U.S. Secret Service Warns Of Keyloggers At Hotel PCs
Sure, you may feel like you're ready to take on the world after a good night's rest -- after all, you stayed at a Holiday Inn. Or perhaps you crashed at a Motel 6 where they leave the light on for you (yes, we watch too much television). Regardless of where you plan to spend the night during your travels, you should be aware that crooks are targeting hotel center PCs with keyloggers.
According to Krebs on Security, the U.S. Secret Service and the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) tag teamed a non-public advisory that was sent out to companies in the hospitality industry. The advisory warned that a task force had recently arrested suspects believed to have installed keylogging malware on several major hotel business center PCs in the Dallas/Forth Worth area.
"The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts," the warning continues. "The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers."
Unfortunately, the advisory offers up only basic tips to hotel establishments, things like limiting guest accounts to non-administrator accounts. That won't do much for today's malware, and it certainly won't foil crooks who have physical access to these machines.
Krebs on Security suggests not using public machines for anything more than surfing the web. If you need to print something from an email account, the security firm advises creating a free, temporary email account (10minutemail.com, for example) and forwarding the email from your mobile device.
According to Krebs on Security, the U.S. Secret Service and the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) tag teamed a non-public advisory that was sent out to companies in the hospitality industry. The advisory warned that a task force had recently arrested suspects believed to have installed keylogging malware on several major hotel business center PCs in the Dallas/Forth Worth area.
"The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts," the warning continues. "The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers."
Unfortunately, the advisory offers up only basic tips to hotel establishments, things like limiting guest accounts to non-administrator accounts. That won't do much for today's malware, and it certainly won't foil crooks who have physical access to these machines.
Krebs on Security suggests not using public machines for anything more than surfing the web. If you need to print something from an email account, the security firm advises creating a free, temporary email account (10minutemail.com, for example) and forwarding the email from your mobile device.
