Dark Hotel Wi-Fi attack sucks data from business elite

A sophisticated, previously undetected attack has been targeting the computers of business executives in Asia for the past seven years. Known as Dark Hotel the attack hijacked hotel Wi-Fi connections to steal data from computers and spy on top-ranking business people.

Hackers used vulnerabilities in hotel Wi-Fi networks to stalk specific targets around the world. Those targeted include CEOs, senior vice presidents, sales and marketing directors and research and development staff at companies ranging from electronics manufacturers to pharmaceuticals.

Kaspersky Labs, which uncovered the attacks, said that 90 per cent of people affected live in Japan, Taiwan, China, Russia, South Korea and Hong Kong. Since 2008 several thousand people have been infected. The attack, which is hidden on hotel Wi-Fi networks, only targets a pre-set list of business people with most hotel visitors not affected. The first detection of the Dark Hotel threat is detailed in a Kaspersky Labs report.

The Dark Hotel attack is made up of a number of components, with different versions being used over the years it has been active. All the tools are installed using a hijacked hotel Wi-Fi network and appear to be legitimate software downloads and updates. Kaspersky said they were found either in torrent bundles, infected links or in spear-phishing emails. Other, more advanced tools such as key loggers are then downloaded to a victim’s computer once the initial infection has been completed.

An information stealing component sends sensitive and confidential information from an infected computer to the Dark Hotel command and control servers. Information is likely to include passwords stored in Internet Explorer, Firefox or Chrome for services such as Twitter, Facebook, Gmail, Microsoft Live Mail and other web based email and cloud storage services. Oddly the data stealing module will terminate itself on Windows machines where the default language is set to Korean. It is not yet clear why it does this.

Dark Hotel is part of a growing trend to target specific high-profile people with valuable information. As well as high-ranking executives at electronics and pharmaceutical companies the attacks have also targeted chemical companies, automotive manufacturers, defence companies, law enforcement and military and non-governmental organisations.

Use of hotel Wi-Fi networks to launch the attack should come as no surprise. Security experts have previously warned that public Wi-Fi networks are inherently unsafe, with hackers easily able to launch attacks. The Dark Hotel threat marks itself out both in its sophistication and by how it targets specific people.

“The targeting of top executives from various large companies around the world during their stay at certain Dark Hotels is one of the most interesting aspects of this operation,” Kaspersky noted in its report.

“The exact method of targeting is still unknown – for instance, why some people are targeted while others are not. The fact that most of the time the victims are top executives indicates the attackers have knowledge of their victims’ whereabouts, including name and place of stay. This paints a dark, dangerous web in which unsuspecting travellers can easily fall.”