Business execs warned against the ‘darkhotel’

By: - NewsLab Lead / @MSantosINQ
/ 01:44 PM November 13, 2014

MANILA, Philippines – Business executives booked in hotels beware.

A group of cybercriminals has been stealing confidential information through the WiFi network, according to an international computer security company.


Kaspersky Lab’s Global Research and Analysis Team called the cybercriminals as “Darkhotel” and added that they have been doing this “espionage campaign” as early as August 2010 by victimizing top officials of corporations who hold sensitive and confidential data in their computers.

“For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior,” Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab said in a recent statement.


“This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision,” he said.

Darkhotel Espionage Campaign

Screengrab from Kaspersky Lab Youtube account

Kasperksy said that about 90 percent of the infections appear to be located in Japan, Taiwan, China, Russia and South Korea … [and infections were also recorded] in the United States, the United Arab Emirates, Singapore, Kazakhstan, the Philippines, Hong Kong, India, Indonesia, Germany, Ireland, Mexico, Belgium, Serbia, Lebanon, Pakistan, Greece, Italy and others.

Darkhotel operates by infecting the Wi-Fi networks of hotels which alerts the cybercriminals when their particular high-value target logs on using their room number and surname.

“The attackers see him in the compromised network and trick him into downloading and installing a backdoor [malicious software] that pretends to be an update for legitimate software – Google Toolbar, Adobe Flash or Windows Messenger,” Kasperky said in their computer security advisory.

The backdoor then allows the attackers to infect the executive’s computer further with information-stealing tools such as software that record what are being typed on the computer keyboard.

“These tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords in Firefox, Chrome and Internet Explorer, Gmail Notifier, Twitter, Facebook, Yahoo! and Google login credentials, and other private information,” Kaspersky said.

“Victims lose sensitive information – likely the intellectual property of the business entities they represent. After the operation, the attackers carefully delete their tools from the hotel network and go back into hiding,” it said.


Kaspersky recommended that any Wi-Fi network should be considered as potentially dangerous when a person travels. Also, any offers of downloads or software updates should be treated with extra caution and should be verified with the program vendor, if possible.

“These travelers are often top executives from a variety of industries doing business and outsourcing in the Asia-Pacific region. Targets have included CEOs, senior vice presidents, sales and marketing directors and top Research and Development staff,” Kaspersky said.


9 common scams on social media 
Software firm discovers group conducting espionage 
Cybercriminals steal info from Facebook, other social media 

TOPICS: Business, Business executives, Darkhotel, Espionage, infotech, IT, Kaspersky Lab, security, technology, WiFi
Read Next
Don't miss out on the latest news and information.
View comments

Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.

For feedback, complaints, or inquiries, contact us.

© Copyright 1997-2020 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.