November 26, 2014

Melise’s Alert on the Darkhotel Attacks

Hello all,

Before the holiday season gets into full swing, we want to take this opportunity and encourage you to take steps to protect your personal information if and when you travel.

In a cyber-attack nicknamed “Darkhotel,” thousands of executives traveling across Asia have been targeted by cyber-criminals attempting to access stored passwords. This sophisticated assault occurs when the victims connect to hotels’ wireless Internet services. Once inside the infected hotel network, travelers are asked to download and install seemingly regular updates for products such as Google and Adobe. These downloads contain malware used to access passwords and to determine the significance of the victim.

Though the specific investigation is ongoing, the complex nature of the cryptography used in the malware’s code indicates there could be government action behind it. A cyber-security company reports similar attacks have been occurring since 2009, but with this wave, attackers knew the victims complete travel itineraries. Researchers remain unsure why specific people were targeted.

While this particular scheme has been getting quite a bit of press, the fact is – this is not an isolated incident. Sequel has been advising clients for some time not to connect to hotel networks.

It is more than likely that your computer contains proprietary information, trade secrets or regulated information such as personally identifiable information of your customers or employees. PLEASE, before travelling this holiday season, consider how to protect your laptop and your employer’s networks. Here are some guidelines:

  • Get a personal hotspot to avoid connecting to any unsecure network;
  • If travelling to Asia or Russia, buy a really cheap computer (let’s call it the “sacrificial laptop”) that can be used ONLY for email during business: never connect the sacrificial laptop back to the corporate network while travelling, and dispose of the sacrifice upon your return.

To read more about the “Darkhotel” incident, visit Lisa Fleisher’s article in the Wall Street Journal’s Digits column: http://blogs.wsj.com/digits/2014/11/10/cybercrime-gang-targets-execs-using-hotel-internet/

We are posting important legal updates regularly via our LinkedIn and Twitter pages, so we strongly encourage all our clients and connections to follow us and keep in touch.

You can find us on LinkedIn at: https://www.linkedin.com/company/sequel-technology-&-ip-law-pllc

You can find us on Twitter at: https://twitter.com/SequelTechLaw

Sincerely,

Melise Blakeslee
Sequel Technology & IP Law, PLLC