Tag Archives: Computer

Hospitality Industry Information Security Risks: Report Shows "Computer Password Theft" Has Increased Dramatically As Users Fail To Make Complex Passwords; Cybercrime Now Totals $110 Billion Annually

“…Only about half of computer users make complex passwords for themselves…In the first six months of 2012 alone, hackers stole over 30 million passwords on hacks of just three online services: eHarmony, Zappos and lawyer-friendly LinkedIn. Another recent survey, unconnected to the Norton survey, concurrently found that password theft is up 300 percent in 2012…”

The 2012 Norton Cybercrime Report is now out and it points to an incomprehensible laziness on the part of American computer users when it comes to using passwords.

According to this report, nearly three-quarters of adults have been the victim of a cybercrime (averaging a little under $300 per incident), totaling over 70 million people. The worldwide annual total of cybercrime is estimated at $110 billion.

That is coupled with two other problems: people use the same password for multiple functions, and people use passwords that are, in and of themselves, too simple.

The Norton survey was conducted with 13,000 adults in 24 countries. It found that nearly half of those responding do not use a password that combines phrases, letters, numbers, capitalized letters, lower case letters and symbols, which create complex passwords that are far more difficult to hack than passwords that do not have those things.

The survey showed that nearly a third of all respondents have been notified by an email service, social network, or bank to change their passwords. The bank figure—13 percent––is particularly alarming, implying that nearly one in eight people have had their bank account passwords compromised.

Seventeen percent of people store passwords to other accounts inside another password-protected account. Once one password is stolen, the keys to those other accounts are included.

More? A report out the last week of September found that one in 10 people had “1-2-3-4” as their four digit password. My guess is that a substantial number also have “1-1-1-1” and “0-0-0-0” as well.

For more:  http://www.akronlegalnews.com/editorial/5202

Comments Off on Hospitality Industry Information Security Risks: Report Shows "Computer Password Theft" Has Increased Dramatically As Users Fail To Make Complex Passwords; Cybercrime Now Totals $110 Billion Annually

Filed under Crime, Guest Issues, Insurance, Maintenance, Management And Ownership, Risk Management

Hospitality Industry Technology Risks: Hotel Internet Connections Pose New Risks For "Malicious Software" Infecting Guest's Computers

The FBI said typically travelers attempting to set up a hotel room Internet connection were presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.

The FBI today warned travelers there has been an uptick in malicious software infecting laptops and other devices linked to hotel Internet connections.

The FBI wasn’t specific about any particular hotel chain, nor the software involved but stated: “Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.

The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s website if updates are necessary while abroad.”

For more:  http://www.itworld.com/security/276162/fbi-issues-warning-hotel-internet-connections

2 Comments

Filed under Guest Issues, Maintenance, Management And Ownership, Privacy, Risk Management, Technology

Hospitality Industry Information Security: Hotel Chain Computer System Hacked By Man Who Threatened To Reveal Confidential Information If He Was Not Hired For IT Position

“…an infected email attachment (was) sent to some Marriott employees to install malicious software on the company’s system that gave him a “backdoor” access to proprietary email and other files…”

“…Nemeth sent an email to Marriott staff on November 11 last year, informing them that he had been accessing Marriott’s computers for months and had obtained proprietary information… He threatened to reveal the information if Marriott did not give him a job maintaining the company’s computers…”

A Hungarian citizen has pleaded guilty to stealing confidential information from the computers of Marriott International, and threatening to reveal the information if the hotel chain did not offer him a job maintaining the company’s computers, the Department of Justice said.

Attila Nemeth, 26, pleaded guilty in a US court, according to a statement by DOJ. He was detained after he travelled to the states on a ticket purchased by Marriott for a fictitious job interview.

As he had not received a response from Marriott, Nemeth sent another mail on November 13 containing eight attachments, seven of which were documents stored on Marriott’s computers. The documents included financial documentation and other confidential and proprietary information, the DOJ said.

A US Secret Service agent, using the identity of a fictitious employee of Marriott, communicated with Nemeth on November 18, who continued to call and email the undercover agent demanding a job to prevent the public release of the documents, according to the plea agreement. Nemeth emailed a copy of his Hungarian passport as identification and offered to travel to America, according to the DOJ.

For more:  http://news.techworld.com/security/3320672/marriott-hotel-chain-hacked-by-disgruntled-job-seeker/

Comments Off on Hospitality Industry Information Security: Hotel Chain Computer System Hacked By Man Who Threatened To Reveal Confidential Information If He Was Not Hired For IT Position

Filed under Crime, Labor Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Information Security: Hotel Kiosk Computer Security Can Be Tested With Free Web Service Tool

“… iKAT (Interactive Kiosk Attack Tool) is a free web service that tries to bypass the protective mechanisms of internet kiosk PCs and gain control of the systems. Such computers can usually be found in hotel lobbies, airport lounges and other public spaces. Kiosk operators can use iKAT to test the resilience of their systems…”

The Linux- or Windows-based kiosk systems are usually protected and only allow specific applications to be launched. The primary aim of iKAT is to start a Windows or Linux shell. To achieve it, iKAT tries to exploit known vulnerabilities in a number of different ways. For example, when opening the iKAT page from a Windows-based kiosk system, users are presented with a “1Click PWN” button – this launches components including Metasploit on the server to scan the kiosk PC for browser exploits. Other avenues include accessing “Open File” or “Print File” dialogs in order to execute cmd.exe.

For more:  http://www.h-online.com/security/news/item/Free-web-service-cracks-internet-kiosks-1321613.html

4 Comments

Filed under Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology

Hospitality Industry Computer Risks: Cybercrime Risks Remain Perilous As "Malicious Software Or Malware" Increases To 6 Million Programs In First Three Months Of 2011

The amount of new malicious software, or “malware,” unleashed on the internet during the first three months of this year hit six million programs, according to a report last week by McAfee, the computer antivirus maker. “It’s been a busy start to 2011 for cybercriminals,” Vincent Weafer, senior vice president of McAfee Labs, said in a statement.

A 2009 study by computer antivirus maker McAfee and SAIC, a technology security firm, estimated that computer crime cost companies $1 trillion across the globe, but analysts say the actual total is sure to be higher as computer security breaches are underreported.

“I think all the service providers are victims of this type of issue, it’s just whether the company has a public interface to warn users of this type of problem is the big question,” Andrew Lih, author and professor at the University of Southern California, told CNN.

“Google has been pretty good at being forthcoming in having this kind of dialogue with its users,” Lih said. “It’s very possible to probable that these other service providers, from Yahoo to Microsoft to any of these other ones, have had these types of attacks, it’s just that Google has been very public in trying to combat this.”

For more:  http://business.blogs.cnn.com/2011/06/07/the-hidden-cost-of-cybercrime/

Comments Off on Hospitality Industry Computer Risks: Cybercrime Risks Remain Perilous As "Malicious Software Or Malware" Increases To 6 Million Programs In First Three Months Of 2011

Filed under Guest Issues, Labor Issues, Maintenance, Management And Ownership, Risk Management, Technology, Theft

Hospitality Industry Computer Data Risks: New Orleans Hotels Investigation Finds "Pubic Business Center" Computers Retain "Sensitive Information" In Temporary And Recycle Bin Folders

“…the Louisiana Technology Council says …many hotels make little or no attempt to protect your private information on their public PCs…in business centers…”

“That information will live on that computer until such time that it’s deleted,” said Lewis. “You and I both know that it’s really never deleted. It can be recovered and if someone comes in with software, they may be able to get that data off the PC.”

Eyewitness News sent an intern into about a dozen New Orleans area hotels to search for documents and other information left on public computers after the user logged off. Among the things we found: invoices; insurance papers; tickets to a show at the Lakefront Arena; a certificate from the Texas Department of Insurance and even someone’s monthly pay statement.

Most of the documents contained people’s names, addresses and other sensitive information about the user. “I was amazed that you were able to print out some very confidential and private information from a business center location,” said Lewis.

“If somebody wants to open up a new credit card and in this day and age of identity theft, having that kind of information out there is real frightening,” said attorney Daren Sarphie.

He says in March, the client got a disturbing phone call from a guest at the International House Hotel in downtown New Orleans. The guest told him all of the his private information, including Social Security number, birth date, home address and phone number was contained on a document stored on the hotel computer for all to see.

“The person that accessed, that found this file had just gone to hotel to book plane reservations to go back home to Dallas and in the process, he’s just playing around on the computer and he accessed this directory and is able to pull up all kinds of stuff, said Sarphie.

“You’d think that the hotels at least would have a system in place that they would erase the hard drive on a weekly basis or a daily basis to make sure there are no temporary files saved on that computer,” said Sarphie.

The information we found was easy to access on the computers. Most of it was stored in the PC’s temporary Internet files, saved in the documents folder or waiting to be deleted in the computer’s recycle bin.

The owner of the International House Hotel says it is his hotel policy to purge the public computer’s desk top of any documents and public files every 24-hours. But, he says it is a public computer and people need to be mindful to log out of personal accounts and delete personal documents before leaving the computer.

For more:  http://www.wwltv.com/news/Keeping-It-Safe-On-Hotel-Computers-121350324.html

Comments Off on Hospitality Industry Computer Data Risks: New Orleans Hotels Investigation Finds "Pubic Business Center" Computers Retain "Sensitive Information" In Temporary And Recycle Bin Folders

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology

Hospitality Industry Information Security Risks: Hotel Management Should Consider "Cyber Liability Policies" With "Vicarious Liability Provisions" To Insure Guest Information Database Breaches

“…clients with robust cyber liability policies will find coverage under the vicarious liability provisions. …”

Data breaches generally represent enormous problems for companies,” said Alan N. Situn, a shareholder with law firm Greenberg Traurig L.L.P. in New York. “Not only can they be very expensive, but equally important to many companies (is) the reputational damage that they perceive from these types of breaches” if information they provide to a third party is somehow breached.

Hackers tend to hold on to such information “usually about a year, and then use it in the hope that folks have become a little bit more relaxed and not as vigilant,” said Mauricio F. Paez, a partner with law firm Jones Day in New York.

For the most part, the companies that are affected are in a damage- or crisis-management mode, said Robert J. Scott, managing partner with law firm Scott & Scott L.L.P. in Dallas. “They’re emailing their customers; they’re apologizing for the inconvenience, trying to clarify and limit the scope of the magnitude of the problem; and they’re hopeful the leakage of the email doesn’t result” in other problems.

Observers noted that the firms were notifying customers of the data breach even though they were not legally required to do so by state laws, except in North Dakota, unless more damaging personal information, such as Social Security or credit card numbers, had been revealed.

Epsilon customers whose data was breached have been “doing everything they should be doing in terms of being up front and honest with the consumers,” Mr. Scott said.

If the breach results in litigation, the question will arise of “how does that fit into the overall risk management program of the company” that hired the outside marketing company, said Kroll Ontrack’s Mr. Brill, who suggested that affected firms review their risk management programs now.

For more:  http://www.businessinsurance.com/article/20110410/ISSUE01/304109976

2 Comments

Filed under Claims, Guest Issues, Liability, Management And Ownership, Risk Management, Technology

Hotel Industry Credit Card Security: "Cyber Criminals" Steal Credit Card Data On Hotel Computer Systems That Lack Critical Firewalls

Cyber criminals are systematically attacking systems that store credit card data, including Point-of-Sale and Property Management Systems. The criminal organizations are highly structured and integrated with the world’s organized crime rings.

Detailed forensic analysis by law enforcement agencies and specialized private-sector security practices, as well as by security departments at major hotel groups around the world, leave little doubt that the attacks on hotels are highly targeted and effective.

Many hoteliers believe they are not vulnerable because they use Point-of-Sale and Property Management Systems that have been validated as conforming to the latest PCI security standards. Unfortunately this is far from the case. Even such validated systems can be vulnerable if the hotel operates them in an unsecured manner. Leading forensics firms agree that the most important security measures are those that keep cyber criminals from getting inside the hotel network in the first place. Once inside, there are many ways for them to steal the data, even if the PMS or POS system itself is secure.

  • Eliminate EVERY default password on EVERY machine on your network – server, workstation, router, firewall, and any other device that has a password. The most important machines to check are the ones you think are NOT vulnerable, such as a PC on an engineer’s desk for monitoring building systems, or the PC in the parking garage attendant’s office, or the one in a closet running your keycard system.
  • Eliminate holes in remote access to systems inside your network. Remote access by vendors is an essential part of support for many hotel systems. The data thieves know this, and they know how to use it to get inside your network. They know all the default passwords, and they have even been known to steal master customer lists, complete with current passwords, from vendors.
  • If you were to store stacks of money in plain sight in an exit stairwell, you would expect to be robbed. Operating without an Internet firewall is just as risky. Yet many hotels, especially smaller ones, don’t have a firewall. If you are connected to the Internet without one, then people you don’t know, from around the world and many with malicious intent, are reaching into your network.

For more:  http://www.traveldailynews.com/pages/show_page/42199-Hotel-associations-issue-joint-statement-on-credit-card-security

Comments Off on Hotel Industry Credit Card Security: "Cyber Criminals" Steal Credit Card Data On Hotel Computer Systems That Lack Critical Firewalls

Filed under Crime, Guest Issues, Liability, Management And Ownership, Risk Management, Technology, Theft