Hotel hackers – what’s the risk, how can you stay safe?

When you travel abroad and stay in hotels, you can facilitate access to your work network by foreign governments and industrial spies. A leading category of cyberattack involves hackers getting into company networks and staying there for years, stealing information and altering documents. This type of attack is called an advanced persistent threat (APT) and it requires an entry point. International business employees with company computers and smartphones give APT groups an access point to the corporate network.

Hotels are very convenient nests for APT hackers because they get computers with corporate network access carried to their doorsteps from all over the world. Even vacation hotels are a good spot for hacking into company networks due to the habit of many corporate players staying in touch with the office while they are on leave. The device that gets that access doesn’t need to belong to the company, just as long as it is capable of getting into the corporate network.

A key method of access used by intruders is delivered by hotel wi-fi systems. If a hacker can create a fake wi-fi hotspot, it can attract hotel guests to connect to it. Many of the visitors may carry out inconsequential activities while connected to the data gathering hacker wi-fi hotspot. However, the intruders need just one corporate guest to hit pay dirt.

If your business sends staff overseas for meetings, sales pitches, or consultancy, you need to make sure all of the devices that they have are guarded against infiltration. If you regularly use your own phones and laptop to get into the company network, make sure they are protected if you intend to take them with you on vacation and check into the company network from your hotel.

Hotel hacker aims

Even if your business is very mundane, its network is valuable and hackers can use its resources even if they aren’t interested in the data that it holds.

Chinese hackers have set up a secret web of paths that run undetected through compromised corporate and institutional networks in North America and Europe. This is called the terracotta VPN and it provides cover to any hacker that wants to launch a cyberattack.

This means that when an attack occurs, the authorities could trace it to your company. So, no matter how unimportant your business seems, you could have the FBI turning up on the doorstep, accusing your company of being a front for terrorists, drug smugglers, or data thieves.

The hackers make sure the trail goes cold at the hacked company’s network, so a lot of innocent people are going to have some explaining to do. Why? Because your phone got hacked while you were on the vacation of a lifetime in Hong Kong.

Hackers also use the resources of infected company networks to mine cryptocurrency. This activity has become very expensive and shoving the electric bill for the process onto a victimized company makes mining profitable again.

Your company can also be used for click fraud where viruses cause computer browsers on the network to visit websites and click on links to earn the hackers money. Hotel intrusion can also get ransomware on your company network.

Above all, access to company networks is of high value if your business has valuable patents and secret designs for new technology or defense software and equipment. Even employee records or the customer database can be of interest to hotel hackers.

Hotel hacking history

Hotel hacking originally required physical contact with the target device. Business and government travelers to China report that they often left their laptops and phones in hotel rooms while they went out for dinner in the evening.

On returning back to the United States, network administrators found that their devices had extra hardware implanted into them. Some, such as Dan Harris at the China Law Blog, report returning to their rooms and catching people accessing their computers — Dan Harris’s experience was in Tokyo, Japan.

The US authorities have been warning US citizens about taking internet-active devices to China since the 2008 Olympics in Beijing. Then US National Counterintelligence executive, Joel Brenner, is still on a mission to inform the public about the risks in China. He claims that the networks in hotels in China are monitored and manipulated by the Chinese secret service.

An evolution of the physical access invasion occurred once hotels started to offer in-room internet access. Hackers and security officials did not develop wi-fi intervention methods immediately. At the beginning, hotel internet systems were used as a ploy to allow spies to gain access to the electronic devices of foreigners by invitation.

Under this scenario, guests logging into the hotel network were shown an error screen, which advised them to call the front desk and ask for a technician to come and fix the problem. The technician was a state security official in hotel uniform, who happily installed new network software, along with spyware.

The fix would get the guest online, but keystroke loggers and new controllers on the computer meant that every action performed on the computer was recorded, and even the cameras and microphones on laptops could be turned on.

Wi-fi hacking in hotels

Now that hackers have got up to speed with wi-fi networks they don’t need to get into your room to get onto your computer. The simplest method they use is to just tell you to download new software when you first connect to the hotel wi-fi network.

This is an evolved form of the spy-technician scam of previous years. Now, those keystroke logging and controller programs get downloaded either as necessary connection software, or masquerade as updates for software that is already resident on the computer.

Cybersecurity provider, Kaspersky Labs, reported in 2014 on their discovery of a hacking group from South Korea, called Darkhotel, which specializes in getting spyware onto the computers of guests in hotels. This group has operations that enable them to install spyware remotely over wi-fi networks in hotels in North and South Korea, Japan, Bangladesh, Thailand, India, Russia, Mozambique, the United States, the United Arab Emirates, Ireland, Italy, and Germany. And it keeps on spreading.

This team uses a standard “man in the middle” method to get access to the computers of hotel guests. This scam is usually achieved by creating a fake wi-fi hotspot that passes through all traffic onto the genuine hotel network, but monitors outbound traffic and sends in its own downloads of self-installing spyware.

Many repressive governments use surveillance software produced by an Italian cybersecurity company, called Hacking Team. This software producer is not actually a hacking group and the software it creates is not for security.

The Hacking Team’s products are built for intrusion and monitoring by government agencies, including the military and the police. Unfortunately, things got a whole lot worse for individuals who want to preserve their privacy when the Hacking Team’s software got looted by real hackers in 2015. Darkhotel has added the Hacking Team’s Remote Control Systems to its arsenal. So, now you are up against some very sophisticated spying methods when you check into a hotel.

A hacking tool that was created by the USA’s NSA has come in very handy for Russia’s military intelligence operatives of the GRU. EternalBlue was rifled from the NSA computers by the Shadow Brokers hacker group. This hacker toolkit helped spread the WannaCry and NotPetya ransomware attacks in May and June 2017 and it also helps the GRU take over entire hotel networks through the Russian military’s private sector cyberterrorist partner, Fancy Bear, which is also known as APT28.

The Russian military and the Chinese authorities use a similar blend of public and private sector resources to achieve their spying aims. When hacker groups coordinate with state spying agencies, they get funding for development and legal cover should they get found out.

The military gets to intrude into government defense systems and development centers of weapons manufacturers and the hacking groups focus on personal and financial data for blackmail and robbery.

The employment of underground hacker groups helps the governments of China, North Korea, Israel, Russia, and even the United States extend their surveillance beyond national borders and into the hotel networks of many countries, so there are no longer categories of “high risk” and “safe” hotels.

Protection from hotel hackers

Government officials and security experts have one consistent piece of advice — when you travel to China, Russia, the Baltic States, and even South America, leave your gadgets at home. Hackers can sneak app and operating system updates onto your phone and laptop while you walk around or sleep even if they are turned off.

Even if you are unlikely to connect to the office network, when you get back, Trojans and spyware can get carried back home with you on your smartphone. Once you arrive back and call a friend, you may just have launched a computer virus epidemic that will cripple hospital machinery all over your country and put lives at risk.

If you really have to take your computerized devices with you, install extra security and privacy software to protect them. Remember that you are particularly vulnerable in your hotel, because that’s where foreign secret service operatives and state-sponsored hackers have set up intrusion procedures.

The strongest protection you can get is one step up from security — this is privacy. Virtual private networks not only secure the contents of your connections, they even protect all of the behind-the-scenes messages that computers and smartphones use to create connections.

The technology that makes networks and the internet work is complicated and not many people know about it. However, hackers in North Korea, China, and Russia receive government funds which give them large budgets to invest in research.

Foreign hacker corporations are constantly finding new ways to get into company networks, steal data, shut down utilities, and cause havoc. So, installing a VPN before you go away on vacation is not only a precaution, it’s your patriotic duty.

VPNs for hotels

You need to make sure that you install a VPN on your laptop and on your phone before you check into a hotel. All of the VPNs in our list will work well to protect your privacy from hackers. Make sure you set up your VPN to provide maximum coverage.

Most VPNs have a settings page right inside the app. Look for a control that makes the VPN engage as soon as the computer starts up. Also, look for a setting called “kill switch” and another that sets up automatic wi-fi protection and turn them on. Finally, turn on all malware and tracker blocking options that the software provides.

These settings should prevent hackers from getting into your computer by turning it on remotely. The VPN will block all internet access as soon as the computer wakes up, and that setting buys time for the VPN connection to get established and provide full protection against hijacking. Similarly, if for some reason, the VPN connection gets dropped, no further internet access is possible until the VPN is re-engaged.

You should look for these key features when selecting a VPN:

•         No data throughput or usage time limits
•         Strong security
•         Wi-fi protection
•         Kill switch
•         Protection for multiple devices per account

Recommended VPNs to guard against hotel hackers

Here is our list of three VPNs that offer good protection against hotel hackers.

1. NordVPN

Apr 2024

NordVPN gives you access to locations in 60+ countries, so you will probably be able to get into the media sites from your home country while away.

The app contains a kill switch and has a number of extra security features, which include malware protection, ad blocking, and tracker blocking in a feature called CyberSec. You can choose a double hop route that will send your traffic through two VPN servers and apply encryption twice over. There are no usage limits with NordVPN, so you can leave it on all the time. NordVPN gives each account a six-device simultaneous connection allowance. You get a 30-day money-back guarantee with your subscription.

2. Surfshark

Surfshark’s high speeds are great for using IP telephony and streaming services to keep in touch with home from your hotel room. The provider has servers in 100+ countries, which makes it easy to find a nearby server on any business or leisure trip abroad.

Apps are available for a wide variety of devices. They include kill switches and access to multi-hop servers for additional security. The apps can be set to launch at system startup and have an auto-reconnect function to get you back online with protection as quickly as possible. The unlimited data deal of this VPN makes it possible to leave it on all the time. You can connect as many devices as you want simultaneously, and subscriptions come with a 30-day money-back guarantee.

3. ExpressVPN

ExpressVPN is very good at evading detection in China, which has the strongest methods in the world for blocking access to the internet. If you will be traveling to a country that has controls over the internet, the chances are that the government there will be emulating China’s controls, so this VPN will help you anywhere in the world. The company’s network has a server presence in 105+ countries, which will give you fast access from most regions of the world. This VPN can get around the regional restrictions on streaming websites, so it will help you watch TV from home while you are away.

The security features that you will need from a VPN are all present with ExpressVPN. These are very strong connection encryption, automatic wi-fi protection, a kill switch to prevent unprotected internet access, and the ability to specify that the VPN turns on when the computer boots up. There are no data throughput limits with ExpressVPN, so you can leave it running all the time. You can connect three devices at once and the company gives you a 30-day money-back guarantee.

Stay safe in hotels

Cybercrime is getting increasingly obtrusive. The armies of the world are now employing these methods to destroy infrastructure and create havoc in nations before they invade — ask the people in Georgia and the Ukraine what happened there before the Russian government seized large tracts of their countries.

A seemingly insignificant event such as connecting to a hotel wi-fi system can result in you becoming an agent of terrorists, looters, invaders, and traffickers. Don’t take any risks when you go to stay in a hotel. Be vigilant and protect your devices from intrusion.