Slashdot Mirror

← Back to Stories (view on slashdot.org)

Espionage Campaign Targets Corporate Executives Traveling Abroad

Posted by samzenpus on from the all-your-data-are-belong-to-us dept.

An anonymous reader writes Kaspersky Lab researched the Darkhotel espionage campaign, which has lurked in the shadows for at least four years while stealing sensitive data from selected corporate executives traveling abroad. Darkhotel hits its targets while they are staying in luxury hotels. The crew never goes after the same target twice; they operate with surgical precision, obtaining all the valuable data they can from the first contact, deleting traces of their work and fading into the background to await the next high profile target. The most recent traveling targets include top executives from the USA and Asia doing business and investing in the APAC region: CEOs, senior vice presidents, sales and marketing directors and top R&D staff. This threat actor is still active.

5 of 101 comments (clear)

  1. Re:marketing by VIPERsssss · · Score: 5, Insightful

    Hah, you'd be surprised. "All that encryption stuff just gets in my way. I'm an important person. Just make it work."

    Then you have to clean off all the shit from their laptop when they get back. Or worse, they copied their files to their personal laptop and then took that because it's "easier."

    And how dare a lowly IT admin tell the VP of R&D that what they want is dangerous and stupid.

    --
    We are eternal, all this pain is an illusion.
  2. Corporate espionage is standard practice by quietwalker · · Score: 5, Interesting

    ... at least, outside of the US, it seems. Many countries have a policy that basically boils down to "if you can grab it, then it's yours, and it's impolite for another company to point fingers and claim you stole it." Not as litigious perhaps, but certainly less trustworthy. I got the standard 4 hour class from at least two companies; don't talk to folks on planes about it, don't talk to folks at the hotels, they'll arrange friendly people to sit next to you, or have a room next to you, or to flirt or whatever. Act as if your laptop/other hardware WILL be stolen or sabotaged. Keep one for travel with only the minimum relevant information on it, and so on.

    I worked for a company once that did big data analysis for the semiconductor industry. Boosted yield rates by anywhere from 3 to 15%, which is a big deal. It was a service, not a software product, so we took their data, did our analysis, and the product was suggestions to correct their process, with proof. Obviously we had a lot of special software on the backend which represented our core IP, and we protected that.

    When we went to China, we rewrote the executable so it was encrypted, plus locked to the CPU id.

    Part of our process required about 18-20 hours to run on the puny laptops we had available, and the folks we met actually laughed when they told us we couldn't stay the night, nor take the systems back to the hotel with us because they had been exposed to their internal network. So we chained it to a desk, and the next morning, the system had died, and it looked like someone had removed the hard drive while the thing was running. Apparently after a day in a half of processing later, they realized they couldn't get their copy to run, and explained that they had to keep our machine, forever, but they would provide us with one that was equivalent - loaded with virii and spyware no doubt.

    One of the individuals actually begged us to stop when we took apart our laptop and ground the hard drive and cpu up and shattered the boards. Total lack of composure, I assume he was losing his job at that point.

    However, that was just par for the course for much of Asia, barring Japan.

  3. Re:marketing by OzPeter · · Score: 5, Interesting

    Any corporate executive traveling will have encrypted communications from their company as a matter of course.

    This post is nothing but a weak attempt at Kaspersky marketing.

    I just read this on the weekend: The icky part of tech support: Porn and other NSFW surprises

    Which has a wonderful bit of text in it:

    In a survey published last year by software vendor ThreatTrack Security, 40% of tech support employees said they'd been called in to remove malware from the computer or other device of a senior executive, specifically malware that came from infected porn sites.

    Would you care to revise your opinion of corporate executives?

    --
    I am Slashdot. Are you Slashdot as well?
  4. Re:marketing by Ihlosi · · Score: 5, Insightful
    And how dare a lowly IT admin tell the VP of R&D that what they want is dangerous and stupid.

    You don't. You tell them it's a huge financial risk for the company.

  5. Re:marketing by TheCarp · · Score: 5, Interesting

    and the more people are willing to kow-tow to them.

    We had a presentation once at a previous job on the new corperate single sign on system. I thought it was really strage that they were, in fact, storing passwords using an encryption rather than a hash, a fact which they made fairly clear was not simply a slip up in terminology.

    After the presentation I grabbed the presentor for a side conversation and asked why they didn't use a hash when that would be far more standard, and he sighed and said that it was because some people couldn't get over the idea of not being able to recover the password if a high level exec asked them to.

    --
    "I opened my eyes, and everything went dark again"