Hackers target CEOs; Immigration Dept broke privacy law; Juniper CEO mysteriously quits

Security researchers have warned of a group of hackers who target high-profile CEOs and executives when they stay at hotels, often in the Asia Pacific region.

Kaspersky Labs last week revealed details on the hackings. The company refers to the hacking campaign as “Darkhotel”.

“Darkhotel hits its targets while they are staying in luxury hotels. The crew never goes after the same target twice; they perform operations with surgical precision, getting all the valuable data they can from the first contact, deleting traces of their work and melting into the background to await the next high-profile individual,” a Kaspersky statement read.

The company said the most recent travelling targets include top executives from the US and Asia doing business in the Asia Pacific region.

Kaspersky explained that those behind Darkhotel have maintained an effective intrusion set on hotel networks over a period of several years. They wait until the target connects to the hotel’s Wi-Fi network, then trick them into downloading and installing a backdoor that purports to be an update for legitimate software like Google Toolbar, Adobe Flash or Windows Messenger.

This backdoor can then be used to download other malware, like keyloggers and Trojans, onto the machine. The tools can steal keystrokes, hunt for cached passwords in internet browsers and steal intellectual property pertaining to the target’s business from the target’s computer.

“When travelling, any network, even semi-private ones in hotels, should be viewed as potentially dangerous,” Kaspersky advises. Tips for avoiding Darkhotel are available on the Kaspersky site.

Juniper Networks CEO quits in mysterious circumstances

Shaygan Kheradpir has resigned as Juniper Networks’ CEO following a review into his leadership and conduct by the company’s board of directors. Kheradpir has also resigned as a director of the company.

The company announced the change in a statement last week, saying that Kheradpir’s resignation “follows a review by the board of directors of his leadership and his conduct in connection with a particular negotiation with a customer”.

“The board and Kheradpir have different perspectives regarding these matters,” the company said.

The WSJ quoted the company’s chairman Scott Kriens as saying: “In the board’s judgement, the conduct was inconsistent with our expectations.”

“But it’s really about our definition of leadership at Juniper,” the WSJ reported Kriens as saying.

Kheradpir will reportedly be required to repay Juniper about US$2.7 million from a US$5 million signing bonus and up to US$150,000 from payments that Juniper agreed to make to help him relocate to the San Francisco area.

The company’s Rami Rahim has stepped into the CEO role and has been appointed to the board, effective immediately.

Rahim has worked at Juniper for about 17 years. Prior to the CEO role he served as executive vice president and general manager, Juniper Development and Innovation. He started at the company as employee number 32 and worked as an engineer on the company’s first product, the M40 core router.

Immigration Dept broke law in asylum seekers breach

The Office of the Australian Information Commissioner (OAIC) has declared that the Immigration Department broke the law when the personal information of almost 10,000 asylum seekers was leaked online earlier this year.

Specifically, the OAIC found that the Department of Immigration and Border Protection (DIBP) breached the Privacy Act 1988 by “failing to adequately protect the personal information of approximately 9250 asylum seekers”. The OAIC also said the DIBP “unlawfully disclosed personal information”.

“The Office of the Australian Information Commissioner (OAIC) was notified by the Guardian Australia on 19 February that a ‘database’ containing the personal information of ‘almost 10,000’ asylum seekers was available in a report on DIBP’s website,” the OAIC said.

The report in question was available on the DIBP’s website for approximately eight and a half days. The OAIC said that the DIBP removed the report from its website within an hour of being notified.

The leaked information contained individuals’ full names, gender, date of birth, location, boat arrival details and more.

The OAIC has provided an account of the sequence of events leading up to the data breach, saying that statistical data was mistakenly embedded in a Word document that was published on DIBP’s website.

“I have made a number of recommendations about how DIBP could improve their processes, including requesting that they engage an independent auditor to certify that they have implemented the planned remediation. I have asked DIBP to provide me with a copy of the certification and the report by 13 February 2015,” Australian Privacy Commissioner Timothy Pilgrim said.

The OAIC noted that because the breach occurred before 12 March 2014, the privacy commissioner’s powers under the Privacy Act 1988 were limited to making recommendations.

The OAIC said it is still receiving privacy complaints from individuals affected by the breach. More than 1600 complaints have already been made.

Image courtesy Schristia under CC