Getting Hacked on Amtrak: It’s a Lot More Likely to Happen on Trains That Block VPNs

Facebooktwittergoogle_plusredditpinterestlinkedinmail

By now, we hope you know that connecting to a Wifi hotspot without using VPN software to encrypt your sensitive information is like playing Russian Roulette with your identity. But what happens if you have VPN software but a Wifi hotspot provider prevents you from using it?

An email we recently received from a PRIVATE WiFi™ subscriber highlights that security concern for hotspot users on Amtrak trains. So we thought you’d want to know about it:

I am concerned the last time I used Amtrak Wifi my email was hacked. It could be a coincidence or it could have been the Wifi. So I ordered your private network in hopes it would help. But so far I have not been able to use it.

We asked Amtrak why it would offer free Wifi to its passengers but make it impossible for them to use it safely by blocking VPNs. This was Amtrak’s response:

AmtrakConnect supports VPNs only onboard Acela Express, Capitol Corridor, Pacific Surfliner and San Joaquin trains. VPN is not supported on any other trains. The decision to block VPNs on our Amfleet services along the East Coast is for technical reasons.

Why Amtrak Blocks VPNs on Many Trains

Those technical reasons boil down to bandwidth.

Due to huge volume of passengers logging on to Amtrak’s free Wifi, there’s not enough bandwidth to go around. Its solution has been to block streaming media and downloading files bigger than 10MB. That means VPNs can’t be used on many of its trains. And, as a result, passengers’ sensitive information is exposed to hackers every time they use Amtrak’s Wifi on many trains. Amtrak’s attempts to control bandwidth use haven’t done much to improve its slow and spotty Wifi service. Legions of the rail line’s passengers have vented online about their thwarted attempts to use AmtrakConnect.

But what many don’t seem to realize is that connecting to it without the option to use a VPN is to protect their information is a much bigger problem.

The High Cost of Connecting to Wifi Hotspots Without Protection

Author and entrepreneur Peter Shankman became so irate about unsecure Wifi hotspots, he installed Firesheep on his laptop to demonstrate how easy it was to grab hotspot users’ sensitive information on aboard an Amtrak train from New York to Boston.

This is what he found:

Right now, within TEN MINUTES of this train leaving Penn Station, NY, someone has just logged onto Evernote through Amtrak’s Wi-Fi, someone else has logged into Yahoo, and someone else has logged into Windows Live … Ooh – Two people just logged into Facebook.

Here’s the kicker: If I were to click on their name from the list RIGHT IN FRONT OF ME, I’d have access to every piece of data that B… has on Evernote, that J… has on Yahoo!, and that S… has on Facebook. Every photo. Every audio recording. Every conversation they thought was private. Every potential life-changing or relationship-ruining piece of data.

Remember, just because Amtrak is owned and operated by the government doesn’t mean its Wifi service is any safer than other public hotspots.

While many Amtrak passengers still might not understand the security risks of using free Wifi, Amtrak understands those risks all too well. That’s why its Terms of Service make hotspot users solely responsible for any security breaches or accidental disclosures of their personal information.

Using any hotspot without having the ability to use VPN software to protect your sensitive information is risky business. Think before you connect to any hotspot that blocks VPN use. And follow the Federal Trade Commission’s advice to connect safely to hotspots using a VPN. Your online security depends on it.

If you haven’t already, download your 3-day free trial of PRIVATE WiFi so you can be safe on all public wifi.

 

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Jan Legnitto

Jan Legnitto is an investigative journalist and documentary producer who writes about criminal justice and intelligence issues. Jan is also a frequent contributor to the Private I blogs.