Do you make it a regular practice to logon to a hotel business center computer to print out boarding passes or conduct other business while away from home?
Then you might want to pay attention to the advisory distributed last week by the U.S. Secret Service to the hotel industry, warning operators that these computers are at risk of being infected with malware — the kind that can steal sensitive personal and financial information from their unsuspecting guests.
The “secret” advisory was issued last Thursday and publicized Monday by cybersecurity expert Brian Krebs on his website, Krebs on Security.
The advisory from the Secret Service and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center notified the hospitality industry that a Texas task force recently had placed several individuals under arrest on suspicion of tampering with computers housed in hotel business centers in the Dallas/Forth Worth area.
“In some cases, the suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software,” the advisory reads.
By doing so, the suspects were able to obtain a host of sensitive information, including login credentials to “bank, retirement and personal webmail accounts,” hotel operators were warned.
And while the advisory contains several recommendations for hotel operators — such as prohibiting guest users from installing or uninstalling programs on the computers — Krebs notes the reality is that there is little they can do.
“The truth is, if a skilled attacker has physical access to a system,” he writes, “it’s more or less game over for the security of that computer.”
That’s why Krebs recommends that public computers only should be used for public activities, such as surfing the Web, not for conducting private personal business.
Here’s a link to Krebs’ report, “Beware Keyloggers at Hotel Business Centers.”