CEOs, senior vice presidents, sales directors and other influential business executives who use wireless Internet service while staying in Asian hotels are being targeted as part of an expansive surveillance campaign, according to a security report. Luxury hotels across Asia have nabbed thousands of customers in the dragnet, which is ongoing and dates back to at least 2009.
A report from Kaspersky Labs, the largest private cybersecurity firm in the world, published Monday indicates travelers are digitally tracked as they travel across the continent. Using that digital identifier, hackers spring malicious software onto unwitting guests when their devices appears on hotel Wi-Fi networks. Compelled to turn over their names, room numbers and passwords, the guests are tricked into downloading an “update” that’s in fact a sophisticated form of malware containing keystroke-logging software and encryption-breaking technology.
They’re also able to quietly steal cached passwords in Firefox, Google Chrome and Internet Explorer for any number of popular Western sites, including Facebook, Gmail, Twitter, Yahoo! and others.
“These attackers are going after a very specific set of individuals who should be very aware of the value of their information and be taking strong measures to protect it,” Kurt Baumgartner, principal security researcher at Kaspersky, told Reuters.
Government contractors, military services officials, auto manufacturers and decision-makers in a slew of high-pressure fields have been targeted. Ninety percent of those affected hailed from China, Russia, Taiwan, Japan and South Korea, though others from the U.S., Germany and elsewhere have also been ensnared.
What remains a mystery, Kaspersky said, is exactly how the snoopers are able to determine an individual’s travel itinerary. Researchers noted the monitoring’s precision seems to point to a larger intrusion throughout Asian businesses. An examination into that concept is ongoing.