Hotel Business Centers Hacked
Travelers who used a hotel business center computer received bad news from the federal government – cybercriminals may have stolen their login credentials.
Security blogger Brian Krebs reported July 14 that he had obtained a copy of a warning privately issued by the Department of Homeland Security's National Cybersecurity and Communications Integration Center to various hospitality groups.
The bulletin said multiple Dallas/Fort Worth hotel business center computers had been compromised by keylogging software that lets a criminal easily see a user's every stroke, harvesting login information and passwords.
“Using a hotel computer is like sending a postcard. Everybody sees what you are writing,” said Rick Dakin, CEO of security company Coalfire.
In most instances, traveling credit union executives would not be readily able to log into sensitive, institutional computers from such a public computer, experts said. But that executive, as well as members, could log into personal email, home banking, and in many ways leave behind a trail of credentials for criminals to seek to mine.
Dakin said in his opinion, there will be no easy way to improve security at hotel business centers. The devices, in many instances, are unattended much of the day. Security oversight generally is minimal. The scenario creates a perfect context for criminals to install malware, he said, adding that a traveling executive population is an attractive target group for criminals.
Dakin said while expects hospitality industry lawyers to step up notifications that the devices may be insecure, thereby lessening the risks of successful litigation, that will do nothing to improve security for users.