FBI Sounds Alarm on Hotel WiFi Caper

The U.S. Federal Bureau of Investigation has warned overseas travelersto be careful when using hotel WiFi networks.

“Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms,” a bulletin from the Internet Crime Complaint Center (IC3) said last week.

When travelers attempt to connect to a hotel WiFi network for the first time, the IC3 explained, a familiar pop-up window appears telling the user they need to update a popular app before connecting to the Internet.

When the computer operator choses the software update, malware is downloaded into their hardware.

The attack is novel, as well as clever, according to Stephen Cobb, a security evangelist with antivirus software maker ESET. Given the difficulty many road warriors experience connecting to the Internet in hotels, the attack is delivered “at the point at which the business traveler is going to click anything to get online,” he told TechNewsWorld.

Flash Attack

Although much remains unknown about the attackers’ tactics, Cobb outlined a probable scenario.

First, find an Internet Service Provider who services a number of hotels. Hack into the log-in page the ISP uses for hotel log-ins. Plant an iFrame on the page that would trigger a pop-up window when it detects a first-time visitor.

iFrames are bits of code that perform tasks on a Web page but remain invisible to the user.

A good phony upgrade candidate for the pop-up window would be Adobe Flash Player, Cobb observed. “Flash is always good to use if you’re a bad guy because there are frequent Flash updates and people are often confused as to whether they have the latest version of Flash,” he said.

To avoid this kind of attack, Cobb recommended that travelers never upgrade software from a hotel network.

Worm Infections Growing in Iran

Ever since its nuclear development facilities became a guinea pig for testing the industrial strength computer worm Stuxnet, Iran has been plagued by malware.

Most recently, the country’s Kharg Island facility — from where 90 percent of the nation’s oil exports are shipped — had to be disconnected from the Internet, as well as the National Iranian Oil Company and the country’s Oil Ministry, because of a malware attack.

Now, we’re told, the problems could be even worse.

“I hear from a relatively good source that they are now reporting attacks across other sectors in Iran,” Eric Byres, CTO and vice president for engineering of Tofino Security Products, told TechNewsWorld.

He characterized the malware firing the new attacks as “not beginner’s stuff, but well-orchestrated, well-architected stuff.”

Iran has been so concerned about malware infections since Stuxnet that it has launched its own antivirus software development program. Foreign security software is banned from the country because the government says it can’t be trusted.

Byres was skeptical of Iran’s antivirus program. “It’s for propaganda purposes,” he said. “They want to give their people some good news.”

Secure Domain Proposed

A new group has formed to push the idea of creating a secure generic top level domain (gTLD) name.

Called “Artemis Internet,” the group is a subsidiary of the UK-based NCC Group, a code and system testing outfit.

Companies in the dot-secure domain would have to meet a number of rigorous requirements to guarantee that their websites are among the safest on the Net.

Although the standards for the domain haven’t been set yet, at a minimum they’re expected to include:

  • mandatory DNSSEC signing of every zone;
  • use of TLS for all HTTP sessions;
  • DKIM and opportunistic TLS for SMTP; and
  • use of DPF to reduce the risk from rogue and compromised certificate authorities and to provide guaranteed email transport security between dot-secure domains.

Artemis hasn’t started taking applications for the new domain yet, but parties can sign up to be on a mailing list to be kept abreast of dot-secure developments at the company’s website.

Breach Diary


John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Security

Technewsworld Channels