists:
“Did you see the Trevi Fountain?”
“No, but I saw these three kids take a Canon Rebel and three suitcases off this couple outside the train station.”
But, since we don’t have much time, let’s talk about the cyber issues of travel abroad and remember, don’t take any Quaaludes from strangers.
Protect your passport. This is a popular discussion. Modern passports in the United States have smart chips in them and they can purportedly be read by RFID (That’s a device in the lining of your passport that's activated by a radio signal.) readers if you are near someone who is looking. Ideally, they can get your information from the RFID insert and extract personal data to create fake passports. I haven’t heard of this problem being common, but the travel guys are always trying to sell you what's called a Faraday bag. This is a small bag that's lined with copper and supposedly protects your passport from being read remotely. This should likely be used when you are exiting customs, as that's where I'd be waiting if I was targeting you. I mean, you have your passport out, you're distracted, and I can hang in the crowd outside customs.
You have a GOES card, right? Or are you one of those sweaty, pathetic people standing in the US customs line? GOES (or Global Online Enrollment System) lets you cruise through customs with a nice little laminate card. You do have to go and be interviewed and it costs $100, but let me tell you, when you are standing in the 3 hour Newark customs line after that 18 hour flight from Hong Kong, you'll thank me. Put that in your Faraday bag as well. (The card comes with it’s own little copper lined sleeve which should tip you off that it might be grabbable.) Check with US customs about how to get one. Or don’t, so that there will never be a line at GOES and I can cruise right by you.
Phones & PC's
The biggest threat here is stray Wi-Fi. It would take me about 5 minutes to setup a Wi-Fi grabber. So, I call it “Rome Free Wi-Fi” and hang around the airport. You see “free Wi-Fi” and never look back. You connect to the free setup and I can grab every packet of information you send (The grabber is in my suitcase.) and spend my time sorting through it later at home. Connecting your phone is the same way. When you travel abroad, you are going to go crazy trying to find free Wi-Fi since data is brutally expensive (Be sure and turn off your automatic data when you leave the US or you will get a rude surprise in your next bill.) and even cellular is no longer “free roaming”.
So, what to do? Well, use only encrypted (that means it has a password) Wi-Fi that you can at least vaguely verify. But, that is really not enough (even in the US). If you are just checking out that nude photo of Justin Bieber, well, so what. But if you start sending login information to your bank, making transactions, etc., well, anyone who can access the device (and it’s probably sitting in the lobby or a closet somewhere) could start grabbing info from you. This means you need to use a VPN. A VPN (or Virtual Private Network) is used for secure browsing on insecure networks. Get the Onion Browser from the App Store (on Apple) or some other VPN based browser tool. This will encrypt your material, so that a sniffer would have to work really, really hard (Think James Bond.) to get your data off that signal.
In the end, you need to put a plan together before you travel, not after you've arrived. Think about:
- Data – How are you going to communicate or are you going to turn your phone off when you get off the plane? This can bankrupt you in foreign countries. I accidentally left my phone on in France and my email alone cost me about 600$ for 4 days.
- Texts – How many texts and chats do you do a day? Outside the US, these can be 25 cents per text in and outbound. Try about 1000 texts each way and that is already 500$ in just your first day.
- Calls - Same thing. We get used to not thinking about minutes and calls, but outside the US, they cost per minute (like old school long distance) and that conference call can add up to 100$ in about 40 minutes.
The best thing to do is research and grab a local SIM card that will work in your phone (That’s what I usually do if I think I need to be in touch.). These are just pay as you go plans that will put you on the local network. Most countries have better cell service than the US (I was standing in a village in Vietnam without running water and my phone worked.) and pretty cheap local plans you can buy. Just be sure you buy them from a reputable vendor. Do NOT buy SIM cards from street vendors and sellers. Go to a permanent shop that belongs to the Telco Company (Research this in advance.). It will cost more, but you won’t be getting ripped off either.
All that said, travel is one of the best things for you, your kids, and everyone. I love to go to out of the way places. (I took my daughter to Jesry, Karangasam, Indonesia once.) You will never regret travel, but you need to have a plan and you need it before you go, not once you get there. When you arrive in Nha Trang, Vietnam after a 15 hour flight to Hong Kong, a 4 hour flight to Ho Chi Minh City, a 2 hour flight to Cam Ranh Bay, and a 2 hour car ride, you won’t be thinking straight. Have a plan.
More About Doug
Doug White is the Chair of Cybersecurity and Networking programs at Roger Williams University. He has worked in the technology industry for many years and specializes in networking, disaster, forensics, and security. He has been paid to break into buildings, talk tech people out of their usernames and passwords, steal money, and figure out horrible scenarios like “What if a rabid shark swarm was caught up in a tornado while a core meltdown occurred? Could we still watch Netflix?” Doug has a PhD in Computer Information Systems and Quantitative Analysis from the University of Arkansas, is a Certified Computer Examiner, A Cisco Certified Network Administrator, A Certified Information Systems Security Professional, and a licensed private investigator.
*The original version of this post appeared on the blog in January of 2016.
**Photo Credits: Doug White's photo by Ashley Farney