If you thought extortionate connection and data charges were the only sting in hotel internet access services, this might just be enough to stop you from logging-on from your room ever again.
Online and computing security firm Kaspersky Lab has issued a bleak warning that a highly sophisticated cyber espionage network dubbed “Darkhotel” has successfully infiltrated networks used by luxury hotels to hack into devices used by unsuspecting high worth and high profile guests.
“For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior,” said Principal Security Researcher at Kaspersky Lab, Kurt Baumgartner.
“This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.”
It’s a worrying development for traveling government workers and elected representatives who often rely on fast broadband connections from their rooms and suites to counteract even more loathsome global roaming charges from devices tethered to mobile phones.
And it’s just in time for Brisbane’s G20 conference.
Kaspersky’s assessment said the recent travelling targets have included top executives from the US and Asia doing business and investing in the APAC region. Chief executives, senior vice presidents, sales and marketing directors, and top research and development staff were all staff targeted, the company added.
In terms of typology, Kaspersky Lab says attackers wait until after check-in when the victim connects to the hotel Wi-Fi network, submitting their room number and surname at login.
“Once the user is in the compromised network, embedded iframes located within the login portals of the hotels are used to prompt them to download and install a backdoor that poses as one of several major software releases, including Google Toolbar, Adobe Flash and Windows Messenger.”
That’s logical enough, but it’s the post hacking clean-up that has IT security firm’s antennae raised on alert.
“After the operation, the attackers carefully delete their tools from the hotel network and go back into hiding, Kaspersky said.
Unlike some other attack methods, the raiders meticulously clean-up after themselves making sweeps for compromises far harder to be effective. Not that anyone has ever mistrusted hotel cleaners.
While government electronic communications protocols are routinely secured by either the military signals or cyber warfare arms of attendees, corporate participants lobbying leaders for their own outcomes are also thick on ground.
Put more simply, luxury hotels at major conference times make highly appealing honeypots for hackers because of the heavy concentration of power and money bedding down for the night.
The Australian Signals Directorate last week issued a strong advisory on the heightened cyber risks associated with events like the G20 from a range of unfriendly actors.
“Targeting of high profile events such as the G20 by state-sponsored or other foreign adversaries, cyber criminals and issue-motivated groups is a real and persistent threat. The information contained on government systems, whether classified or unclassified, is of strategic interest to cyber adversaries. Information gathered through cyber espionage can be used to gain an economic, diplomatic or political advantage,” the spy agency said.
The ASD also cautioned that there were “many examples of entities being targeted due to their involvement in high profile events” and noted previous ASEAN-themed malicious emails “were sent targeting Australian government agencies in an attempt to compromise their networks and obtain sensitive information.”
“These emails appeared to come from entities associated with ASEAN events,” ASD said.
Australia’s signals spooks are similarly cautious about hooking up from hotel rooms.
“Savvy cyber intruders have been known to exploit hotel or conference facility networks to gain access to mobile devices. Avoid communicating any official or sensitive information on devices that are not connected to a secure network,” ASD said in its official G20 advisory.
“Where possible, try to avoid using hotel internet kiosks and internet cafes to send or receive important data. Do not connect to open Wi-Fi networks for business purposes. Only wireless communications that are needed and can be secured should be enabled.”
Kaspersky’s is a little more blunt.
“When travelling, any network, even semi-private ones in hotels, should be viewed as potentially dangerous,” the company said.
Or, as Don Henley put it:“you can check out anytime you like, but you can never leave”.
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at firstname.lastname@example.org.
Sign up to the Government News newsletter