'Darkhotel' Hack Targets Corporate Travelers: Avoid Public Wi-Fi
Here's a lesson that isn't quite a lesson -- more of a reminder: Avoid public Wi-Fi.
It doesn't matter if it's hotel Wi-Fi, Starbucks Wi-Fi, or your neighbor's unsecured network -- stay away when dealing with secure information. And seriously, if you get a surprise "Update This Now!" pop-up while on a public Wi-Fi network, don't click on the darn thing.
It sounds like common sense, but not everyone has that much sense in common, if you get the Jay-Z reference. The latest from Kaspersky Labs says that a "'Darkhotel' espionage campaign" has been fooling corporate travelers and targeting their data since at least 2009.
Targeted Asian Hotels' Wi-Fi Networks
According to Kapersky, the "Darkhotel" malware has primarily targeted hotel guests in Japan, Taiwan, China, Russia, and South Korea, and the attacks seem to be targeted at corporate executives, perhaps as a means of tapping into sensitive corporate information or corporate networks. The attack works like this:
[The hackers] wait until, after check-in, the victim connects to the hotel Wi-Fi network, submitting his room number and surname at the log-in. The attackers see him in the compromised network and trick him into downloading and installing a backdoor that pretends to be an update for legitimate software -- Google Toolbar, Adobe Flash or Windows Messenger. The unsuspecting executive downloads this hotel "welcome package," only to infect his machine with a backdoor, Darkhotel's spying software.
For high-profile targets, the malware is removed after the sought-after data is obtained, keeping the breach quiet. Hackers are also releasing the malware indiscriminately as well, presumably to less important targets.
How to Stay Safe
How about never using public Wi-Fi? That's always a good tip, and if you are handing sensitive corporate information, it's probably worth investing in a 4G hotspot for your mobile data needs.
And if you do connect to a hotel or coffee shop's network, don't download anything: updates, patches, or "welcome packages" could all be well-disguised malware. Kapersky also advises that you use a Virtual Private Network (VPN) to keep your data private.
Related Resources:
- DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests (Wired)
- Lesson From the STD Website Case: Don't Hide Your TOS (FindLaw's In House)
- FCC's 1st Data Security Fine: $10M Sought for Breach (FindLaw's In House)
- Does Your Company Need an After-Hours Email Policy? (FindLaw's In House)