How Cyber Crime Gang Targets Travelling Executives Through Hotel Wi-Fi

Several top executives targeted through hotel Wi-Fi, security group says.

ByABC News
November 10, 2014, 2:28 PM
A businessman is pictured in his hotel room in this stock image.
A businessman is pictured in his hotel room in this stock image.
Getty Images

— -- A stealth gang of cyber criminals have carefully targeted travelling executives through hotel Wi-Fi connections in Asia over the past four years and are still active today, according to a report from a leading security firm.

Operating methodically -- almost as though they have a hit list -- the hackers never target the same person twice, Costin Raiu, director of Global Research and Analysis at Kaspersky Lab, which conducted the study, told ABC News.

"It seems to us that the main focus is to get further access into their networks," Raiu said of the incidents, which Kaspersky Lab has dubbed the Darkhotel espionage campaign.

"Perhaps the executives are not exactly the primary target," he said. "Of course these guys happen to have interesting information, but I believe the attackers want to look deeper into these companies."

Kaspersky Lab said it became aware of the apparent hacks after it "saw an increase in a cluster of customer infections" via its security network, which were all traced to hotels in Asia.

While Raiu would not disclose who was targeted, the report found that CEOs, senior vice presidents, sales and marketing directors and top research and design staff from the United States and Asia were targeted while staying at luxury hotels in the Asia-Pacific region.

The threat from Darkhotel is ongoing and something researchers are still trying to fully grasp, Raiu said.

When a target logs onto a compromised hotel Wi-Fi network, they are prompted to download malware that appears to be a legitimate software update, according to the Kaspersky report.

The hackers are then able to scan the computer for login information and cached passwords, as well as steal all keystrokes, exposing sensitive information to the cyber criminals without the executive ever knowing their system was compromised.

Once complete, hackers delete any traces from the hotel network and go back into hiding until their next victim emerges, according to the report.

While the source of the hacks has yet to be identified, the Kaspersky report said the hackers left behind information in their malware that points to a Korean-speaking source.

Robert Siciliano, a McAfee online security expert, said the report was "no surprise."

"Hackers are targeting executives in hotels everywhere, worldwide," he said. "Why wouldn't they? Hotel Wi-Fi is relatively open, often free and penetrable. Free Wi-Fi is like running naked in the woods. Eventually you'll get pricked."

Siciliano recommends anyone logging onto hotel Wi-Fi deploy a Virtual Private Network, such as Hotspot Shield, to keep their Internet activity private -- even while on a public network.

"It's a stupid no brainer," he said. "I'd be surprised that any company's IT people would even let their executives connect on free Wi-Fi without a VPN being launched."

Meanwhile, Raiu said researchers at Kaspersky are working with the "relevant companies" to find a solution to mitigate the hacks.

"While we are seeing hacking attempts on a daily basis, it is very rare to see this hacking for a purpose," Raiu said. "We are dealing with a very sophisticated attacker."