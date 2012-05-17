(The author is a Reuters contributor)
By Mitch Lipka
May 17 Sonia Bovio, tired but unable to sleep
after her long journey from Phoenix to London last week, settled
into her hotel room and was fiddling around on her laptop. One
inadvertent click later, a file downloaded and she realized she
had made a big mistake.
"It was terrifying," said the 43-year-old senior vice
president with communications firm Brodeur Partners. "I had a
pit in my stomach. My biggest concern was that I didn't want to
be presenting to a roomful of executives and have something pop
up on my screen."
About the same time that was happening, the Internet Crime
Complaint Center (IC3) - run in part by the FBI - was issuing a
warning to Americans traveling abroad about getting duped into
downloading malware while connecting to the Internet at their
hotels. Malware can allow someone to take control of your
computer, record passwords and personal information or disable
the machine altogether.
The warning was specifically directed at "government,
private industry, and academic personnel," suggesting this
threat was more about what is on their machines and less about
bank accounts and personal identities. Travelers, the FBI said,
are allowing malware to infect their computers by clicking on
pop-up windows that appear while they are getting on the hotel
Internet connection. The pop-ups appear to be part of what looks
like a routine software update.
It's very easy for someone trying to dupe you to make a
pop-up appear to be from a legitimate source, said Robert
Siciliano, a consultant for the computer security firm McAfee
Inc, a division of Intel Corp. "Be smart about what you
click," he said. Just because it pops up and provides a message
doesn't mean it's legitimate."
Jonathan Halloran-Koren, president of New Jersey-based
United Global Concierge Inc, said he was at a hotel in Hong Kong
in 2009 using the hotel Internet connection when he got multiple
warnings from his Internet security software. He later found
more than 50 viruses on his machine.
"I was so freaked out that when I got back to the States I
moved all my important files to a USB drive, wiped my hard drive
and reinstalled everything," said Halloran-Koren, 29.
Even an Internet security expert faced similar attacks.
Damon Petraglia, director of forensic and information security
services for Chartstone Llc, said that in both Romania and the
Turks and Caicos his laptop came under attack. The attacks were
blocked by his security software, he said.
INTERNATIONAL ESPIONAGE
Serious precautions need to be taken by anyone with anything
of importance on their computers, said former Scotland Yard
computer crime unit detective Steve Santorelli, now with the
Internet security research firm Team Cymru.
"You've got to develop a healthy dose of paranoia," he
said. "If you've got blueprints to the next big thing on your
hard drive, they've got resources to come at you with a pretty
good attack. If you're a regular tourist you don't have as much
to worry about."
Both Santorelli and Rich Baich, principal in the Security &
Privacy Practice division of consultancy Deloitte LLP, suggest
the concern isn't only about criminals, but about how certain
governments conduct themselves. The rules that apply in the U.S.
are not necessarily the same ones in other countries, they warn.
"Whether it's a hotel, whether it's a cell phone or whether it's
a Wi-Fi you're using, you could be subject to monitoring," Baich
said.
Such concerns were highlighted in 2008 when the U.S.
government issued a warning to those traveling to the Olympics
in China that the contents of their electronic devices were at
risk of theft. The Chinese government denied any effort was
under way to steal intellectual property or trade secrets from
visitors.
Companies are becoming so sensitive to the threat that they
are issuing special travel laptops to executives that are then
wiped clean upon their return, Baich said. And Santorelli said
he knows of executives who simply throw away their travel
laptops upon their return because they're that worried about
what might have been installed while overseas.
If you're not in a position to use a throwaway laptop or
your company isn't providing travel laptops, Santorelli, other
security experts and the FBI urge the following steps be taken:
* Update your operating system and applications regularly -
particularly before travel
* Use an up-to-date browser
* Do not use the same password for multiple accounts
* Change passwords before you leave on a trip and when you
return
* Keep your anti-virus software updated
* Back up your data
* Encrypt your files
* Use a secure company virtual private network (VPN) to
access work files
* Keep your device with you at all times
Two big players in providing Internet connections at hotels,
iBAHN and Swisscom Hospitality Services, said they're doing what
they can to protect users and that they have had no security
breaches. Some attacks could appear to come from the network,
but are really from another source, according to an iBAHN
spokeswoman.
"iBAHN takes the security and protection of its customers'
information very seriously, provides its customers with the
highest possible level of security, and relentlessly monitors
attempted attacks," said senior global communications director
Shannon R. Michael.
Swisscom spokesman Carsten Roetz said they have preventive
and detective measures in place, and further suggests corporate
users connect to their enterprise Virtual Private Network (VPN)
to protect any potentially sensitive data.
If you're aware of the threat, keep it in mind, and prepare,
you should be able to protect your data, Santorelli said. "It's
all about risk," and just having virus protection is not enough,
he said. "People can no longer abrogate responsibility for
Internet safety."
(Follow us @ReutersMoney or here.
Editing by Beth Pinsker Gladstone and Phil Berlowitz)