A recent analysis of a new variant of a widespread ransomware attack illustrated just how sophisticated, yet simple, breaching computer security has become. The attack, known as “Emotet,” hit the Pennsylvania city of Allentown, breaking through firewalls, evading the latest antivirus software, and costing the city more than $1 million at last count. The city cannot process financial transactions, and its police department cannot access key crime databases. Although the city is working to fix its systems, the end is still not in sight.
Travelers have come to depend on WiFi networks in hotels, and businesspeople have come to expect high speed wireless access in both private rooms and public spaces, including lobbies, meeting rooms, and even the hotel gym. Predictably, cyberspies and cybercriminals have inhabited some of these virtual spaces as well. Hotel lobbies are often seen to sprout open networks with identifiers intended to trick users into logging on. (“FreeOpenWiFi,” “Hilt0n,” and “MarriottL0BBY” have all been seen in the past month.) Security firm FireEye, however, has recently documented a new and more dangerous threat in the hotel space: a hacking campaign attributed to the Russian government sponsored, GRU-affiliated group known as “Fancy Bear” or “APT28.” (One of the two Russian groups known to have penetrated the Democratic National Committee in 2015-6.) This campaign, evident in hotels in Europe and the Middle East, is potentially more dangerous than prior exploits, and may spread rapidly to other regions. Travelers need to be aware of the dangers, and need to take immediate steps to protect sensitive information.
In February 2016, we wrote about the dispute between the U.S. Federal Bureau of Investigation (FBI) and Apple, Inc. over the government’s demand that Apple intentionally create an insecure “back door” version of its iOS software that would permit the FBI to break encryption on the iPhone used by one of the San Bernardino terrorists, Syed Rizwan Farook. Apple and others claimed that once a “back door” into a system was created, it would inevitably become known and would be used by criminals and spies to steal personal information. Apple worried that the FBI would not be able to keep the back door safe from hackers, pointing to previously publicized hacks that had exposed a great many government secrets.