SoylentNews is people
SoylentNews
from the forgot-to-put-the-key-in-the-switch dept.
There are plenty of reasons not to use hotel Wi-Fi. It’s often expensive, sluggish, and unreliable. Sometimes it seems like nobody knows the network password, and when trouble arises it’s hard to convince the front desk that there’s a problem with their network, not one with your devices.
Now you can add something new to that list: Hackers are using hotel Wi-Fi to steal data through zero-day vulnerabilities that companies like Adobe and Microsoft aren’t even aware of. ( http://blogs.wsj.com/digits/2014/11/10/cybercrime-gang-targets-execs-using-hotel-internet/?mod=ST1 )
Kaspersky Lab has appropriately dubbed the attacks the Darkhotel APT ( https://securelist.com/blog/research/66779/the-darkhotel-apt/ ). (It’s not as catchy as Heartbleed, but it’s a little more explanatory, I guess.) Darkhotel works by taking advantage of hotel Wi-Fi’s public nature and the willingness with which many people install updates to popular software like Adobe’s Flash. Hackers are said to have used the tactic to steal information from people traveling in Asia, but researchers found that the malware infected computer across North America and Europe, too.
(Score: 2) by Marand on Tuesday November 11 2014, @05:21AM
Is this a case of the hotel infrastructure being compromised, or just the usual "you can't trust other people on the network with you" problem? Linked articles didn't seem to be clear on that. If it's the latter, I'm surprised this is even a problem; every hotel I've visited in the past five or six years has used AP isolation to keep individual users from interacting in any way. Any public hotspot that isn't doing that is fucking things up royally.
If it's the former, the interesting part isn't the hotel wi-fi aspect, it's that people are getting access to and sabotaging the infrastructure from within, then returning to wipe out traces afterward. That's some spy movie shit, just to target specific individuals with malware.
(Score: 5, Informative) by Fnord666 on Tuesday November 11 2014, @05:44AM
According to the Kaspersky paper, the vector for initial infection was one or more hidden iframes on the hotel's web portal login page. These launched installers that look like application or plugin updates but also contain trojans, backdoors, etc. What was interesting was that these iframes were only served to certain guests and the resources on the hotel's network were deleted right after checkout by the target. Between the access to the hotel's infrastructure and the knowledge that the attackers had of the guest's itinerary, there was either inside help or the hotel's networks have more holes than a screen door.
(Score: 2) by Marand on Tuesday November 11 2014, @06:24AM
Thanks for that info. I didn't see the relevant info in the linked pages and I missed the PDF links the first time because I thought it was an embed/render error caused by NoScript. (A couple sites I visit have had similar-looking issues with JS off)
That means it really is reaching the spy movie plotline level I mentioned in the previous post, just to install malware on target systems. That's intriguing, amazing, and depressing all at once.