One of the main reasons that in the past cyber crime was never too much of an issue, was the fact that many of the people who were capable of performing the attacks were not that good at the criminal side of it. Hopeless geeks would steal stuff nobody wanted and then get picked up when they tried extorting money. This is changing now in a big way as cyber gangs across the world start working with organised crime and becoming much more effective.
One of the current hot cyber crimes is ransomware, getting access to a system and denying access to the data or applications themselves. A popular method is for viruses to encrypt important data and destroying it unless a payment is made. It does work occasionally but only on badly configured and poorly defended systems – any half decent disaster recovery system will make such attacks ineffective.
However the latest targets of slightly modified attacks are big hotel chains. Hotels have long been a target for technological crime, often because there’s a mix of wealthy people using mobile devices and poor levels of IT support and administration. Previous targets have been hijacking Hotel Wifi systems or infecting lobby computers to steal usernames and passwords. The latest twist however is to target a much more practical application, the hackers are taking over the hotels keycard systems. The application which controls, registers and deregisters the room control cards – effectively controlling access to guests rooms – locking them in or out at will. These are often also linked directly to reservation systems which can also cause havoc for any hotel.
There have been many rumours of these attacks taking place, however one hotel has decided to admit that they were attacked and decided to pay the ransom. The hotel is a luxurious four star place in Austria called the Romantic Seehotel Jaegerwirt set alongside a beautiful Alpine lake. Like many modern hotels they have a sophisticated IT system which controls all the key cards. When the system was compromised none of the keys worked and nobody could open any of the room doors – customers were either locked in or out of their room.
Imagine the chaos that would cause the hotel management, especially on the opening weekend of their busy Winter season. Then the demand came, a relatively modest request for 1500 EUR paid in Bitcoins in order to restore their key card system and access to the reservation application. As the manager pointed out, the police and insurance are of little help when you have 180 guests locked out of their rooms. The manager decided that paying the demand was quicker and cheaper than any other alternative. There are two crucial aspects to this case, the modest request and the fact that when it was paid the hackers kept their word and restored the system. These factors are crucial to convincing victims that ‘paying up’ is the sensible option it in fact the best business decision in the circumstances.
Cyber crime is moving into a new and more dangerous phase than the amateuristic attacks we have seen in the past. More and more of our world and systems are accessible online, the IoT (Internet of Things) is bringing vulnerabilities into our world that previously didn’t exist and criminals are using these avenues to run their businesses. The hotel has interestedly identified an upgrade that will prevent these attacks in the future, their next refurbishments will replace the keycards with ordinary keys which were originally used by the hotel when it opened over a hundred years ago.