This is one more reason why you always want to use a VPN, especially when traveling.
An advanced hacking and cyberespionage campaign against high-value targets has returned. The so-called ‘DarkHotel’ group has been active for over a decade, with a signature brand of cybercrime that targets business travellers with malware attacks, using the Wi-Fi in luxury hotels across the globe.
In short, the hackers find ways to infiltrate the hote’s wi-fi system so that they can see every bit of information that hotel guests are sending and receiving on (unencrypted) connections.
The hackers have much more sophisticated methods than just “wiretapping” into the wi-fi network. The usual method for the attack is to send carefully crafted phishing emails. When the recipient clicks on the email message, a self-extracting archive package, called winword.exe, is then executed and begins the Trojan downloader process.
Luckily, the problem is easy to avoid.
First, never use Windows as the trojan program only infects Windows systems. Instead, use a Macintosh, Chromebook, Linux, iPad, or Android device to read your email messages. The winword.exe trojan won’t affect those systems.
If you only have a Windows laptop, there is a simple solution: download a Linux LiveCD and use that. When in a hotel, insert the LiveCD and boot your computer up in Linux. The LiveCD won’t touch anything on your Windows system’s hard drive. Once finished, you boot down, remove the LiveCD, and continue using the Windows system as you always have,
This is a very simple and very effective solution. You can find a number of online articles that will explain the process by starting at: https://duckduckgo.com/?q=how+to+use+a+livecd&ia=web.
Next, always use a VPN. It appears that the hackers have to first identify a likely looking target: someone staying in an expensive, luxury hotel and paying by expense account. They can do that by “wiretapping” your wi-fi connection and reading your email messages as they are sent an received. By using an encrypted VPN connection stops the hackers in their tracks, they cannot read your messages, won’t know who you are or what messages you are sending and receiving.
The hackers cannot drain your bank account or charge things to your credit cards if they don’t know who you are and cannot see your bank account or credit card numbers.
Start at https://privacyblog.com/category/vpn-virtual-private-networking/ to find a large number of articles about VPNs.
- RSA Says You Can’t Force the Private Sector to Break Encryption
- National Security Shouldn’t Come at the Cost of Our Privacy and Liberty
Categories: Encryption, Online Privacy & Security, VPN (Virtual Private Networking)
3 replies ›
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Privacy Blog 
I don’t stay at high-end hotels but this raises a very basic question for me. Since the sign-in screen for email servers (gmail etc.) and most sites that deal with payments are httpS, why would you need a VPN on a Windows laptop or an android device? I’m sure I’m missing something obvious.
LikeLike
—> Since the sign-in screen for email servers (gmail etc.) and most sites that deal with payments are httpS, why would you need a VPN on a Windows laptop or an android device?
https, more properly known as Transport Layer Security and its predecessor, Secure Sockets Layer, both frequently referred to as “SSL,” is good but not foolproof. It can be broken by hackers. There is no guarantee that an https connection is secret. For details, see https://gcn.com/Blogs/CyberEye/2014/09/SSL-weakness.aspx and https://www.securestate.com/blog/2010/01/15/ssl-vulnerabilities and probably a few dozen other articles. Search for “SSL weaknesses” to find more articles detailing the weakness of SSL.
In any case, a well-designed VPN is much more secure than https.
LikeLike
Thanks! I appreciate your response and links.
LikeLike