Over on Wired is a post about high-profile hotel guests, mainly but not always in Asia, being the targets of what are known as spear-phishing attacks. As opposed to regular phishing attacks which target as many people as possible, and which we’ll learn about later, spear-phishing attacks target a particular individual and attempt to steal data. The specific malware used for these attacks, and the group using it, is known appropriately as DarkHotel.

To summarize the article, the attackers would upload malicious software to the hotel server, then when the target logged on to the hotel WiFi they would be prompted to download an update to some Adobe software (the article didn’t state which, however never, ever download updates over public or even semi-private networks), but what they actually got was an infection.

Looks can be deceiving

It appears the purpose was to glean nuclear secrets, and considering the attackers were running 200(!) command-and-control servers, which really means they had infected 200 other machines with malware that let them control DarkHotel without being directly connected to it. the attack was quite advanced. Not only that, they used zero-day exploits which are software flaws that even the devloper itself isn’t yet aware of, and kernel-mode keyloggers which means they’re actually running as part of the operating system, not a separate application; those are much more difficult to identify and monitor, if you remember the discussion about memory and CPUs. Kaspersky discovered the attacks (and is where the name DarkHotel comes from, although other security firms use other names), and actually managed to shut down some of the servers, but it’s a difficult thing to keep up with.

It’s clearly a high-level attack, my guess is a government actor, but what struck me the most about the article, and which Wired themselves included in bold, is the fact that the hotels involved are not cooperating with Kasperky’s attempts to investigate. The involved hotels weren’t named, and I can understand they want to protect their reputation and not drive people away, and they certainly don’t want to admit their systems were hacked in such a major way, but they also aren’t helping the problem by stonewalling.

I wonder how long until it becomes a problem here in Vegas. Maybe it already is, we already have to deal with hackable hotel door locks. Don’t install updates over hotel connections!