The coffee shop sting that cost a CEO his secrets
It happened on a rainy Thursday morning in Kampala. Mr. K, a prominent CEO of a local fintech startup, had stepped into a sleek café in Kololo, waiting for his next investor pitch.
He ordered a latte, fired up his laptop, and connected to the café’s “FREE_WIFI_4U” network.
Within minutes, he was firing off investor decks, replying to emails, and approving transactions via his company’s web portal.
What he didn’t know was this:
The free Wi-Fi was a rogue access point, a man-in-the-middle (MITM) setup, planted by a hacker sitting three tables away.
By the time Mr. K’s coffee cup was empty, his entire browsing session, passwords, emails, company financials, had been mirrored, recorded, and shipped to a command server in Kyiv, Ukraine.
Two weeks later, the investor deal collapsed. The confidential term sheet Mr. K had shared over “free Wi-Fi” leaked to a competitor.
The startup? Crippled.
The anatomy of a Wi-Fi trap.
The late Péter Szőr, the legendary malware researcher, often said:
“The most dangerous malware isn’t in the code, it’s in what you assume is safe.”
Let’s dissect this hack.
Step 1: The evil twin attack
The hacker cloned the café’s real Wi-Fi SSID, broadcasting a stronger signal under the same name: “FREE_WIFI_4U”.
Mr. K’s device, like most modern laptops, auto connected to the stronger signal.
Step 2: Transparent proxy injection
Using tools like Bettercap and WiFi Pineapple, the hacker set up a transparent proxy, intercepting every bit of data Mr. K sent.
Even supposedly “secure” HTTPS connections were downgraded using SSL stripping.
Step 3: Credential harvesting
When Mr. K logged into his email and cloud portal, the hacker captured:
- Username and password
- Session tokens
- Auth cookies
This allowed the attacker to bypass multi-factor authentication later.
Step 4: Data exfiltration and exploitation
Within an hour, the attacker had:
Downloaded the fintech’s investor presentations
Accessed sensitive client data
Intercepted confidential emails with investors
Days later, an anonymous leak to a competing fintech derailed Mr. K’s biggest deal.
The real cost of free Wi-Fi
Mr. K thought he was saving on data bundles.
What he lost:
- A UGX 4.5 billion investment deal
- Competitive advantage
- Credibility with investors
The hackers? They didn’t need to break encryption. They didn’t need zero-day exploits.
They simply hijacked trust.
Why does this happen, and keep happening
Most executives, and even IT teams, believe Wi-Fi is a “low-risk convenience.”
But here’s the dirty secret hacker’s exploit:
- Public Wi-Fi is an open playground. Anyone can spoof it.
- Device auto-connect settings are default-enabled.
- SSL certificates can be stripped, and users won’t notice.
How iShield 360 Cybersecurity at Summit Consulting traces Wi-Fi attacks
When Mr. K’s board called us, we launched a digital forensic hunt:
- Wireless Spectrum Analysis: Confirmed rogue SSID broadcast logs from the café.
- Packet Capture Review: Isolated the data streams hijacked over MITM tools.
- Credential Compromise Check: Identified breached accounts and session tokens.
- Threat Actor Fingerprinting: Using known exploit kits linked to Eastern European hacker forums.
The scary part: This wasn’t a targeted attack
The hacker didn’t know Mr. K.
They didn’t need to.
They set up a Wi-Fi trap in a busy café and waited.
In cybersecurity, we have a saying: “Trust no device, no connection, unless you built it, secured it, and control it.”
How to protect yourself (and your business)
- Never use public Wi-Fi without a trusted VPN.
- Disable auto-connect to open networks on all your devices.
- Always verify SSL/TLS certificates on critical portals.
- Deploy endpoint detection that alerts on MITM attacks.
- Use mobile data or secure personal hotspots whenever possible.
Free Wi-Fi isn’t free. You pay with your data, your privacy, and sometimes, your business.
Hackers don’t need malware. They need your carelessness.
In Uganda’s fast-growing business scene, the next victim could be you.
We remain, IFIS Team.
