Skip to main content

Beware of hotel Wi-Fi — Russian hackers are stealing information from it

russia hotel wi fi hack hacking hacker lifestyle pc keyboard
pwstudio/123RF
Hotel guests already have enough anxiety-inducing fodder to make their stays a bit less than desirable. From the odd stain on the carpet to the questionable bedspread to the toilet that just won’t stop flushing (or won’t flush at all), there are plenty of reasons to think twice about even the nicest of temporary residences. And now, there’s one more.

As per a new report from security firm FireEye, a Russian hacker group called APT28, or Fancy Bear, has been targeting hotel Wi-Fi networks to spy on guests. And in recent months, the group has reportedly begun to use a leaked NSA hacking tool to make their attacks more sophisticated still.

Recommended Videos

“FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28,” the firm wrote. “We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East.”

Perhaps most alarming is the discovery that once hackers succeeded in tapping into hotel Wi-Fi, they managed to take guests’ usernames and passwords completely passively. In fact, guests didn’t even have to type in their sensitive data to have it stolen.

“It’s definitely a new technique,” Ben Read, the leader of FireEye’s espionage research team told Wired. “It’s a much more passive way to collect on people. You can just sit there and intercept stuff from the Wi-Fi traffic.”

FireEye believes that the hackers managed to infiltrate hotel networks via phishing emails that contained infected attachments and malicious Microsoft Word macros. Once they were in a hotel Wi-Fi network, they would then launch NSA hacking tool EternalBlue, which was leaked earlier in 2017. This tool allowed them to spread their control throughout the network, finally reaching servers responsible for the corporate and guest Wi-Fi networks.

Finally, APT28 is said to have used a network-hacking tool known as Responder, which gave them access to user credentials.

And if you think you can avoid these sorts of attacks by staying at nicer hotels, think again. “These were not super expensive places, but also not the Holiday Inn,” FireEye’s Read said. “They’re the type of hotel a distinguished visitor would stay in when they’re on corporate travel or diplomatic business.”

So what can you do to protect yourself? FireEye recommends bringing your own wireless hot spot to steer clear of hotel Wi-Fi altogether. Just another thing you’ll have to remember to pack for your next trip.

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
AMD’s Ryzen 7 9800X3D may not give Intel any breathing room
The Ryzen 7 7800X3D installed in a motherboard.

The competition between Intel Arrow Lake and AMD Zen 5 hasn't been as fierce as usual, with both lineups delivering small gen-to-gen improvements. However, it seems that AMD may soon add a staple to its list of the best processors, and the CPU might be announced at the worst possible time for Intel. I'm talking about the Ryzen 7 9800X3D, which now has a rumored release date alongside some performance benchmarks.

The release date speculation was initially shared on Bilibili, but the user has since deleted their post. However, the discussion continued on Chiphell forums, spilling the beans on both the official announcement date and the possible release date.

Read more
25 years ago, Nvidia changed PCs forever
The GeForce 256 sitting next to a Half Life box.

Twenty-five years ago, Nvidia released the GeForce 256 and changed the face of PCs forever. It wasn't the first graphics card produced by Nvidia -- it was actually the sixth -- but it was the first that really put gaming at the center of Nvidia's lineup with GeForce branding, and it's the device that Nvidia coined the term "GPU" with.

Nvidia is celebrating the anniversary of the release, and rightfully so. We've come an unbelievable way from the GeForce 256 up to the RTX 4090, but Nvidia's first GPU wasn't met with much enthusiasm. The original release, which lines up with today's date, was for the GeForce 256 SDR, or single data rate. Later in 1999, Nvidia followed up with the GeForce 256 DDR, or dual data rate.

Read more
These M4 MacBook Pro leaks are a goldmine of secret info
Russian YouTuber Romancev768 with what is claimed to be a real M4 MacBook Pro unit.

Apple's known for locking down its secrets under lock and key. But not these past few weeks.

The company hasn’t even announced the M4 MacBook Pro, yet we’ve apparently learned pretty much everything there is to know about the upcoming laptop thanks to a series of purported high-profile leaks and unboxing videos that have shown off the device from every angle. For a firm as security conscious as Apple, having the MacBook Pro spoiled in this way is close to catastrophic.

Read more