Use High Profile Asian Hotels? Watch out for Dark Hotel Hacking.

[wasbit]

Use High Profile Asian Hotels? Watch out for Dark Hotel Hacking.

“The hotel guest probably never knew what hit him. When he tried to get online using his five-star hotel’s WiFi network, he got a pop-up alerting him to a new Adobe software update. When he clicked to accept the download, he got a malicious executable instead.

What he didn’t know was that the sophisticated attackers who targeted him had been lurking on the hotel’s network for days waiting for him to check in. They uploaded their malware to the hotel’s server days before his arrival, then deleted it from the hotel network days after he left.

That’s the conclusion reached by researchers at Kaspersky Lab and the third-party company that manages the WiFi network of the unidentified hotel where the guest stayed, located somewhere in Asia. __ Kaspersky says the attackers have been active for at least seven years, conducting surgical strikes against targeted guests at other luxury hotels in Asia as well as infecting victims via spear-phishing attacks and P2P networks.

Kaspersky researchers named the group DarkHotel, but they’re also known as Tapaoux by other security firms who have been separately tracking their spear-phishing and P2P attacks.”

– https://www.wired.com/2014/11/darkhotel-malware/

 

--
Regards
wasbit

Rig 1: Optiplex 3050 SFF
Rig 2: Asus ROG G20CB (rebuilt wreck)
Rig 3: HP Elitebook 8440P

Dear Starfleet, hate you, hate the Federation, taking Voyager. - Janeway

[Ed P]

Anyone who has ever done business in much of Asia knows that you will get hacked, tracked and spied upon. It just goes with the turf. Certain countries (e.g. China/North Korea) will even attempt to compromise you e.g the old honey-trap or a. large open brief case stacked with ‘$100 bills’ – touch or come near the honey-trap/briefcase and you will be blackmailed! Even Japan is not totally safe as the Japanese Government/MITI invests heavily in commercial intelligence gathering.

My old company realised the situation way back in the 90s and had a stock of special issue laptops for certain countries that were never used within the company network and were low level formatted and new systems installed after each visit. (not sure what they do today as low level formatting went the way of the Dodo many years ago – probably just throw away the hard drive at a guess) They probably have to have similar policies for phones today — i.e just use cheap burner phones.

[The Duke]

No one should be doing anything in portmanteau on a, public hot spot. If 4g is avalible always use that, though that isn’t 100% safe, but if your out the house use a vpn. They are not expensive for a good one that won’t cripple your bandwidth.

Mine is capped at 20meg, when out it doesn’t effect speed, at home I notice it caps out at 20meg per device which is plenty.

I think I pay £18 a year for unlimited bandwidth, no adds.

[Bob Williams]

Interesting find Wasbit, but dated 11.10.14.

When the Thought Police arrive at your door, think -
I'm out.

[Author]

Posts