WARNING: malicious wifi hotspot found near McPherson Square

On the 25th of November, with Ferguson protesters roaming the city, a wifi hotspot calling itself "Google Starbucks" appeared in the McPherson Square area. Upon connection I discovered it was replacing https certificates for this website and several others with invalid ones. Another connecton did not generate this warning, proving "Google Starbucks" to be intercepting web traffic.

I do not know if this wifi server always decrypts https traffic (thus the replaced and invalid certificates) or is a honeypot set up by the police or some other malicious entity. It is known that ther Metropolitan Police Department's electronic surveillance unit is fully deployed at this time against Ferguson protesters. If you use public wifi hotspots in DC, be very careful about certificates and never log into anything that either does not use https or generates a certificate error from one.

This hotspot could be intercepting login passwords for people's email and social networking accounts, for later use by the cops or identity thieves. Alternately this hotspot could be decrypting traffic to permit selling tracking information or the injection of advertisements into web pages.

DO NOT USE the "Google Starbucks wifi hotspot near McPherson and treat any other wifi hotspot giving this as its name as malicious! Might be one hacker, might be Starbucks themselves tampering with your encrypted email logins, online banking, or whatever else you regard https as protecting from interception or alteration by 3ed parties. In the computer security world this is known as a "man in the middle" attack, and the Google Starbucks wifi server at McPherson appears to be executing one!

All rights reserved.