- Tom Brady keeps supplying us with new meme material Friday 5:55 PM
- Emails reveal Facebook’s knowledge of Cambridge Analytica Friday 3:43 PM
- ‘Fast and Furious’ + ‘American Ninja Warrior’ = Netflix’s ‘Hyperdrive’ Friday 3:15 PM
- Trump jokes drop in Dow is because Seth Moulton dropped out of 2020 race Friday 3:13 PM
- What we learned when we visited Mr. B, America’s chonkiest cat Friday 1:46 PM
- Trump’s new plan to fight opioid overdose? This tweet Friday 1:06 PM
- Fitness influencer shamed for ‘sharing numbers’ in weight loss posts Friday 1:04 PM
- The VSCO Girl has always been here Friday 1:01 PM
- Tomi Lahren’s new ‘Freedom’ clothing line is made for meme mockery Friday 12:21 PM
- Taylor Swift’s ‘London Boy’ is a bop, but Brits don’t think her lyrics are accurate Friday 12:02 PM
- Popeyes blasted for employee welfare amid chicken sandwich war Friday 11:59 AM
- Cory Booker says nonbinary ‘niephew’ taught him about trans issues Friday 11:53 AM
- Megachurch pushes conversion therapy on Instagram, Facebook with #OnceGay Friday 11:11 AM
- Christian movie review site blasts Netflix’s ‘The Family’ Friday 10:50 AM
- YouTube removes ‘coordinated’ channels spreading Hong Kong misinformation Friday 8:58 AM
U.S. Secret Service issues warning about keyloggers on hotel computers
You can never, ever be sure with public machines.
The next time you’re traveling and see a hotel computer, think twice before entering passwords and any other sensitive data into the machine. In fact, avoid doing it at all.
Public computers aren’t safe or secure, the U.S. Secret Service says, and criminals have been loading keystroke-logging malware onto hotel computers in order to steal anything at all that a guest types, security expert Brian Krebs reported.
The Secret Service and Department of Homeland Security recently issued a broad warning to the hospitality industry about multiple keylogging attacks in hotels in the Dallas and Fort Worth area of Texas.
“The attacks were not sophisticated,” the July 10 warning letter reads, “requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software.”
Instead, the recently arrested suspects “utilized a low-cost, high-impact strategy” in order to record and access everything hotel guests carelessly typed into the compromised public computer.
The letter says that hotels allowed guests administrative access to their computers, essentially giving them free reign over the machine and allowing them to easily install any program—malware included—that can attack subsequent guests.
“The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”
Krebs, an excellent information security journalist, is not optimistic about any fix.
“The truth is, if a skilled attacker has physical access to a system, it’s more or less game over for the security of that computer,” he wrote.”
The trick, then, is to act accordingly. Treat any public computer, especially those that allow users USB or CD access, as potentially compromised. Avoid entering passwords and private data because there is no way of knowing whether or not they’ll be easily stolen.
Public computers are often essential, especially to travelers who might be a world away from their own machines. But unless hotels start lending out loaner computers that have been wiped and audited—fat chance—you’re never going to be even close to 100 percent sure about the security of the screen in front of you.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.