In November, Hotelier Middle East reported on a Kapersky Lab report that shed light on what it called ‘Darkhotels’. This report suggests that, over a period of several years, sophisticated hackers have been accessing a range of high profile guests – such as government officials and corporate executives – via the WiFi systems in hotels.
Kaspersky Lab’s Global Research and Analysis Team experts have extensively researched the ‘Darkhotel’ espionage campaign, which Kapersky claims has reportedly stolen sensitive data from selected targets while they travelled. The report indicates that this team of hackers never focuses on the same person more than once, and they operate “surgical precision” to obtain as much data as possible the first time around – deleting all trace of their activity as they go.
Kapersky cites some of the most recent targets as including leading executives from the US and Asia doing business and investing in the APAC region, saying that CEOs, senior vice presidents, sales and marketing directors and top R&D staff have all been targeted.
Perhaps most chillingly, although this threat is no longer a secret, it is still an active threat, Kaspersky Lab warns.
How does it work?
Darkhotel hackers maintain their connections into hotel networks, providing ample ongoing access, even to systems that were believed to be private and secure. Lying in wait, they are ready when their chosen victim connects to the hotels WiFi network after check in.
As most systems rely on a user entering room numbers and surnames to log into the network, the attacker can clearly see when their target is active in the compromised system. From there Kapersky explains that it’s simply a case of tricking the hotel guest into downloading and installing a backdoor that appears in the guise of a harmless update for legitimate software, such as Adobe Flash, Windows Messenger or Google Toolbar. And then they’re in, and spying software is installed on the device.
Through this software, additional and more advanced tools for theft of data can be installed, including a digitally-signed advanced keylogger, the Trojan ‘Karba’ and an information-stealing module.
According to Kapersky Labs, “these tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords in Firefox, Chrome and Internet Explorer; Gmail Notifier, Twitter, Facebook, Yahoo and Google login credentials; and other private information”.
This means that targets lose large amounts of sensitive information that is often the intellectual property of the company or organisation they represent.
According to Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab, a mix of both targeted and indiscriminate attacks is becoming increasingly commonplace with targeted attacks on high profile victims and “botnet-style operations” being used for mass surveillance and more.
Tips to avoid being a target
Kapersky Labs states that “any network, even semi-private ones in hotels, should be viewed as potentially dangerous” and it outlines a series of tips to stay safe from the Darkhotel threat, as follows:
• Choose a Virtual Private Network (VPN) provider – you will get an encrypted communication channel when accessing public or semi-public Wi-Fi.
• When traveling, always regard software updates as suspicious. Confirm that the proposed update installer is signed by the appropriate vendor.
• Make sure your Internet security solution includes proactive defence against new threats rather than just basic antivirus protection.
Kaspersky Lab states in its report that it is currently working with relevant organisations to best mitigate the problem. To read the report in full visit http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-sheds-light-on-Darkhotels-where-business-executives-fall-prey-to-an-elite-spying-crew.
Hotel Security – an inside look
To better understand the kinds of issues that need to be taken into consideration when securing a high profile hotel for both guests and staff, we’ve been speaking to Hicham Oumy, Director of Loss Prevention at Qatar’s premier hotel, The Torch, Doha.
Speaking about key threats that hotels need to be prepared for, Oumy said, “Basically there are no specific threats in Qatar, but in my opinion as a Director of Loss Prevention, threat is unpredictable. Therefore it is no longer a question of ‘if’ we will face a threat, it is rather ‘when’, ‘what type’ and ‘how’ prepared we are to deal with it. It is therefore a must to have a crisis management plan in every organisation to deal with various situations which might threaten normal function, flow of activities, resources and the security of guests, staff and the general public and to make sure that all staff are aware of their specific roles before, during and after crises.”
Discussing the threat from the Darkhotel hackers via hotel WiFi systems, we asked Oumy how The Torch ensures its networks are protected to ensure the safety of guest information.
“We have two different systems with completely different networks,” Oumy said. “One is an admin network and it is not WiFi based and has a strong firewall with a dedicated network security team monitoring the whole network, making it difficult for unauthorised people to access our systems. The other is a WiFi network that is securely limited to use by guests only.”
Access control – to hotel rooms and facilities – is obviously a major consideration for any hotel. Given the move to digital systems and increased use of RFID access systems in recent years, we asked Oumey whether he thought these systems are the best solution.
Oumy said, “Yes, electronic card readers, or RFID systems are the best solution so far, as you can easily generate data about everyone who has accessed a specific door with very accurate detail, and you can support these systems with CCTV for evidentiary purposes.”
Given the abundance of five star, and above, hotels in the Middle East, there is clearly a high premium placed on appearance and a luxury setting. Which raises the question, how does one effectively integrate security systems, like CCTV, access control and guarding, into such a luxury setting as The Torch?
“Actually, security in all its forms is now part of every business and it doesn’t represent any obstacle to integrate it,” Oumy explained, “people are becoming increasingly aware of common security measures and they know that all of these precautions are for their own safety and security, and as long as it is not infringing their privacy they do not mind its presence.”
On the subject of privacy, a hot topic in the global press recently has been the vulnerability if IP CCTV systems to hacking. However, Oumy believes that IP systems do not leave hotel guests vulnerable – so long as the appropriate security measures are taken.
He said, “I think by using a strong antivirus, firewall and by limiting the access to only authorised personnel, especially with regards to the admin system, the probability of hacking is very low.”
The Middle East is often in the press for a range of other security issues that have a direct effect on all aspects of tourism. So does Oumy think that this generates any specific issues that need to be factored into securing hotels in the region?
“I would agree with you if you had said that some countries in the Middle East,” he said, “but when it comes to the GCC, especially in Qatar, we are not facing any unusual security issues.”