Russian Hackers Now Targeting Hotels

As more hotels are offering guests the most-coveted of all perks, free Wi-Fi, security experts are reminding travelers that it's best to avoid tapping into publicly accessible hot spots at all costs.

“Travelers must be aware of the threats posed when traveling–especially to foreign countries–and take extra precautions to secure their systems and data,” wrote Ben Read and Lindsay Smith in a blog post at FireEye, a networking security website. “Publicly accessible Wi-Fi networks present a significant threat and should be avoided whenever possible.”

The reminder comes as FireEye reports mounting evidence that a Russian hacking group known as APT28 (or Fancy Bear) has been targeting hotel guests through hacked hotel Wi-Fi networks.

Fancy Bear, the same group who allegedly hacked the Democratic National Convention before last year’s presidential election, is using sophisticated tools to gather user names and passwords, even when the guest doesn’t physically input them.

"It's a much more passive way to collect on people,” said Read in an interview with Wired. “You can just sit there and intercept stuff from the Wi-Fi traffic.”

Among the tools being utilized by the hackers, who are believed to be associated with the Russian military intelligence agency GRU, is EternalBlue, a leaked NSA hacking tool.

Although FireEye says it saw the first evidence that Fancy Bear might be hacking hotel networks late last year, the security company said that it has since learned of a series of related attacks that took place across Europe and the Middle East last month. FireEye said it had “moderate confidence” that both attacks are the work of Fancy Bear.

The security agency says the hotels that are being targeted are “moderately high-end.”

"These were not super expensive places, but also not the Holiday Inn," said Read. "They're the type of hotel a distinguished visitor would stay in when they’re on corporate travel or diplomatic business."

The security agency says it is unclear whether the attacks were designed to target specific individuals or just to look around to see what they could find. It also reminds travelers this is not the first instance of hackers targeting the hospitality industry and that it is imperative to always use extreme caution to secure sensitive data.