November 10th 2014
Business executives travelling abroad have potentially been victims of online spying via hotel Wi-Fi for the last four years. The revelation comes from internet security firm Kaspersky Lab in a warning about the 'Darkhotel' espionage campaign, which poses as legitimate updates for everyday software programs.
According to the company's researchers, 'Darkhotel' hits its targets while they are staying in luxury hotels, never targeting the same victim more than once and spying on them with ruthless precision, obtaining valuable confidential data from the first contact, deleting traces of their activity and disappearing. The most recent victims include top executives from the US and Asia on business in the Asia / Pacific region.
Darkhotel intrudes into hotel Wi-FI networks, even those believed to be private and secure. When victims connect, the cybercriminals recognise that they have done so and trick them into downloading and installing a backdoor masquerading as an update for legitimate software – Google Toolbar, Adobe Flash or Windows Messenger. The act of doing so infects machines with the spying software.
Once installed, the backdoor can be used to further download more advanced data theft tools which collect data about the system and the anti-malware software installed on it, log users' keystrokes, and hunt for cached passwords in Firefox, Chrome and Internet Explorer; Gmail Notifier, Twitter, Facebook, Yahoo! and Google login credentials; and other private information. Victims lose sensitive business and private information before the attackers delete their tools from the hotel network and melt away.
Principal Security Researcher at Kaspersky, Kurt Baumgartner, said: “For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior. This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trus ted commercial networks and target specific victim categories with strategic precision.”
Staying safe online in hotels
Any Wi-Fi network apart from trusted ones at home or in the workplace should be regarded as potentially dangerous. Kaspersky recommends the following:
- Choose a Virtual Private Network (VPN) provider – you will get an encrypted communication channel when accessing public or semi-public Wi-Fi.
- When traveling, always regard software updates as suspicious. Confirm that the proposed update installer is signed by the appropriate vendor.
- Make sure your Internet security solution includes proactive defence against new threats rather than just basic anti-virus protection.
At Get Safe Online we always recommend that you use 3G or 4G connections over public Wi-Fi networks or hotspots, even if the connection is slower or it uses up your data allowance which can be expensive when travelling abroad. Better safe than sorry.