Hilton Tokyo - ID stolen via Wifi (January 2016)

[tgh]

Re: Hilton Tokyo - ID stolen via Wifi

And it was a Mac. … pop (comfort bubble burst)

We carry a lot of info on the laptop when we fly … time for some security measures….

 

[Cynicor]

Re: Hilton Tokyo - ID stolen via Wifi

And it was a Mac. … pop (comfort bubble burst)

We carry a lot of info on the laptop when we fly … time for some security measures….

Tell me about it. We all thought the issue was Dad and his computers which are old, unpatched and have adware, but realisticlly mine was the only one with enough data for everyone to be hacked, and then the AFP asked about Hilton Tokyo too... Embarrassing to say the least.

 

[Cynicor]

Re: Hilton Tokyo - ID stolen via Wifi

I've started using a removable usb flash drive, a tiny one. It's always in the computer then comes out when I travel.

 

[JohnK]

Re: Hilton Tokyo - ID stolen via Wifi

With the phone porting, you can apparently do it all online with just a few details. I reckon I could move my friend's numbers quite easily. Check it out yourself!

Wouldn't this be a more common problem not just with identity theft?

 

[Daver6]

Re: Hilton Tokyo - ID stolen via Wifi

No malware on laptop- it was actually bought for that trip. Not sure if it was purely via the wifi but definitely the hotel.
My guess is network sharing of some sort. And it was a Mac.
Not sure if a vpn would have helped, my ongoing plan is just to tether to my portable hotspot from now on.
With regard to the fx, there was a bust last year of some local students who had been paid to set up fx accounts then look the other way.
It's very lucrative considering they got around a mil from us in about a week.

With the phone porting, you can apparently do it all online with just a few details. I reckon I could move my friend's numbers quite easily. Check it out yourself!

On the phone number porting side. This is why two factor authentication using SMS is considered insecure. Actually part of the reason, not the only reason.

Unless you had the documents the were compromised in a shared/public folder, I don't see how its possible they were access then UNLESS there was another "in" into your computer. Ie, password compromised or via a zero day exploit.

Not suggesting for a minute you did anything wrong. I just find it intriguing and being a field of interest to me, am curious what the actual exploit was.

 

[lovetravellingoz]

Re: Hilton Tokyo - ID stolen via Wifi

And it was a Mac. … pop (comfort bubble burst)

We carry a lot of info on the laptop when we fly … time for some security measures….

I travel with a laptop too. But I do not store any real critical info on the actual computer (it may be lost, stolen, hacked, fail etc. The computer is just used to access that type of info if required.

For each trip I will normally as back up, and for convenience, have a travel folder with PDFs of travel vouchers, bookings etc. But that is about it.

I certainly do not store any financial details on the laptop.

My latest laptop has a fingerprint scanner for logging in, and after reading this thread I am more glad I went that way.

 

[lovetravellingoz]

Re: Hilton Tokyo - ID stolen via Wifi

My ID was stolen at the Hilton via the Wifi so avoid using it if you can! Lost (temporarily) over 6 figures of cash over various family member accounts

Nasty.

But from what I have read in this thread it would seem that you are just guessing it was via the wifi, and the hotel's wifi


That the AFP nominated that particular hotel means that there was something about that hotel that was involved. Hotel Wifi possibly. But lots of other possibilities including other quests, employees, or other who could just access the hotel or indeed be nearby.

ie

As already mentioned someone providing a fake free hotel internet access ( or was yours a hotel internet where you had to pay for the internet, and is so was it on your bill?)

Someone having a secret camera positioned over say the room desk so that they could see the login used. and not just the login of your laptop, but also to any of the sites you then accessed. And if you then left the laptop out when you were out they could then access your computer which would make the process of extracting data, installing data logging software a lot more difficult.

 

[ermen]

Re: Hilton Tokyo - ID stolen via Wifi

Actually - is there anywhere to store personal / financial data safely in the cloud?

I used to store mine in google drives.. but since deleted it last night after the OP's story!

 

[lovetravellingoz]

Re: Hilton Tokyo - ID stolen via Wifi

Actually - is there anywhere to store personal / financial data safely in the cloud?

I used to store mine in google drives.. but since deleted it last night after the OP's story!

I think that there are some apps that you can use.

But I just minimise things by:

1/ Cryptically storing the login/username (BUT not the password) buried within numerous folders in an email account if it is not something that I will 100% remember (ie some use email addresses and so need to store). My most used usernames (ie main bank, Amex) I just remember, and so it is more for accounts that are not regulars. ie credit cards that I am churning etc.
2/ I have a system that I use for passwords so that each password is unique, but that I can generate it in my head on demand. My wife knows my system and so she can access if something happened to myself.

 

[Daver6]

Re: Hilton Tokyo - ID stolen via Wifi

As already mentioned someone providing a fake free hotel internet access ( or was yours a hotel internet where you had to pay for the internet, and is so was it on your bill?)

The way this attack would work is instead of connecting to the hotel wifi, you connect to the bad actor's wifi access point. This access point then connects to the hotel's network. Now all traffic can be intercepted and decrypted on the layer 2 level. However, if using https, the layer 3 traffic is still going to be encrypted. The way around this would be with DNS spoofing. So when you go to gmail.com to access your email, instead you get redicrected to gmaill.com and probably don't notice the difference. Now the secure connection is between your computer and gmaill.com which belongs to the bad actor. they simply pass on the credentials to gmail.com and save them for another day to access your email account.

Chances are you wouldn't have noticed gmaill instead of gmail (just using this as an example).

If the OP only had their data stored locally on their computer and didn't transmit it, then this wasn't the attack vector used.

 

[Cynicor]

Re: Hilton Tokyo - ID stolen via Wifi

The way this attack would work is instead of connecting to the hotel wifi, you connect to the bad actor's wifi access point. This access point then connects to the hotel's network. Now all traffic can be intercepted and decrypted on the layer 2 level. However, if using https, the layer 3 traffic is still going to be encrypted. The way around this would be with DNS spoofing. So when you go to gmail.com to access your email, instead you get redicrected to gmaill.com and probably don't notice the difference. Now the secure connection is between your computer and gmaill.com which belongs to the bad actor. they simply pass on the credentials to gmail.com and save them for another day to access your email account.

Chances are you wouldn't have noticed gmaill instead of gmail (just using this as an example).

If the OP only had their data stored locally on their computer and didn't transmit it, then this wasn't the attack vector used.

I am as intrigued as you are Daver, because the first phone accounts moved were my parents. I did no banking at all at the hotel. I used the hotel's wifi, but unless it was a great spoof of it, then I don't believe it was on an alternate system. As mentioned though, this wouldn't explain the attack fully anyway.

The whole camera and logging on scenario is, oddly, as plausible as any other at this point in time. They are very slick though, so I reckon they earned their money.

 

[Cynicor]

Re: Hilton Tokyo - ID stolen via Wifi

And it is true I have no proof that this occurred in the Hilton Toyko, except:
1. The AFP asking, and having had over several months, similar events with that being the only known connection. Also reports from 1 or 2 others around the world with similar claims.
2. The timing of the attack- it was within 2 weeks of leaving this hotel.
3. My computer being the likely vector makes the most sense, as I have a lot of info on my parents on it- I book all of their flights.
4. No better explanation.

I am fully open to the idea that there is another answer, but no one has really given me a plausible alternative.

This is the article about the students who opened accounts in WA. No idea if there was any relationship to my issues.
http://www.abc.net.au/news/2016-03-...elaiton-to-estonian-bank-account-scam/7221832

 

[jbman]

Re: Hilton Tokyo - ID stolen via Wifi

Possible laptop cloning when you were not in the room?

The WiFi vector seems a stretch to get so much info.

What about the hotel itself having their point of sale systems compromised with your info being in there.

 

[Cynicor]

Re: Hilton Tokyo - ID stolen via Wifi

Possible laptop cloning when you were not in the room?

The WiFi vector seems a stretch to get so much info.

What about the hotel itself having their point of sale systems compromised with your info being in there.

Had to be via laptop in some way, unless it is Hilton Worldwide that is the issue, as my parents were in another part of the world at the same time, and so was my brother.

Cloning/access was a possibility I had not considered, but I think they would have needed a password to get to anything?

 

[Isochronous]

Re: Hilton Tokyo - ID stolen via Wifi

Chilling story - now makes one think how we should deal with keeping passport/bank statement etc scans and the best way of protecting those.

 

[Daver6]

Re: Hilton Tokyo - ID stolen via Wifi

Chilling story - now makes one think how we should deal with keeping passport/bank statement etc scans and the best way of protecting those.

Use something like https://www.veracrypt.fr/en/Home.html would be my suggestion. However, that's not going to protect you if someone has a back-door into your computer. Once you have the virtual disk decrypted to access the information, so could the bad actor with access to your machine.

 

[cmon0005]

Re: Hilton Tokyo - ID stolen via Wifi

Disabling file and printer sharing would probably be a good idea too, as well as having a good virus/malware/wifi security tool. I use norton even on my phone

 

[dragonman]

Re: Hilton Tokyo - ID stolen via Wifi

I wonder if I am the only person wondering about dates. Why share this in August 2017, when it happened in January 2016? I read the original post and assumed this had happened very recently.

 

[Cynicor]

I about it at the time, actually, and on the FT thread on the hotel. Welcome to go hunt for them This was recently split off from a thread on which Hilton to stay in Tokyo, and I added the final paragraph as an aside, which sparked a longer conversation.

*edit* You post actually annoyed me as it sounded slightly accusatory but I've gone back to the original and the way it has been cut does leave a lot of ambiguity. I'll ask a mod to add "on my last stay in Jan 2016" to the first post.

 

[mel1]

Re: Hilton Tokyo - ID stolen via Wifi

I use a password protected document to store all my important info (both at home and for travel) and just remember that password. Is that too simplistic? Been ok so far. I'm not really understanding all this, TBH