Darkhotel hack targets hotel WiFi - but staying safe is easy

By Chris Davies/Nov. 10, 2014 4:53 pm EST

A four year campaign to steal data from high-power targets like CEOs and R&D specialists has taken advantage of compromised hotel WiFi, a research firm claims today, taking advantage of overly trusting guests to strip as much information as possible. The so-called "Darkhotels" exploit focused on guests at luxury hotels, Kaspersky says, with hackers predominantly in the Asia Pacific region using fake software installers to open a backdoor into travelers' laptops. That backdoor is then used to load a full complement of tools that can be used to yank as much sensitive data as possible.

Key to the malware is guests taking for granted that software with a familiar name – like Google Toolbar, Adobe Flash, or Windows Messenger – is, in fact, what it claims to be.

In fact, the researchers say, rather than being official updates the software is in fact compromised by Darkhotel's authors. Pushed to the target machine when the hackers see it log onto the hotel WiFi, the initial install is a gateway to a keylogger, a Trojan known as "Karba", and an information-stealing module.

What's particularly interesting is how cautious the data theft is. Rather than simply casting a broad net and hoping to pull in as many victims as possible, which might draw attention to it should at least a couple of guests raise the alarm, it focuses on a carefully selected victim.

That victim has their various keystrokes, passwords, and saved logins all harvested and sent to a remote server, before the local malware as well as the hotel network exploit self-destruct.

"The most recent traveling targets include top executives from the US and Asia doing business and investing in the APAC region: CEOs, senior vice presidents, sales and marketing directors and top R&D staff have all been targeted" Kaspersky

Although it's believed to have been in operation for more than four years, Kaspersky warns, the exploit is still underway.

As for how you can avoid getting caught, the advice is relatively straightforward – and effectively involves being suspicious. Hotel WiFi, as with any public wireless network, should be considered suspect and potentially compromised: if you want to use it, set up a VPN – a Virtual Private Network – first.

That will route your browsing and email through a securely encrypted channel, meaning if anybody is eavesdropping on the connection they won't be able to see what you're doing. As for installing strange software, be cautious of that, too; only load something that's digitally signed from a vendor you trust.

SOURCE Kaspersky