Free Wi-Fi is a perk you expect at many hotels these days. It's perfect for the frequent traveler because it means you can easily connect your laptop or tablet to the Internet, or avoid burning up your smartphone's cellular data plan.
You'd even expect it to be safer than the free Wi-Fi at a coffee shop or other public place. However, that's not really the case.
Security researchers are tracking a mysterious hacker nicknamed "Darkhotel" who is a pro at using hotel Wi-Fi to steal information. Usually, the attacks target high-profile executives, managers and other people in business and investment, but another part of the hacker's operation is a broad attack that looks for interesting information anywhere it can find it.
The really worrying part is that this hacker has been active for years and no one has come close to figuring out who it is. Researchers think from some of the digital traces left behind in the attacks that he or she might be Korean and have the support of some government.
Still, somehow the hacker seems to anticipate exactly where targets are going to be. Experts can't figure out that one either.
The hack itself is fairly straightforward, but still impressive. The Darkhotel hacker arrives at the hotel before the target and breaks into the hotel's Wi-Fi router.
When the target connects to the hotel Wi-Fi, the hacker pushes a message to their computer saying that there's an update to Adobe Flash, Google Toolbar or other common software. When the user downloads the "update," however, it's really a virus that lets the hacker take control.
The hacker can then download other information-stealing viruses to the laptop, or redirect the laptop's browser to malicious websites. Once the hacker is done, all traces of the attack are wiped clean from the computer and the hotel Wi-Fi - or at least as much as they can.
Some traces still remain, of course, which is how security experts know that this is happening. Still, it does make it hard to pinpoint the Darkhotel hacker or identify exactly what information has been stolen over the years.
If Darkhotel is such a big threat, how can you keep yourself safe from that and other hackers while traveling? It's actually fairly easy.
- Don't install any software while you're on hotel or public Wi-Fi. Make sure your computer is up to date before you travel.
- Use a virtual private network like CyberGhost to encrypt your traffic so hackers can't snoop on it.
- Don't do anything too sensitive while using Wi-Fi. If you need to bank, for example, use the bank's app on your smartphone and connect only with a cellular signal.