Hacking at hotels: mutating threats at the ramparts

Earlier this month the Wall Street Journal reported on a New York City hotel company becoming the nth victim in an old and familiar scenario that compromised both the hotel company and many of its guests when an internal  auditor has stole hundreds of guests' credit card information and sold it for illicit profits. Another, significantly more bizzare case, involved a Hungarian man who attempted to blackmail Marriott International into giving him a job lest he released proprietary corporate information to the public. The Hungarian man quickly found himself in federal custody.

While the New York case involves a rogue internal employee, frequently, the stealth-attacks on privacy and personal data stem from sophisticated operators situated in remote geographical locations. Unfortunately, the holiday season is rife with opportunites for cyber-thieves for it is a time when people let their guards drop and more inclined to be sloppy with protecting their personal and credit card details. Increasingly, social networking sites are where the cyber-criminals find easy pickings.

A raft of new technologies trotted out by technology companies with a view to data mining and security could potentially prove "useful" to the cyber-criminals in their efforts at compromising hotels and their guests. The Journal brought out a Surveillance Catalog,  "an online database containing highlights from surveillance industry marketing documents. The documents show dozens of companies making and selling everything from “massive intercept” gear that can gather all Internet communications in a country to “hacking” tools that allow governments to break into people’s computers."

Similarly, the New York Times reports on how researchers at Carnegie Mellon's Heinz College used facial recognition technology to identify "the interests (of students) and predicted partial Social Security numbers". Carnegie's felicitously named lead researcher, Alessandro Acquisti, declaimed without irony "It’s a future where anonymity can no longer be taken for granted."

Some hotel chains already have facial recognition technology as a security measure. But with cyber-thieves a mere step away if not ahead, it would be unsurprising if they did not use state-of-the-art technology like that touted by the UK's Gamma International, which claims to have the ability to send “fake iTunes update” that can infect computers with surveillance software.  Breaching corporate walls to come up with a treasure trove of consumer/guest data for nefarious uses should then be mere steps away.

Published by

Vijay Dandapani

Co-founder and president of a New York based hotel company for 24 years. Grew the firm to five hotels in Manhattan and also developed a greenfield project at MacArthur airport, New York. Speaker at numerous prestigious forums including Economy Hotels World Asia, Lodging Conference, NYU, Columbia University Real Estate Roundtable, Baruch College's Zicklin School and ALIS. President and ceo of New York City Hotel Association since January 2017.