- The genius way Genius caught Google allegedly stealing lyrics Today 3:03 PM
- This bubble tea challenge is a balancing act Today 2:15 PM
- Laura Dern gifts the internet with more ‘Big Little Lies’ memes Today 1:54 PM
- The Stonks meme is back—and it’s weirder than ever Today 1:27 PM
- Video shows officer threatening to shoot pregnant Black woman in front of her children Today 1:12 PM
- Netflix’s ‘Leila’ tells a familiar dystopian horror story Today 12:37 PM
- O.J. Simpson says in Twitter video that he never slept with Kris Jenner Today 12:06 PM
- GOP commissioner jokes on Facebook about running over Trump protesters Today 11:52 AM
- 2 trans women killed within 3 months in the same neighborhood Today 11:35 AM
- DNC tries to pander with tone-deaf Beyoncé meme, fails miserably Today 10:45 AM
- Parkland grad says Harvard rescinded offer after racist comments surfaced Today 10:10 AM
- ‘The Edge of Democracy’ chronicles the downfall of Brazil’s political leaders Today 9:42 AM
- Suzanne Collins is writing a ‘Hunger Games’ prequel Today 9:31 AM
- KSI rips Logan Paul for delay in their YouTube boxing rematch Today 9:02 AM
- Trump kicks chief of staff out of Oval Office for coughing during interview Today 8:29 AM
U.S. Secret Service issues warning about keyloggers on hotel computers
You can never, ever be sure with public machines.
The next time you’re traveling and see a hotel computer, think twice before entering passwords and any other sensitive data into the machine. In fact, avoid doing it at all.
Public computers aren’t safe or secure, the U.S. Secret Service says, and criminals have been loading keystroke-logging malware onto hotel computers in order to steal anything at all that a guest types, security expert Brian Krebs reported.
The Secret Service and Department of Homeland Security recently issued a broad warning to the hospitality industry about multiple keylogging attacks in hotels in the Dallas and Fort Worth area of Texas.
“The attacks were not sophisticated,” the July 10 warning letter reads, “requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software.”
Instead, the recently arrested suspects “utilized a low-cost, high-impact strategy” in order to record and access everything hotel guests carelessly typed into the compromised public computer.
The letter says that hotels allowed guests administrative access to their computers, essentially giving them free reign over the machine and allowing them to easily install any program—malware included—that can attack subsequent guests.
“The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”
Krebs, an excellent information security journalist, is not optimistic about any fix.
“The truth is, if a skilled attacker has physical access to a system, it’s more or less game over for the security of that computer,” he wrote.”
The trick, then, is to act accordingly. Treat any public computer, especially those that allow users USB or CD access, as potentially compromised. Avoid entering passwords and private data because there is no way of knowing whether or not they’ll be easily stolen.
Public computers are often essential, especially to travelers who might be a world away from their own machines. But unless hotels start lending out loaner computers that have been wiped and audited—fat chance—you’re never going to be even close to 100 percent sure about the security of the screen in front of you.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.