Digital Version of November/December 2014 Print Edition
International travelers’ laptops vulnerable at hotel Internet connections abroad
The FBI is warning traveling commercial and government laptop users that malicious programs can worm their way onto their machines through hotel connections overseas through bogus software updates.
A May 21 bulletin from the FBI’s Internet Crime Complaint Center (IC3) warns that malware disguised as innocuous software updates awaits unwary travelers as they log onto hotel-hosted Internet connections. The agency said recent analysis from its investigators and other government agencies showed that Cyber criminals are targeting travelers through pop-up windows while they connect to the Internet in their hotel rooms. Apparently, criminals set up bogus hotel connections to intercept traffic before the hotel guest can reach the legitimate hotel connection.
It said recent cases show the malware presents the traveler with a pop-up window telling them to update a widely-used software product.
In these instances, the travelers attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product, it said. The pop-up window looks like a common software update notice, according to the agency. If the laptop user clicks on “accept” to install the update, they install the malware.
IC3 recommended all government, private industry, and academic personnel traveling abroad be extra cautious before updating software using hotel Internet connections. It also recommended checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor. If it doesn’t, it may reveal an attempted attack, it said.
The agency also advised travelers perform software updates on laptops immediately before they go on a trip and download software updates directly from the software vendor’s website if updates are necessary while abroad.
It said anyone who thinks they have been targeted for this kind of attack should contact a local FBI office and report it to the IC3 Web site Anyone who believes he or she has been a target of this type of attack should immediately contact a local FBI office and promptly report it to the IC3’s website. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns, said the FBI.