Dark Hotel – What you need to know

Dark Hotel Attack

Dark Hotel AttackMaybe you’ve heard of the Asian region upscale hotel attacks on computers that has been dubbed “Darkhotel” and maybe you haven’t. Take a few moments to read this, and even follow the links in this article to other sources and understand just how much of a target you really could be, even in the “high end” hotels. First, let’s take a minute to talk about targeted attacks. These attacks target a specific computer or person. This means a computer might hold specific data or a user has specific access to data and the attacker wants to exploit that access.

Now let’s take a minute and talk about how it’s done. You get checked into your $250 a night (or whatever price) hotel room and decide you want to login to work and get some final prep done for your big meetings coming up. So as you do so, you notice a pop up about your Adobe needing update (or Windows or another program you’re used to updating). Annoyed, you go ahead and click yes to update and download and auto install the update. However, it was a very small and next to impossible to detect key logging program that now captures every keystroke on your computer and sends that off to a very sophisticated hacker.

Who is doing this, and how come they haven’t been caught yet? Well there are many theories, but some facts are known. The software most likely came from a South Korean hacker that goes by the online name of Chpie. This person is very skilled writing kernel-level code that antivirus software cannot really detect. Some, like Kaspersky, have even called this NSA level work raising the spectre of a nation or at least state-sponsored activty. Another piece of the pie that makes this a rare and unique piece of code is the use of digital certificates to sign the code, meaning a computer would automatically trust the code was safe and valid, leaving you with yet another hole in your overall security.

How could you protect yourself? Don’t ever login to sensitive sites like banking, work, email, etc without using a VPN connection that you previously created. Second, ensure your hard drive is encrypted so if data on your laptop is somehow compromised, it is encrypted and could take years, if ever, to be decrypted. Next, keep your security software and policies current with updates, and connect to your corporate network for any group policy updates before you travel overseas. Last, a little bit of education and understanding about how your computer and updates work will go a long way.  This is also a pretty good article written by Wired Magazine.

Skip to toolbar