Hotel guests at Thompson Hotels should worry that their e-mails may have been intercepted by a nefarious hacker. The hotel company’s own internal e-mails were already captured.
…the individual–whose IP address was traced back to Silicon Valley–gained access to “one or more” Thompson employees’ email accounts, and then forwarded sensitive correspondence and documents to a Rocketmail account that was meant to impersonate the email address of a PR/Communications exec at Thompson.
“Better” yet, the guy has been blackmailing Thompson, threatening to make the juiciest e-mails public. Lovely.
But how much “hacking” was really involved? Other reports are suggesting — with no quotes or evidence, I should add — that the hotel’s wi-fi network was to blame. The public system was open, meaning it had no passwords keeping anyone out.
You’ve heard it before, but here’s a reminder. Keep your firewall on. If you’ve got VPN access, fire it up before logging onto anything private (like e-mail) in a public place. Or risk having your public dirt aired in public by blackmailing hacker types.
(image)
RSS (FeedBurner)
Read with Amazon Kindle
Subscribe by E-mail
Follow on Twitter
October 14th, 2008 at 3:10 pm
That is scary that your wifi account at a reputable hotel could get compromised. It’s a bit old school, but when I’m traveling I will often use the hard line connection – just to be sure, but I don’t always!
October 17th, 2008 at 8:56 pm
Using the ethernet wont protect you any more than using the wifi will .. you need an encrypted connection (https for websites you access, TLS or SSL for email using pop3/imap and outlook – the “requires a secure connection” stuff in your outlook settings), vpn for secure access to corporate resources etc.
October 18th, 2008 at 1:45 am
Actually, Suresh is only partially correct. A wired (ethernet) connection is these days (since about 2000) almost without exception connected to a switch, and not a hub. This ensures that traffic destined for your email server doesn’t flow to other people in the hotel, thus keeping you safe. (If it’s a hub it’s as bad as wifi.) However, SSL server connections or a VPN are the gold standard and eliminate other hacking opportunities.