Hacking fears: what you should learn from the Darkhotel saga
Data hacking has become a huge global concern as wearable technologies, new online payment methods and the prevalence of wifi continue to advance.
Accommodation providers with weak security have been targeted by cyber-criminals who want to access personal and financial information about guests. Luxury hotels in particular have faced some deadly cyber-attacks in recent months as they cater to a lot of wealthy business guests.
Check out the latest issue of Accom Management Guide to read the full article.
Darkhotel is the name Kaspersky Lab gave to one such group of hackers who have executed more than 3000 cyber-attacks targeting business guests on hotel wifi.
According to Kaspersky, the group target a specific guest, lurk on the intended hotel’s wifi network for several days prior to their check-in, upload malware onto the provider’s server and then delete it after check-out.
Known by other security companies as Tapaoux, Darkhotel has been active on servers, phishing and attacking hotel wifi networks since 2007. The group have a variety of methods they use but all seem to involve spear-phishing attacks and kernel-mode keystroke loggers to glean data from targets.
After logging into their accommodation provider’s wifi, the cyber-victim would be confronted with a pop up asking them to update their software. Accepting this update allows the group’s malware to take root and exploit any activity on that device.
Prevalent primarily in Asia, Darkhotel hacked sensitive information like passwords, communication channels, and more. Principal security researcher at Kaspersky Lab Kurt Baumgartner said on the firm’s blog, “For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behaviour.
“This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.”
An official warning from the FBI was publicised back in 2012 but the hackers have never been identified and senior business executives staying in hotels continue to be at risk. The danger, with Darkhotel at least, seems to lie most critically where hotel networks ask guests to login with their name and room number.
Frequent business guest and security commentator Quentyn Taylor told accomnews, “Essentially the hotel wifi (or ethernet) network should be treated as a super hostile network as one never knows who else is on or connected.
He added that when travelling he makes sure his software, plugins etc, are all up-to-date before he travels, minimising the risk posed by malware such as that designed by Darkhotel. He also said that while he would enter his surname and room number into a hotel’s portal to access the wifi, he would never enter his email password.
However, it seems that a name and room number is all many of these hackers require to steal personal information. So how can accommodation providers adequately protect their guests? One of the main problems is that wifi networks are not usually managed by providers themselves.
Hua Wang from Victoria University said, “Hotel wifi is a hired service from a wifi server.” Explaining that the hotel serves as the middle-man between clients and servers, he added, “While the connection between the hotel and a server is well secured, the connection between clients and a hotel is not protected and easy to hack. It is weak because a client’s connection to the hotel is not encrypted.”
One key thing accommodation providers could do to help prevent malicious attacks, is issuing safety warnings to guest as part of its terms and conditions page. Professor Wang advised, “Tell guests the truth and provide secure communication software such as GPG.”
Another key, yet seemingly obvious, step to take is making sure staff remain vigilant at all times. Hackers will often access the hotel wifi from within the hotel itself or nearby, lurking on the network to find a weakness. Keeping an eye open throughout the day is a crucial part of your security plan. Guest confidentiality plays a significant role here: red flags include anyone asking personal questions about a guest’s arrival time, activity or room number, and anyone who stands within earshot of the check-in desk for a significant amount of time.
The other thing all providers should do is get to know their wifi vendor. What has your network provider’s response been to the Darkhotel threat? What steps have they put in place to protect end-users? Do they encrypt sensitive data? These are all questions that should be asked. A decent network provider should carry out external data security assessments every two to three years, and internal audits should take place regularly. Make sure these audits are being carried out on your system.
All-in-all, Darkhotel is an example of cyber-terrorism that targets the few rather than the many. It is unlikely that many accommodation providers will be faced with it, particularly smaller properties. However, it shines a light on the importance of data security and that is certainly something that will benefit the many.
AccomNews is not affiliated with any government agency, body or political party. We are an independently owned, family-operated magazine.
