DarkHotel: Give Us All Your Data and Enjoy Your Stay

Posted: April 10, 2016 / Author: Dror Liwer


Notes from the Battlefield: Cybercriminals vs. Business Travelers and How to Keep Your Data Safe

It used to be that a business trip was just a business trip, complete with pay-per-view TV in bed, tiny bottles of shampoo and room service for anyone feeling extravagant.  Yet in today’s era of global business travel, mobile devices, and ever-more-sensitive digital data, a seemingly innocuous stay in a hotel could result in disastrous security breaches for business travelers and the companies they represent.  What are the security concerns currently affecting executive travelers, and how did they creep undetected into the hospitality industry to muck up a relatively good thing?  More importantly, what can executives and security professionals do to fight back?

Tinker, Tailor, Soldier, Spy

DarkHotel hit the news a couple years ago following a spate of cyber attacks that targeted executive-level guests at luxury hotels in Asia.  First recorded in 2007, the attacks came to light more fully a few years later when researchers got reports about a cluster of customer infections.

Here’s how it works:  Attackers infiltrate hotel WiFi networks and fool users into downloading malicious software that looks like a bona fide software update.  Once the user downloads the virus, an advanced key-logging tool is installed that enables the hackers to track passwords.  They relentlessly spearphish specific targets in order to compromise systems and use a P2P campaign to infect as many victims as possible.  To evade detection, the hackers delete their tools from the hotel network after the operation is finished.

The original DarkHotel attacks were striking due to their sophistication and the suggestion of a state-sponsored campaign.  High-profile executives from businesses, government agencies and NGOs were among the targets, with the majority of infections located in Japan, Taiwan, China, Russia and South Korea.  Researchers believe that the initial DarkHotel campaign was likely the work of a nation-state campaign, with signs that it may have originated in South Korea.


Think this sounds interesting? Read the rest of the article featured in Information Security Buzz here.