Threat Intelligence Blog

This week a web developer blogged about his experience at a Marriott Courtyard near Times Square, where he discovered that the hotel was injecting ads into his web browsing experience. The story touched a nerve with some who object to the notion that the hotel might modify webpages they view especially when they would already be directly charged for using the hotel’s wifi. The popular tech blog TechCrunch featured the story as well, detailing the company used by Marriott Courtyard to insert the ads into its guests’ internet surfing.

While the modification of content we view on the fly at a hotel so the hotel can profit (again!) from our use of their wifi is concerning, a more serious issue faces business and leisure travelers. Consider the image below.

This is a screenshot taken in January 2012 at the Marriott Marquis Times Square location (not the same site as mentioned above, but nearby) during the International Conference on Cyber Security held by the FBI and Fordham University. You can see the list of available wifi networks that are available to guests.

Which one should you join? The ones that are not password protected maybe? The one that mentions Marriott? The one that reads “Hotel Internet”?

The question is important because the traffic you send from your computer onto the internet at large can contain sensitive information like passwords, credit card numbers, and maybe even confidential documents. Attackers can set up fake wifi networks that may behave as if they’re simply allowing you access to the internet but are actually intercepting and collecting information you send.

What can you do to reduce the likelihood that your traffic is compromised?

  • Make sure you join the network that is officially recommended by the hotel itself. There is generally one, and only one correct network you should use. Don’t be tempted by ones that don’t ask for passwords just because they seem free!
  • Use a VPN when you are online to encrypt your online communications. That way if your traffic is intercepted, it will be difficult or impossible for attackers to read.
  • Use browser plugins like HTTPS Everywhere to force your communications with certain websites to be encrypted. It doesn’t ensure that all your data is completely safe, but it will create a secure connection or “tunnel” between you and many popular destinations.

To be clear, the Marriott Marquis in Times Square is not in a position to prevent other wifi networks from being offered to their guests. Times Square is a very busy, crowded area where the large range of some wifi networks might “spill over” into their guests’ space. Nor are they able to block rogue wifi signals that may originate within their premises.

The onus is on internet users in such congested areas to be informed about safely connecting online. Consider yourself informed!

Additional Posts

APWG’s CeCOS Conference in Prague: Face to Face Collaboration in the Fight Against eCrime

Cyber crime never quits. Just this week the DEA made the impressive announcement that it had ...

Defensive Measures of Google+ for Businesses

By now you are likely familiar with Google+, also written Google Plus. While some regard the ...