Ride the Lightning

Darkhotel and Other WiFi Gremlins

February 10, 2016

Though we always preach about the dangers of public WiFi from our bully pulpit, many of the "parishioners" turn a deaf ear. Attorney at Work carried a good blog post on this issue, attesting to the fact that many hotels, airports, restaurants, etc. do not encrypt their public networks.

Darkhotel malware (most conference attendees have never heard of this) has been classified by Kaspersky Lab as an advanced persistent threat targeting business hotel visitors.

From the post: "Darkhotel is just one example. Imagine you are staying in a luxury hotel, where the WiFi signal provided is promised to be very fast. After downloading the hotel's "welcome package," submitting your room number and last name at login, you see it is indeed fast. What you don't see is the spy package that provided a backdoor to sophisticated hackers. Congratulations, you just fell prey to the "Darkhotels" scam."

Darkhotel hackers place an information-stealing component into your computer, with which they can collect sensitive data, circumventing anti-malware software. The hackers gather every keystroke, look for passwords that you have cached, and delete any trace that they have been there. With this information, they can continue to target your data, and expand their hacking net to include your firm or employer's data. You can see why your firm might be interested in keeping you away from the snare of Darkhotel hackers.

Another common type of attack involving public WiFi is the "man-in-the-middle" attack. Here attackers create their own networks and pose as public WiFi networks, intercepting all of the data flowing between unsuspecting users and the public network. Since all traffic is going through the fraudulent network device, it's incredibly easy for the hackers to see everything, including data transmitted over encrypted HTTPS connections. This is why you never want to connect to something that appears to be free or something that is not the official hotel network. The hacker will give you the Internet but at a heck of a price. John demonstrated this at ABA TECHSHOW several years ago and it really blew the audience away.

This is not an advanced tactic by the way. Novices can pull it off with inexpensive equipment.

Good tips from the article:

Avoid software updates while you're traveling. If you must perform a software update, verify the update is legitimate by visiting the vendor's website.

Use a Virtual Private Network (VPN) provider — the encrypted communication tunnel protects your data over public or semi-public WiFi.

Before you travel, update all of your Internet security software as well as any internal threat databases used by the software.

Utilize two-factor authentication on services that support it. Two-factor authentication requires you to login with a username and password, as usual, but also requires something else, often a code sent to your mobile device. Two-factor authentication greatly reduces the likelihood of someone being able to impersonate you just by using your username and password.

Use your mobile device as a mobile Internet hotspot. Most iPhone and Android devices have this feature built-in. We use it frequently. You need a password to enable a mobile hotspot, so the bad guys can't compromise you unless they have access to your phone or the password. Upside? The connection is usually faster than WiFi. Downside? Mobile data may be costly and coverage may be spotty – the basement of a hotel may have lousy coverage.

Nice concise piece by Greg Lyda.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson