Hotel Wi-Fi Hacking Scam

From my earliest days tracking identity thieves, illicit information brokers and other scam artists, I learned a valuable lesson. Hackers, Internet thieves, and other types of scam artists, almost always target a select group of victims before expanding their scam to larger groups of targets.

For that reason, I’m always on the lookout for new scams or new variations of previously successful scams that my clients and subscribers need to be aware of so they can protect themselves if they become a target.

And, by the way, the best form of protection against most every type of scam – whether it’s a targeted phishing attack or a con man at your door – is knowledge. Knowledge of the various types of scams and how they are carried out.

With that background, I want to tell you about a hotel Wi-Fi hacking scam that is currently targeting high-value business executives with malware designed to steal information from their laptop computers while they’re traveling.

As I share this information, think about how this could translate to future attacks aimed at other types of business and vacation travelers. Travelers just like you.

In a recently released article, “DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests,” investigative reporter Kim Zetter lays out the exploit in a lengthy and detailed report that you need to read.

Here’s the setup:

“The hotel guest probably never knew what hit him. When he tried to get online using his five-star hotel’s WiFi network, he got a pop-up alerting him to a new Adobe software update. When he clicked to accept the download, he got a malicious executable instead.

“What he didn’t know was that the sophisticated attackers who targeted him had been lurking on the hotel’s network for days waiting for him to check in. They uploaded their malware to the hotel’s server days before his arrival, then deleted it from the hotel network days after he left.

“That’s the conclusion reached by researchers at Kaspersky Lab and the third-party company that manages the WiFi network of the unidentified hotel where the guest stayed, located somewhere in Asia. Kaspersky says the attackers have been active for at least seven years, conducting surgical strikes against targeted guests at other luxury hotels in Asia as well as infecting victims via spear-phishing attacks and P2P networks. [emphasis in original]

“Kaspersky researchers named the group DarkHotel, but they’re also known as Tapaoux by other security firms who have been separately tracking their spear-phishing and P2P attacks. The attackers have been active since at least 2007, using a combination of highly sophisticated methods and pedestrian techniques to ensnare victims, but the hotel hacks appear to be a new and daring development in a campaign aimed at high-value targets. [emphasis added]

“’Every day this is getting bigger and bigger,’ says Costin Raiu, manager of Kaspersky’s Global Research and Analysis Team.‘They’re doing more and more hotels.’ The majority of the hotels that are hit are in Asia but some are in the U.S. as well. Kaspersky will not name the hotels but says they’ve been uncooperative in assisting with the investigation.” [emphasis added]

OK. I really want you to read this article. According to Zetter’s sources, the attackers are using “zero-day exploits to target executives in spear-phishing attacks as well as a kernel-mode keystroke logger to siphon data from victim machines.”

Remember. The attacks may be very specific today – that’s why it’s called spear-phishing. But, from previous experience, I know that these types of attacks are often widened out to far larger populations of victims. In this case, I believe it’s quite possible that all hotel guests could soon be at risk.

And, since the attacks cause a pop-up to appear on your computer informing you that you need to download an update to software that the majority of laptops have installed, follow Zetter’s advice.

“The best defense is to double check update alerts that pop up on your computer during a stay in a hotel. Go to the software vendor’s site directly to see if an update has been posted and download it directly from there. Though, of course, this won’t help if the attackers are able to redirect your machine to a malicious download site.” [emphasis in original]

OK. Now that I’ve warned you about this scam and how it could expand to potentially target larger numbers of hotel guests, I’d like to hear from you.

What scams do you see criminals using on a regular basis?

What scams are you worried about?

Are there specific scams you’ve seen or heard about that you’d like me to discuss?

Let me know by emailing me at [email protected]

Thank you for your time today.

Be safe, secure and free!

Rob Douglas – Former Washington DC Private Detective