Russian Hackers May Be Targeting Your Hotel and Your Data

August 14, 2017 | rjmcgarvey | InfoSec, Travel

 

By Robert McGarvey

The statement from security firm FireEye has to put a chill in you: “FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East.”

There’s no doubt that there has been a hacking campaign. The “moderate confidence” applies only to attribution to the Russian hackers.

FireEye continued: “FireEye has uncovered a malicious document sent in spear phishing emails to multiple companies in the hospitality industry, including hotels in at least seven European countries and one Middle Eastern country in early July. Successful execution of the macro within the malicious document results in the installation of APT28’s signature GAMEFISH malware.”

Then the news turned awful: “Once inside the network of a hospitality company, APT28 sought out machines that controlled both guest and internal Wi-Fi networks.”

WIRED Magazine fanned the anxieties: “APPROPRIATELY PARANOID TRAVELERS have always been wary of hotel Wi-Fi. Now they have a fresh justification of their worst wireless networking fears: A Russian espionage campaign has used those Wi-Fi networks to spy on high-value hotel guests, and recently started using a leaked NSA hacking tool to upgrade their attacks.”

This is not fretting about kiddie hackers. According to Reuters, “Several governments and security research firms have linked APT 28 to the GRU, Russia’s military intelligence directorate. ”

That’s significant. That means we all need to be just a bit worried. This is a slick, professional attack. Nobody denies that, even though some aren’t convinced Russians are the actors.

The attacks have been slick. That’s the issue.

Remember, the biggest worries involve hotels outside the US.

In the US, many of know to use hotel WiFi sparingly if at all.  Domestic hotels have been under assault by hackers for some years and good advice is just don’t use the WiFi for anything meaningful that involves a password. That means corporate email, banking, even frequent flier accounts.  

That’s because the odds are high that criminals are sniffing the data stream over any public WiFi network and are seeking to pull out usernames and passwords.

But here’s the kicker: ignoring public WiFi domestically is easy.  I just create a personal hotspot, either on my TMobile iPhone or Google Fi Pixel, and I am good to go – often at speeds that rival hotel WiFi anyway.  That communication over the cellular network is significantly more secure than a public WiFi network so my advice is use it.

Abroad our choices are more complicated.  That’s because data abroad either is very slow or it comes at a price or both.

Set up a hotspot for data in Paris and very likely you will pay.

But now that is emerging as the better solution.

AT&T offers a calculator to help guide how much data to buy.  

Personally I will keep it simple by using T-Mobile, which offers free data – at slower speeds – in some 140 countries.  

Google Project Fi – in 135 countries – costs $10 per gigabyte for whatever speed Google can deliver.  

You want to know how you will create your own hotspot before your next foreign trip.

That’s because you – not the hotel – apparently are the target of the hackers.

FireEye elaborated: “Cyber espionage activity against the hospitality industry is typically focused on collecting information on or from hotel guests of interest rather than on the hotel industry itself, though actors may also collect information on the hotel as a means of facilitating operations. Business and government personnel who are traveling, especially in a foreign country, often rely on systems to conduct business other than those at their home office, and may be unfamiliar with threats posed while abroad.”

What kinds of hotel are the Russian hackers targeting? Here’s Fire Eye’s info: “FireEye says that the hacked networks were those of moderately high-end hotels, the kind that attract presumably valuable targets. ‘These were not super expensive places, but also not the Holiday Inn,’ FireEye’s [Ben] Read says. “They’re the type of hotel a distinguished visitor would stay in when they’re on corporate travel or diplomatic business.”

Sound like the kind of place you’d stay in?

Definitely it is my profile.

Note: FireEye is adamant that using a VPN may not provide complete protection against the tools the Russian are deploying.  Definitely, use a VPN when traveling abroad – just don’t be certain it is protecting against sophisticated intercepts.

So create your own hotspot.  Right now, that looks to be safe, abroad just as it is domestically.

 

Leave a Reply

Your email address will not be published. Required fields are marked *