Is Starbucks a Sweet Spot for Hackers Looking to Steal Identities?

Cafes may be unintentionally hosting a new bastion of Internet lawlessness. At least, that’s what one politician is saying. Seems hacking’s so easy, even a senator’s aide can do it (and did, yesterday, at a press conference in a Manhattan coffee shop).

cup of coffee


Ah, the cafe. That charming European idea, a place for a stimulating brew, a nice pastry, a place for work, for leisure–and, increasingly, for the shared camaraderie of your fellow laptop-wielders.

The only problem: That girl sitting next to you–the one who politely let you go ahead of her as you ordered your venti latte? Yeah, well, she just stole your identity.

Yesterday, Senator Charles Schumer held a press conference in an unusual place: Birch Coffee, a cafe near Madison Square Park in Manhattan.

With the funny choice of venue, the senator was making a point: even your friendly neighborhood barista might just be a malevolent hacker. And he doesn’t even need to know how to write a line of code to do so.

It seems likely that Schumer’s recent concern was piqued by a New York Times article from February 16th, which drew attention to the new vulnerabilities faced by Wi-Fi users. In particular, a free program called Firesheep, which first made waves in October. Firesheep makes hacking your fellow cafe-goer a simple, user-friendly, DIY affair. Firesheep takes advantage of a lack of end-to-end encryption, allowing hackers to grab cookies, the snippets of code that indentify your private information. This, in turn, enables hackers to masquerade as you on sites like Facebook, Twitter, Amazon, or eBay. Over a million people have downloaded the program. (Fast Company covered Firesheep months ago.)

Sites that use HTTPS, rather than HTTP, are safe from this sort of hacking. Banking sites tend to use HTTPS, but other sites like the ones mentioned above do not. The purpose of the Schumer conference was to call on sites like Twitter and Amazon to start beefing up their security, acting more like banks.


So just how easy is Firesheep is use? Even a Senator’s aide can do it! A Schumer staffer hacked into the Twitter account of a nearby colleague. Call it consensual hacking. Anyhow, it impressed reporters, as did Schumer’s talk of the HTTP protocol as “a welcome mat for would-be hackers” and a “one-stop-shop for identity theft.”

Jeremy Lyman, general manager of Birch Coffee, would like all Manhattanites to know that while his cafe’s Wi-Fi network (one hour free with purchase!) may be a one-stop shop for hackers, his business is also a one-shop stop for delicious coffee, and contains an “awesome” upstairs library, making it a welcome place for members of the laptop economy. Schumer’s office contacted Birch on Thursday to request the space for part of Sunday, Lyman tells Fast Company, and the conference was given during off-peak hours and therefore didn’t disrupt business too badly. Schumer hadn’t patronized the shop before, so far as Lyman knows: “They were just looking for a place that has Wi-Fi and good coffee, and we have both!” he says.

How does he feel to have his coffee shop transformed, symbolically, into the new ground zero of casual hacking? Does he feel at all responsible? “For us personally, if there was something we could do, we’d certainly be doing it.” Twitter, Amazon, and all HTTP users: the senator and the barista have spoken. Ball’s in your court.

Follow Fast Company on Twitter.

[Image: Flickr user hpnadig]


About the author

David Zax is a contributing writer for Fast Company. His writing has appeared in many publications, including Smithsonian, Slate, Wired, and The Wall Street Journal