Hotel guests in the US have been warned about computers that are made available to guests in hotel business centres, which may be infected with keylogging malware.
Advisories have been issued by the US Secret Service to the hospitality industry after arrests were made of suspects who compromised computers within several major hotel business centres in the Dallas/Fort Worth areas, according to Brian Krebs.
“The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts,” the warning said.
“The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business centre’s computers.”
It warned that in some cases, the suspects used stolen credit cards to register as guests of the hotels and would access publicly available computers in the hotel business centre, log into their webmail accounts and execute malicious key logging software.
Jason Steer, director of technology strategy at FireEye, told IT Security Guru that this has been happening for years, and computers at airports and in hotels are “rife for crimeware”.
He said: “I was researching this six or seven years ago, where a Trojan harvested credentials from stock trading platforms. It harvested the details and sent them to the attacker who used them to move money out of accounts. “Users should be warned not to put anything sensitive on a computer that they do not trust.”
The advisory lists several basic recommendations for hotels to help secure public computers, such as limiting guest accounts to non-administrator accounts that do not have the ability to install or uninstall programs. This is a good all-purpose recommendation, but it won’t foil today’s keyloggers and malware — much of which will happily install on a regular user account just as easily as on an administrative one.
Brian Honan, CEO of BH Consulting, told IT Security Guru that he was surprised to see this article as it doesn’t propose anything ground breaking, or even a new threat. “Many information security professionals are fully aware of the threats posed by public Internet kiosks/PCs be they at hotels, conferences, or internet cafes. If you do not own the machine then you cannot fully trust it,” he said.
“Using public wifi, be that in a hotel or elsewhere, is also a risky proposition as you have no idea who else is on the same network and who could be monitoring or manipulating your traffic. Individuals should always employ a VPN when accessing systems over the internet. Where possible, two-factor authentication should be employed to help reduce the risk of key accounts becoming compromised.”
Toyin Adelakun, vice president at Sestus, said: “For end-users, the key take-away is, and has long been, to treat business-centre PCs and networks as hostile. Presume that they are malware-ridden and bug-infested, and always sniffing for your passwords and other personally-identifiable information (PII).
“If you had to use them, accord them a respectful suspicion, and do not use them to log onto any service that needs your private passwords. That means any service, such as email, social media, internet banking and online retail. Oh, and by the
way, it’s not just hotel business centres — it’s any business centre, computer showroom, internet café or airport lounge.”
