August 18th 2017 - We're updating this report on "Cyber Safe Travel" as a result of the recent increase in reports of hotel WiFi based fraud and theft. Powerful software tools developed at the NSA are now used by criminal cartels to target wealthy guests at luxury hotels around the world. Practical solutions and defenses are reported below.
The recent article by Wired magazine on August 11th, 2017:
Our original report below:
Cyber attacks at hotels around the world are being reported again. The Trump breaches beginning at the Chicago location last year were well reported, and last week's news of the massive breach at the Hyatt chain is the latest, with many others in between.
What we aren't seeing reported and in the headlines are the attacks at airports, rail stations, and public WiFi spots at hubs of transportation around the world. These are not the attacks taking place on the hotel's servers but in the lobbies of their hotels. In these cases, instead of going through Hyatt's payment systems for your information the hackers go directly to the source - you and your computers and smartphones.
Here's how to use your technology safely and securely anywhere, including hotels, airports, and public WiFi's around the world.
As is typical in large-scale cyber-attacks against corporations today, the attacks on hotel chains have targeted consumer credit cards and personal information. Credit card losses are usually limited and for the individual victim and often the only consequence is in the inconvenience.
Unlike credit card theft, stolen personal information can be another matter and far more damaging and consequential to the individual.
While personal information stolen from the corporate server level is limited in scope and detail, when stolen from our devices directly it can be substantial, and the corresponding risks and potential consequences are far greater.
Transportation Hubs as Honeypots
Why are locations like airports, hotel lobbies, and other hubs of mass transportation targeted and considered a honeypot for criminal hackers?
Attackers are More Aggressive
People are disoriented - their senses distracted by unfamiliar surroundings.
The surroundings are hectic, with lots of activity.
Travelers hold sensitive personal information they might not otherwise have available.
Travelers have money, and in many cases "money in motion" - a larger than usual sum at their disposal.
The traveler can feel especially vulnerable, making them easy to coerce.
The credit card information and bits of personal information stolen in attacks like the ones against Hyatt's chain of hotels are usually motivated by either flipping the information on the black market for a profit or making a score that gains the hacker respect with his peers.
Criminal hackers that prey on travelers at airports and hotels are usually present in the environment, and far more aggressive with the deed. They scope individual targets that fit their strategy and are expert at coercing a deal with the victim by playing to the weaknesses at hand. Whether a corporate executive, single woman, young tourist, or any of the other personas typical of the environment, the professional criminals have a strategy to play and are extremely efficient at getting what they want.
When operating on our mobile devices and laptop computers, we have two things we need to protect; the device itself, and the signals that connect the device to an external source.
Protecting the Device - The device itself is targeted for the data on its hard-drive, as well as control of the device - for leverage in the negotiation of an outcome. Device protection includes antivirus and other device-oriented defenses like Data Loss Protection and Application Controls.
The retail anti-virus software you may have once used is insufficient for protection against the threat environment today. RMM - Remote Monitoring and Management services are optimal. The best will automatically update your devices with the latest system software and antivirus definitions which in itself reduces risk significantly. For a short introductory video on advanced Device Protection: https://www.youtube.com/watch?v=yy8cGVIYlQk
It's vitally important to have a top-quality service protecting your device, and we recommend F-Secure's Professional Security for Business - uniquely available to individuals and small groups here:
Encrypting With a VPN - The best defense to protect all WiFi based fraud is a
VPN. Using a VPN makes you invisible to anyone but your final, intended recipient. We recommend using a VPN every day on iPhones, iPads, and Android devices. And, we make the best VPN on the planet available to anyone, for just $39 per year.
To learn how a VPN and encryption works, please see this short video:
Protecting your other connections - Usually, our devices have many communication ports. Besides a WiFi signal, Bluetooth and infra-red signals are emitted and received regularly. These signals should be encrypted or blocked by a shielding technology such as Silent Pocket.
To stay informed on the latest threats and solutions in cybercrime today, subscribe to the CyberAdvisor Newsletter: