'Darkhotel' attack targets high-level executives traveling on business

Shawn Knight

Posts: 15,255   +192
Staff member

Malicious hackers have been using hotel Wi-Fi connections to infiltrate computers belonging to high-level executives traveling on business according to a new warning from security research firm Kaspersky Lab.

When a target checks into a hotel, the attacker waits until they log onto the hotel Wi-Fi using their room number and surname to authenticate. Once the attacker sees them in the compromised network, they trick the target into installing a backdoor – often disguised as a legitimate software update for programs like Adobe Flash, Google Toolbar or Windows Messenger.

Once on a system, the backdoor can be used to download more advanced stealing tools such as a digitally-signed advanced keylogger, the Trojan ‘Karba’ and an information-stealing module. These tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords and other private data.

darkhotel internet wi-fi hotel

After the operation, the attackers carefully delete their tools from the hotel network and go back into hiding according to Kaspersky.

Dubbed “Darkhotel,” the practice has been going on for at least the last four years. No specific hotels were mentioned in the report although Kaspersky claims most of the security breaches have taken place in China, Japan, Russia, South Korea and Taiwan. Top executives from Asia and the US are among the most recent targets, we’re told.

Kaspersky warns travelers that any network, even a semi-private one like in a hotel, should be treated as potentially dangerous. Travelers are advised to use a VPN when accessing public or semi-public networks, regard software updates as suspicious and have the latest proactive protection in place.

Permalink to story.

 
Reason #2 why serious or sensitive business should be discussed face-to-face or via telephone whenever possible.
 
Reason #2 why serious or sensitive business should be discussed face-to-face or via telephone whenever possible.
And a land line at that!

For those of you kids who may be reading and don't understand the term, "landline", it's a telephone that connects to other telephones via physical wires...(y)
 
Kaspersky Labs.....

Why is that this Russian Co. is always at the front of this type of notices.... Hmmmm

Very interesting..... Comrades
 
Reason #2 why serious or sensitive business should be discussed face-to-face or via telephone whenever possible.
And a land line at that!

For those of you kids who may be reading and don't understand the term, "landline", it's a telephone that connects to other telephones via physical wires...(y)
Don't waste your time trying to explain the use of carrier pigeons to them.
 
Always assume your data is being monitored. Encrypt everything.
If you are connected, you are monitored irrespective of encryption. If you are a POI encryption will be as useful as an ashtray on a motorbike and the feds probably pay more attention to encrypted data. Forget it, they've got your number.
 
Modern phone branch exchanges don't work this way (except for the "last mile", that is from the PBX to the customer's phone). Instead they are just specialized computers that connect to packet switched network (not unlike Internet/WAN). Monitoring conversations is as trivial as dumping packets and can be performed en-masse.

Service providers are actually obligated by law to provide facilities for communication monitoring (for both landline and mobile communications) in this manner to assorted agencies (at least in Europe). Once such capacities are available one can only wonder how much warrantless monitoring is going on in addition to legitimate (court ordered) stuff ...
 
If you are connected, you are monitored irrespective of encryption. If you are a POI encryption will be as useful as an ashtray on a motorbike and the feds probably pay more attention to encrypted data. Forget it, they've got your number.

Just because you can't protect yourself against the three letter agencies, doesn't mean you shouldn't protect your data from everyone else's eyes.

Plain text across shared wires is just plain stupid.
 
Back