Slashdot Mirror

← Back to Stories (view on slashdot.org)

Espionage Campaign Targets Corporate Executives Traveling Abroad

Posted by samzenpus on from the all-your-data-are-belong-to-us dept.

An anonymous reader writes Kaspersky Lab researched the Darkhotel espionage campaign, which has lurked in the shadows for at least four years while stealing sensitive data from selected corporate executives traveling abroad. Darkhotel hits its targets while they are staying in luxury hotels. The crew never goes after the same target twice; they operate with surgical precision, obtaining all the valuable data they can from the first contact, deleting traces of their work and fading into the background to await the next high profile target. The most recent traveling targets include top executives from the USA and Asia doing business and investing in the APAC region: CEOs, senior vice presidents, sales and marketing directors and top R&D staff. This threat actor is still active.

5 of 101 comments (clear)

  1. Re:marketing by VIPERsssss · · Score: 5, Insightful

    Hah, you'd be surprised. "All that encryption stuff just gets in my way. I'm an important person. Just make it work."

    Then you have to clean off all the shit from their laptop when they get back. Or worse, they copied their files to their personal laptop and then took that because it's "easier."

    And how dare a lowly IT admin tell the VP of R&D that what they want is dangerous and stupid.

    --
    We are eternal, all this pain is an illusion.
  2. Re:marketing by Ihlosi · · Score: 5, Insightful
    And how dare a lowly IT admin tell the VP of R&D that what they want is dangerous and stupid.

    You don't. You tell them it's a huge financial risk for the company.

  3. Re:marketing by gstoddart · · Score: 4, Insightful

    Any corporate executive traveling will have encrypted communications from their company as a matter of course.

    In my experience, the more senior the executives, the more they don't think basic security and precautions apply to them.

    I'm inclined to think this kind of thing is quite real.

    --
    Lost at C:>. Found at C.
  4. Re:marketing by CaptainDork · · Score: 4, Insightful

    This has been my experience, as well.

    I have told management that it's not my job to casually suggest that they are taking risks; it's my job to jump up and down and rant and rave.

    I have also informed them that, for any best practice recommendations they choose to ignore, I need a CYA email from them that I have made the risk assessment clear and that they are making the business decision to ignore me.

    For those who will not do that, I send them an email referencing our "talk" about how they have declined to conform with best practice "as we discussed on this date."

    In my shop, system does not drive business ... business drives systems. My job is to inform, insist, and bitch and complain.

    After I apply due diligence (to the max), business evaluates risk and tells me what to do.

    --
    It little behooves the best of us to comment on the rest of us.
  5. Re:marketing by PvtVoid · · Score: 4, Insightful

    no you tape them refusing to adhere to the encryption and if the company suffers a breach or IP is stolen digitally then you pull out that recording and CYOA

    I would suggest that clandestinely taping your boss being an idiot is a pretty good way to find yourself out of a job.

    How about, oh, I dunno, following up such conversations with a friendly, informative email summarizing the discussion and your recommendations, so there's a paper trail?