Académique Documents
Professionnel Documents
Culture Documents
BY KIM ZETTER
11.10.14 |
11:06 AM |
PERMALINK
Share on Facebook
709
inShare412
Getty Images
The hotel guest probably never knew what hit him. When he tried to
get online using his five-star hotels WiFi network, he got a pop-up
alerting him to a new Adobe software update. When he clicked to
accept the download, he got a malicious executable instead.
What he didnt know was that the sophisticated attackers who
targeted him had been lurking on the hotels network for days
waiting for him to check in. They uploaded their malware to the
hotels server days before his arrival, then deleted it from the hotel
network days after he left.
Thats the conclusion reached by researchers at Kaspersky Lab and
the third-party company that manages the WiFi network of the
unidentified hotel where the guest stayed, located somewhere in
Asia. Kaspersky says the attackers have been active for at least
who have been taking their time. Theyve been trying to access
networks over the last years.
Its unclear how many other hotels theyve attacked, but it appears
the hackers cherry-pick their targets, only hitting hotels where they
know their victims will be staying.
When victims attempt to connect to the WiFi network, they get a
pop-up alert telling them their Adobe Flash player needs an update
and offering them a file, digitally signed to make it look authentic, to
download. If the victims accept they download, they get a Trojan
delivered instead. Crucially, the alerts pop up before guests actually
get onto the WiFi network, so even if they abandon their plan to get
online, they are infected the moment they hit accept. The
do their deed, then erase all evidence and leave. But in the logs, the
researchers found no backdoors on the systems, so either the
attackers never used them or successfully erased any evidence of
them. Or they had an insider who helped them pull off the attacks.
The researchers dont know exactly who the attackers were
targeting in the identified hotel attacks. Guests logging onto WiFi
often have to enter their last name and room number in the WiFi
login page, but neither Kaspersky, nor the company that maintained
the WiFi network, had access to the guest information. Reports that
come into Kasperskys automated reporting system from customers
are anonymous, so Kaspersky is seldom able to identify a victim
beyond an IP address.
The number of hotels that have been hit is also unknown. So far the
researchers have found fewer than a dozen hotels with infection
indicators. Maybe there are some hotels that use to be infected
and we just cannot learn about that because there are no traces,
the network-management executive says.
The company worked with Kaspersky to scour all of the hotel servers
it manages for any traces of malware and are fairly confident that
the malware doesnt sit on any hotel server today. But that is just
one network-management company. Presumably, the DarkHotel
operation is still active on other networks.
Safeguarding against such an attack can be difficult for hotel
guests. The best defense is to double check update alerts that
Howard Treesong
a day ago
"Hi, I'm a process on a server you don't know. Can I install some files on
your computer?"
No. The answer is no. Never.
I find all stories about problems with computers and malware a bit odd,
seeing as how at some level the user has to cooperate. This user does
not cooperate. This user trusts no one, for any reason, ever.
I don't know what strangled-by-his-own-umbilical-cord idiot came up
with the idea of 'trusted certificates'. What is going to be the first
vector for any attack? That which the user ostensibly [has to] trust[s].
Do these characters have no idea what words mean? It's all a meme
now, it no longer matters?
Who can you truly trust in life? Very few people. Who can you trust
online? Absolutely nobody. Is this something people are really too dumb
to learn or will the lesson sink in at some point?
o
12
Reply
Share
a day ago
The point of the article is that the site was able to successfully
masquerade as a trustworthy site. This is not an example of
clueless users, it's an example of a very sophisticated attack
that would work on the vast majority of computer users, even
many experienced ones.
Our entire technology ecosystem is predicated on constant
updates - Windows, Adobe, even Kaspersky need updates on an
almost daily basis, many just for security reasons. You can't tell
people that they have to keep their computers updated to be
safe, and then call them stupid for installing an update that by
all appearances is from a trusted source. That's a system issue,
not a user issue.
14
Reply
Share
9 hours ago
Reply
Share
3 hours ago
Reply
Share
a day ago
Reply
Share
9 hours ago
Reply
Share
21 hours ago
"Is this something people are really too dumb to learn or will
the lesson sink in at some point?"
I think we both know the unfortunate answer to that question.
Some users just shut off their brains when it's anything
computer related and others refuse to take even basic
precautions because it's just too inconvenient. Somehow they
don't understand that "it shouldn't work that way", "it should
know what I want/mean" and "they shouldn't be able to do
that" are fine sentiments but utterly meaningless in the real
world.
Reply
Share
a day ago
Reply
Share
Unlo4 moleculethecat
3 hours ago
Reply
Share
o
o
Justicer23
21 hours ago
Reply
Share
o
o
YaPiDo
19 hours ago
Reply
Share
JaitcH YaPiDo
14 hours ago
Reply
Share
thauber JaitcH
4 hours ago
Reply
Share
o
o
bogorad
a day ago
Reply
Share
o
o
slave138 bogorad
a day ago
Maybe next time you should try reading a little more then. If
you had, you might have realized that your whine makes no
sense at all in the context of this article.
If they were trying to scare people out of their money, why
would they admit they don't know who exactly is doing it,
where (other than a few examples they could find) it has been
done, or how to stop it from happening again?
Reply
Share
bogorad slave138
a day ago
Reply
Share
slave138 bogorad
21 hours ago
Reply
Share
Unlo4 bogorad
3 hours ago
o
o
Reply
Share
Rick Fictus
a day ago
Reply
Share
a day ago
Reply
Share
slave138 FistOfReason
21 hours ago
Reply
Share
FistOfReason slave138
6 hours ago
Reply
Share
slave138 FistOfReason
3 hours ago
Reply
Share
FistOfReason slave138
3 hours ago
Reply
Share
slave138 FistOfReason
an hour ago
Reply
Share
FistOfReason slave138
an hour ago
o
o
Reply
Share
FistOfReason
a day ago
Reply
Share
a day ago
Reply
Share
Wrong.
Reply
21 hours ago
Share
slave138 FistOfReason
21 hours ago
Reply
Share
FistOfReason slave138
6 hours ago
Reply
Share
slave138 FistOfReason
3 hours ago
Reply
Share
FistOfReason slave138
2 hours ago
Reply
Share
slave138 FistOfReason
an hour ago
Reply
Share
FistOfReason slave138
14 minutes ago
Reply
o
o
o
Share
21 hours ago
Reply
Share
6 hours ago
Reply
Share
slave138 FistOfReason
3 hours ago
Reply
Share
FistOfReason slave138
3 hours ago
No, streaking.
Reply
Share
Andy H FistOfReason
21 hours ago
Reply
Share
FistOfReason Andy H
6 hours ago
That's iOS not OSX and the WireLurker threat has been
taken care of. Once again Apple fixed a problem instead
of just letting users deal with it a la Microsoft.
Reply
Share
thauber FistOfReason
4 hours ago
Reply
Share
FistOfReason thauber
4 hours ago
Reply
Share
Andy H FistOfReason
4 hours ago
Reply
Share
FistOfReason Andy H
4 hours ago
Reply
Share
thauber FistOfReason
4 hours ago
Reply
Share
FistOfReason thauber
4 hours ago
Reply
Share
o
o
Ryan Egan
39 minutes ago
http://techsmash.net/be-carefu...
o
Reply
Share
o
o
JC
6 hours ago
So they only attack Windows OS? And if the user click "no" on the
update is gameover for the hackers intentions? That seems too simple.
o
o
Reply
Share
o
o
Sarah M
13 hours ago
"Raiu says the key logger, a kernel-mode logger, is the best written and
most sophisticated logger hes seen in his years as a security
researcher. Kernel-mode malware is rare and difficult to pull off."
I don't know anything about this keylogger or modern
keyloggers/malware, however there have been kernel-level keyloggers
dating back as far as 2005. Back then kernel-level malware was often
called a rootkit. Even Sony had one.
http://en.wikipedia.org/wiki/K...
https://www.schneier.com/blog/...
Reply
Share