Shhh… Hotel Cyber Blues

Business travels carry a huge price tag in security risks. Hence a common (but unspoken) practice amongst sleuths is particularly noteworthy: Avoid the biggest hotels in the biggest cities.

This is relevant because a Kaspersky Lab report (below) released earlier this week found a sophisticated industrial espionage campaign aimed at business executives using in-house wireless connections in luxury hotels across Asia, with thousands of victims since 2009 who otherwise believed they were using private and secure networks.

However, the risk with using hotel internet (both LAN and wireless) connections is nothing new.

The FBI has warned 2 years ago about malware being spread across hotel wi-fi systems.

And in the scandal involving former CIA director David Petraeus and his mistress Paula Broadwell (picture below) back in 2012, the way the FBI managed to trace emails sent by Broadwell from her hotel rooms also underscored the problems associated with using supposedly secure hotel internet connections – despite her attempt to shield her identity by using anonymous email accounts, the FBI were able to find out where the emails were sent from (ie. which cities, which wi-fi locations and which hotels) which eventually led to her name.

DavidPetraeus&PaulaBroadwell-2

Previously on Shhh-cretly, several columns also highlighted the perilous voyage business travelers faced, especially in Asia and the risks go well beyond hotel internet connections. Some fellow sleuths are well aware of how some government would send their agents to break into hotel rooms when the house guests were out for the day. For example, a Shhh-cretly post 2 years ago revealed how the FBI had video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

It also helps to know that the locks found on between 4 and 5 million hotel room doors worldwide can easily be opened by a simple hacking device.

And one is still not necessarily safe inside a hotel room, even if the door is locked and blocked. Spy gadgets may have been planted inside the room to snoop on the unwary house guests. And some rooms even have “spying walls“.

With these knowledge, some sleuths have gone to great lengths to protect themselves – such as planting a covert camera in the room, weighing a data-less laptop, with and without the battery, and the power plug before and after leaving the hotel room as well as hiding a SD card (which store all your data transferred from your laptop prior to a business trip, thus the data-less laptop) under the tongue, etc.

According to the Kaspersky report, “a key mystery remains how attackers appear to know the precise travel itinerary of each victim”.

Well, recall the Snowden revelations have also revealed that the British intelligence agency GCHQ had a secretive “Royal Concierge” program that broke into the global hotel booking system of some 350 luxury hotels for about 3 years, specifically to trace and wiretap the suites of traveling diplomats.

Now, has the world reached a state of paranoia?

Execs in Asian luxury hotels fall prey to cyber-espionage -study

By Eric Auchard
FRANKFURT Mon Nov 10, 2014 5:04am EST

Nov 10 (Reuters) – Security researchers have uncovered a sophisticated industrial espionage campaign that targets business executives in luxury hotels across Asia once they sign on to computers using in-room wireless connections they consider private and secure.

The attacks, which go well beyond typical cybercriminal operations, have claimed thousands of victims dating back to 2009 and continue to do so, Kaspersky Lab, the world’s largest private security firm, shows in a report published on Monday.

Executives from the auto, outsourced manufacturing, cosmetic and chemical industries have been hit, the security firm said. Others targeted include military services and contractors.

In 2012, the FBI issued a general warning to U.S. government officials, businessmen and academics, advising them to use caution when updating computer software via hotel Internet connections when travelling abroad (1.usa.gov/1xAP4YI).

Kaspersky’s report goes further in detailing the scale, methods and precise targeting of these attacks on top business travelers. (bit.ly/1xcU0Gs)

The movements of executives appear to be tracked as they travel, allowing attackers to pounce once a victim logs on to a hotel Wi-Fi network. Hackers cover their tracks by deleting these tools off hotel networks afterward.

“These attackers are going after a very specific set of individuals who should be very aware of the value of their information and be taking strong measures to protect it,” said Kurt Baumgartner, principal security researcher for Kaspersky, the world’s largest privately held cybersecurity firm.

Unsuspecting executives who submit their room number and surname while logging on to their hotel room’s wireless network are tricked into downloading an update to legitimate software such as Adobe Flash, Google Toolbar or Microsoft Messenger, Kaspersky said. Because attacks happen at sign-on, encrypted communications set up later offer no defence against attack.

The same elite spying crew has used advanced keystroke-logging software and encryption-breaking at multiple hotel chains across Asia, it said.

Kaspersky declined to name the executives involved or the luxury destinations targeted but said it had informed the hotels as well as law enforcement officials in affected locations.

Ninety percent of the victims came from five countries — Japan, Taiwan, China, Russia and South Korea. Business travelers to Asia from Germany, Hong Kong, Ireland and the United States have also been duped, Baumgartner said.

The Kaspersky report said a key mystery remains how attackers appear to know the precise travel itinerary of each victim, which points to a larger compromise of hotel business networks that researchers say they are continuing to probe. (Reporting By Eric Auchard; Editing by Clara Ferreira Marques)