By Zachary Reis and WAKEUP CALL
Security expert Brian Krebs has shared a Secret Service bulletin directed toward the hotel industry where Fed’s warn hotel managers that public computers in their establishments are, by and large, vulnerable to simple attacks that can compromise some of their patrons’ most sensitive details.
The notice was prompted after recent arrests involving data theft at several major hotel business centers around Dallas, TX.
Krebs said the notice warned that in one instance crooks are using stolen credit card data to register as hotel guests, used business center computers to get access to Gmail accounts, and installed keylogging software. The malware then surreptitiously captured login credentials for banking and other online services accessed by guests who later used the compromised PCs.
Keyloggers keep track of everything that users type into a computer, then send this information back to the malefactor.
Hotel computers are ridiculously easy for hackers to get hold of, considering that attackers can have more-or-less unrestricted physical access to public computers as many hotels have a “business center,” where visitors can browse the Internet, check e-mail and print documents.
As Krebs notes, the advisory lists several basic recommendations for hotels to help secure public computers, such as limiting guest accounts to non-administrator accounts that do not have the ability to install or uninstall programs and the use of USB drives to boot the machine straight into a stand-alone operating system like Linux.
Unfortunately, not all systems support such protections, and users may be inconvenienced by them.
The report is a poignant reminder why it’s rarely a good idea to use public PCs for anything more than casual browsing of websites.
Experts tell people not to use public computers for anything more than browsing the Web, and better yet, using your own computer or mobile device is much more secure than using a hotel machine.
If you need to print documents, it’s probably safer to save them on a mobile device or USB stick and transfer them to the hotel machine.
The Secret Service did not give estimates on how prevalent the hacking is but it happens and it’s very easy to do.