Travelers who used a hotel business center computer received bad news from the federal government: Cyber criminals may have stolen their login credentials.
Security blogger Brian Krebs on Monday reported that he had obtained a copy of a warning privately issued by the Department of Homeland Security's National Cybersecurity and Communications Integration Center to various hospitality groups.
The bulletin said multiple Dallas/Fort Worth hotel business center computers had been compromised by criminals who installed keylogging software that lets a criminal easily see a user's every stroke, harvesting login information and passwords.
“The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors' email accounts,” the warning read. “The suspects were able to obtain large amounts of information including other guests' personally identifiable information, login credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center's computers.”
“Using a hotel computer is like sending a postcard. Everybody sees what you are writing,” said Rick Dakin, CEO of security company Coalfire.
In most instances, traveling credit union executives would not be readily able to log into sensitive, institutional computers from such a public computer, experts said. But that executive, as well as members, could log into personal email, home banking, and in many ways leave behind a trail of credentials for criminals to seek to mine.
Dakin said that in his opinion there will be no easy way to improve security at hotel business centers. The devices, in many instances, are unattended much of the day. Security oversight generally is minimal. The scenario creates a perfect context for criminals to install malware, he said, adding that a traveling executive population is an attractive target group for criminals.
Dakin said he expects hospitality industry lawyers to step up notifications that the devices may be insecure, thereby lessening the risks of successful litigation.
But that will do nothing to improve security for users, he added.
Security experts are now advising hotel guests to not use business center computers, certainly not for sensitive tasks that involve keying in usernames and passwords.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
