Hotels and Free Wi-Fi Are Sitting Ducks for North Korean Cybercriminals

Recent Features

Flashpoints | Security | East Asia

Hotels and Free Wi-Fi Are Sitting Ducks for North Korean Cybercriminals

North Korea has a track record of conducting sophisticated cyberattacks from unexpected locations through highly creative means.

Hotels and Free Wi-Fi Are Sitting Ducks for North Korean Cybercriminals
Credit: Illustration by Catherine Putz

While often viewed as an expected luxury when traveling, free and/or unprotected Wi-Fi can open the digital door to a world of malicious cyber actors ranging from meddlesome hackers to North Korean cybercriminals. The dangerous combination of weak or nonexistent cybersecurity protocols, relaxed travelers and employees, and increased e-commerce and digital financial activity provide an ideal environment for cybercriminals moonlighting as ordinary guests to hack the world.

North Korea has a track record of conducting sophisticated cyberattacks from unexpected locations through highly creative means. For example, the infamous 2014 cyberattack against Sony Pictures Entertainment was later traced to The St. Regis Bangkok hotel and attributed to a North Korean cyberagent working for the notorious Lazarus Group. In other words, North Korean cybercriminals launched a destructive cyberattack against a world-renowned entertainment company using the Wi-Fi of a hotel in Thailand. Over the years, North Korean cyberattacks have been immensely successful in compromising and stealing millions of dollars from individuals, financial institutions, and cryptocurrency exchanges.

While some argue that North Korean cybercriminals still lag behind their Russian or Chinese counterparts, the fact that Pyongyang has been this successful against tech giants like the United States exposes the misconceptions surrounding their cyber capabilities. A main distinction is that while Chinese and Russian cybercriminals have greater access to advanced technologies and the global web, North Korean cybercriminals must venture outside of their country to jurisdictions with lax sanctions enforcement and cybersecurity protocols to conduct cyberattacks. And this includes hotels and commercial establishments.

Chinese-owned companies have repeatedly provided avenues for North Korean agents to operate freely under the guise of legitimate employment or joint ventures. For example, the U.S. Treasury Department designated the Dandong Hongxiang Industrial Development Company in 2016 as a major facilitator of sanctions evasions on behalf of North Korea through industrial trading, consultant services, and joint hotel management. One of the most famous ventures was the Chilbosan Hotel in Shenyang, China, which allegedly housed North Korean cyberagents for years, providing a safe haven for these cybercriminals to teach, practice, and conduct malicious cyberattacks. According to media reports, the Chilbosan Hotel was later closed within the 2017-2018 timeframe due to international pressure and regulations from the United Nations Security Council. However, this hotel in Shenyang is most likely just a drop in the ocean of numerous foreign outposts hosting North Korean cyber agents searching for ways to hone their skills and conduct additional cyberattacks.

While far from a panacea to the perennial North Korean cybercrime issue, strengthening individual and corporate cybersecurity protocols, especially at hotels, and for companies providing free Wi-Fi with weak or predictable passwords, is helpful in limiting the overall risk to exposure and exploitation. A basic, but important step for travelers is to bring their own portable password-protected Wi-Fi router or invest in a VPN provider for their laptop and mobile phone. VPNs, or virtual private networks create a private network connection that obfuscates the connected devices’ original internet protocol (IP) address when connecting to the internet. While certainly not hack-proof, this extra layer of protection can lower the risk of exposure and exploitation.

Hotels and other establishments can increase their own cybersecurity protocols by first training their staff on proper cyber hygiene, and then creating new and unpredictable passwords for their online property management systems and Wi-Fi services. Routine updates in security systems and changing passwords on a scheduled basis without advanced notice can also lower risk. This may disgruntle customers who frequent the same hotel several times a year, but it will reduce the possibility of cybercriminals accessing Wi-Fi networks and predicting passwords.

While frayed diplomatic relations and travel restrictions may prevent North Korean agents from visiting any hotel or Starbucks in the United States, this hasn’t prevented them from successfully targeting U.S. persons, organizations, and financial institutions. Major American hotels and hospitality companies have also expressed their concern over massive data breaches potentially affecting the safety and financial security of millions of guests. There have even been cases of cybercriminals breaching the security network of a Las Vegas casino through an internet-connected fish tank in the lobby. Although not at the same potential threat level as a North Korean hacker attempting to procure funds for Pyongyang’s nuclear weapons development program, this clearly demonstrates how cybersecurity must now become an everyday aspect of both national and individual efforts to protect ourselves and our wallets.