- Reddit links leaked trade deal documents to Russian campaign Today 10:44 AM
- How to stream Alistair Overeem vs. Jairzinho Rozenstruik Today 8:30 AM
- Amazon sends customers condoms and soap instead of Nintendo Switch Today 8:28 AM
- How to live stream Jermall Charlo vs. Dennis Hogan Today 8:00 AM
- Apple TV’s ‘Truth Be Told’ is a criminally dull drama Today 6:00 AM
- Thousands of Uber users have reported sexual assaults, company says Friday 5:40 PM
- ‘Astronomy Club’ reformats the sketch show Friday 4:58 PM
- Trump is concerned America’s toilets too weak Friday 3:53 PM
- Twitter users claim Billie Eilish is ‘over’ because she didn’t like Lady Gaga’s meat dress Friday 2:53 PM
- Nikki Haley says the Confederate flag was fine until Dylann Roof ‘hijacked’ it Friday 2:49 PM
- How emotional labor discourse spawned multiple memes Friday 2:22 PM
- Video of YouTuber Onision threatening ex-girlfriend resurfaces Friday 2:03 PM
- Marianne Williamson embraces anti-vax stance on Facebook Friday 1:58 PM
- Peloton Husband is worried memes will have ‘repercussions’ for his career Friday 1:55 PM
- ‘The Mandalorian’ stumbles as it returns to a familiar planet Friday 1:47 PM
U.S. Secret Service issues warning about keyloggers on hotel computers
You can never, ever be sure with public machines.
The next time you’re traveling and see a hotel computer, think twice before entering passwords and any other sensitive data into the machine. In fact, avoid doing it at all.
Public computers aren’t safe or secure, the U.S. Secret Service says, and criminals have been loading keystroke-logging malware onto hotel computers in order to steal anything at all that a guest types, security expert Brian Krebs reported.
The Secret Service and Department of Homeland Security recently issued a broad warning to the hospitality industry about multiple keylogging attacks in hotels in the Dallas and Fort Worth area of Texas.
“The attacks were not sophisticated,” the July 10 warning letter reads, “requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software.”
Instead, the recently arrested suspects “utilized a low-cost, high-impact strategy” in order to record and access everything hotel guests carelessly typed into the compromised public computer.
The letter says that hotels allowed guests administrative access to their computers, essentially giving them free reign over the machine and allowing them to easily install any program—malware included—that can attack subsequent guests.
“The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”
Krebs, an excellent information security journalist, is not optimistic about any fix.
“The truth is, if a skilled attacker has physical access to a system, it’s more or less game over for the security of that computer,” he wrote.”
The trick, then, is to act accordingly. Treat any public computer, especially those that allow users USB or CD access, as potentially compromised. Avoid entering passwords and private data because there is no way of knowing whether or not they’ll be easily stolen.
Public computers are often essential, especially to travelers who might be a world away from their own machines. But unless hotels start lending out loaner computers that have been wiped and audited—fat chance—you’re never going to be even close to 100 percent sure about the security of the screen in front of you.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.