酒店業(yè)的信息安全危機(jī)

酒店業(yè)的信息安全危機(jī)

希爾頓酒店宣布其信息系統(tǒng)遭黑客入侵，特朗普酒店近日也表示其支付系統(tǒng)已經(jīng)被黑客攻擊了一年之久。近幾年客戶(hù)信息遭到黑客竊取的事情層出不窮，甚至有專(zhuān)家警告說(shuō)，這里，就是黑客們的下一個(gè)靶場(chǎng)。

測(cè)試中可能遇到的詞匯和知識(shí)：

cyber 信息技術(shù)的

point of sale system 銷(xiāo)售網(wǎng)點(diǎn)系統(tǒng)

encrypted 加密

disguise 偽裝

malware 惡意軟件

Tripwire 文件系統(tǒng)完整性檢查的軟件工具

閱讀即將開(kāi)始，建議您計(jì)算一下閱讀整篇文章所用時(shí)間，并對(duì)照我們?cè)谖恼伦詈蠼o出的參考值來(lái)估算您的閱讀速度。

Hotel sector faces ‘cyber crime wave’ （645words）

By Malcolm Moore in London and Hannah Kuchler San Francisco

* * *

The hotel industry is the next big target for cyber criminals, experts have warned, after Hilton became the fourth major hotel group to have customers’ credit card details hacked.

Hilton Hotels, Starwood Hotels & Resorts, Mandarin Oriental and the Trump Collection have all admitted that their payments systems were compromised this year as hackers hunting for credit card details switch their attention to the leisure industry. This week Hilton and Starwood said guests’ personal details had been taken after hackers gained access via payment systems.

Hilton said customer data had been accessed over 17 weeks, from November 18 to December 5, 2014 or April 21 to July 27, 2015.

“The reality is the sector as a whole is dealing with a cyber crime wave,” said Tom Kellermann, chief cyber security officer at Trend Micro, which sells security software.

“Customers should be very concerned because in general the industry has insufficiently invested in cyber security.”

Hackers managed to plant viruses into the hotel companies’ point-of-sale systems, and some of the data stolen may not have been encrypted, according to Mr Kellermann.

Trend Micro identified one virus, called MalumPoS, which targets Oracle’s Micros platform, a system used at more than 330,000 sites throughout the hotel and leisure industry by companies including InterContinental Hotels, Travelodge, Hyatt, Wyndham, and Accor.

“This type of virus can compromise 95 per cent of the POS systems on the planet,” said Mr Kellermann.

The virus disguises itself as a legitimate program and then scrapes through systems to hunt for credit card details.

Hilton, Starwood and Oracle declined to comment.

The widespread use of the same strain of malware suggests that the attacks may have been carried out by organised criminals, who then either sell databases of customer credit card details on to fraudsters or conduct the fraud themselves.

Credit card details sometimes are not used for months after they have been stolen or even until after the free credit monitoring often offered by companies expires to lull victims into a false sense of security.

Hackers have turned their attention to hotels after retailers began improving their security following a series of high-profile attacks on US chains in late 2013 and 2014, including breaches at Target and Home Depot.

Justin Harvey, chief security officer at Fidelis Cybersecurity, a US threat detection company, said customers would be worried because enough details may have been stolen to complete a purchase — and potentially in two separate incidents.

Details included cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers.

“POS systems have been targeted by con artists for years and malware, which strips away consumer data, is only the latest in this form of attack,” Mr Harvey said.

Lane Thames, a security researcher at Tripwire, added: “If a company has any type of payment processing system, then rest assured someone somewhere has or will eventually try to find a way to break in to steal valuable payment-related information.”

Stuart Poole-Robb, chief executive of cyber security and business intelligence advisers KCS Group, also said the hotel industry was “behind on the issue”.

“Their IT security is only just catching up. Hoteliers don’t take much notice of hackers sitting in their lounges hacking guests’ WiFi,” he said.

“Vulnerable hotels are Sheraton, Hyatt and Ritz-Carlton. They could all do more than they have done thus far. The less well known hotel groups, second division so to speak, in the major capitals are in an even worse state.”

Mr Kellermann said that only Marriott had taken cyber security seriously and urged it to conduct due diligence on the matter as part of its acquisition of Starwood.

“They need to conduct a compromise assessment of the entity that they are going to acquire — what malware is already living in Starwood. Is the target is already diseased?” he said

請(qǐng)根據(jù)你所讀到的文章內(nèi)容，完成以下自測(cè)題目：

1. What kind of information are hackers hunting for?

a. customer's preferences

b. home address

c. credit card details

d. work details

2. Why should customers be very concerned about their information security when check in the hotel by Tom Kellermann?

a. Customers pay too much attention to relax.

b. Hotel sector has insufficiently invested in cyber security.

c. Hotels always use pirated software.

d. Hackers are interested in this industry.

3. How to scrapes through hotels’ systems for MalumPoS?

a. looks for the bugs of system

b. attack the mail system

c. monitor network status MalumPoS

d. disguises to be legitimated

4. Which one is not included as the stolen details?

a. personal identification numbers

b. cardholder names

c. payment card numbers

d. security codes

[1] 答案c. credit card details

解釋?zhuān)汉诳屯ㄟ^(guò)酒店的支付系統(tǒng)盜取旅客的信用卡信息。

[2] 答案b. Hotel sector has insufficiently invested in cyber security.

解釋?zhuān)喊踩浖?jīng)銷(xiāo)商認(rèn)為，酒店在對(duì)于防范網(wǎng)絡(luò)犯罪并未投資太多。

[3] 答案d. disguises to be legitimated

解釋?zhuān)哼@類(lèi)病毒是通過(guò)把自己偽裝成為一個(gè)合法程序入侵酒店的系統(tǒng)。

[4] 答案a. personal identification numbers

解釋?zhuān)罕桓`信息包括持卡人姓名、支付卡編號(hào)、安全碼及其失效日期，但不包括持卡人住址和身份證號(hào)碼。