Arrests made after keyloggers found on public PCs at US hotels

Filed Under: Data loss, Featured, Law & order, Security threats

Image of public computer, courtesy of ShutterstockProof of the dangers of publicly accessible PCs came up yet again when the US Secret Service last week warned that cybercrooks are installing keyloggers on the PCs in hotel business centers to steal personal and business information from travelers.

The agency, in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), posted a nonpublic advisory warning the hospitality industry - particularly hotels - that they're vulnerable to such attacks.

The advisory comes after the two agencies arrested suspects in connection with keyloggers installed on computers in several major hotel chains located around the cities of Dallas and Forth Worth, Texas.

Security journalist Brian Krebs got hold of the notice, which advised businesses that the suspects in some cases allegedly used stolen credit cards to register as hotel guests.

Then, they accessed the publicly available computers in the hotels' business centers.

From there, the suspects allegedly logged into their Gmail accounts on the public computers, then accessed and installed keylogging software on the public PCs, the advisory says.

The advisory, dated 10 July, continues:

The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors' email accounts... The suspects were able to obtain large amounts of information including other guests' personally identifiable information (PII), log-in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center's computers.

The advisory gives some recommendations to help hotels secure their public computers, such as limiting guest accounts to non-administrator accounts that lack the authority to install or uninstall programs.

That particular recommendation has been dissed by a few people, with Krebs pointing out that modern keyloggers and malware do just fine installing on a regular user account that lacks administrative abilities.

Of course, keyloggers can also be hardware gadgets with sneaky little form factors.

That type of surveillance device was found attached to the keyboard sockets - they look like USB drives - at the back of two public PCs in libraries in the UK city of Manchester in 2011.

Such devices can plug in between a keyboard and a computer. They're easily attached and can sit unobtrusively in the back of a machine, as in Manchester, or underneath a desk.

Image of public computer courtesy of Shutterstock.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.