Hackers Open a New Front on Travelers

Jon Markman

While everyone was celebrating a covid-19 vaccine breakthrough last night, MGM Resorts (MGM) customers were getting the bad news their personal data is being sold on the dark web.

To add insult to injury, the asking price for the names, addresses and some credit card information for 142 million guests is only $2,900 – preferably in untraceable Bitcoin.

The incident shows that protecting consumers in cyberspace from hack attacks is proving just as hard as protecting them in the physical world from viruses.

Cybersecurity needs a new approach as corporate data breaches have become commonplace. Even as businesses stiffen defenses, hackers grow more sophisticated. And often the bad guys are sponsored by authoritarian states with deep pockets and nefarious end games.

When the severs of Marriott International (MAR) were compromised in 2018, cyberthieves made off with the unencrypted passport numbers of 5.25 million guests, and personal data, like credit card numbers, for 500 million hotel club members.

FBI analysts, according to an Associated Press report, believe the Chinese Ministry of State Security was the architect of the Marriot breach. Experts surmised the interest was purely strategic.

Passport information allows CMSS, the Chinese version of the CIA, to compile detailed dossiers on Marriot’s many political and business leader patrons, including access to their health and financial records. When combined with credit card data, tracking the exact whereabouts of these VIPs is easy. The possibility for corporate espionage and blackmail is endless.

The MGM hack surfaced in February when a tranche of personal data for 10.6 million hotel guests was offered for free on a hacking forum. According to a report at ZD Net, a spokesperson for MGM acknowledged the breach and said corporate managers had reached out to affected patrons.

The newest attack occurred the weekend of July 12. The size of the breach, 142 million guests, and the low asking price, is in keeping with similar posts on Russian-speaking dark web.

Fancy Bear, an elite Russian hacking group, along with the GRU, Moscow’s military intelligence service, combined in 2017 to infiltrate hotel Wi-Fi in Europe and the Middle East. The thieves silently collected cached usernames and passwords. The hack was so sophisticated, users didn’t even have to sign in to become compromised.

Most cyber security involves building walls around systems. Fancy Bear, and other state sponsored hackers, have been able to crack this antiquated defense by getting inside applications within the system, like hotel Wi-Fi.

Once they are inside the application, manipulating the system and scooping up personal data is easy.

Most cybersecurity efforts so far have sucked, but a relative newcomer, called Zscaler (ZS), has found success in building walls around data, not applications and systems. The San Jose, Calif.-based company makes cloud-based, next generation firewalls that are gaining traction with corporate, non-profit and government clients. I wrote about the company back in April here.

To get a bit more geeky, this idea is called Secure Access Service Edge. The Zscaler Internet Access platform is one of the leading technologies, recently winning the customer’s choice category at Gartner (IT), an influential information technology researcher.

ZIA, at peak, processes 100 billion requests, with 120,000 unique security updates every day. Every endpoint, from powerful workstations and laptops, to smartphones and tiny internet of things appliances, get the same level of security. When a threat is identified anywhere, it gets blocked on the ZIA cloud platform everywhere.

That kind of versatility has been especially valuable during the pandemic. Millions of employees are now working remotely, often accessing secure enterprise servers through less than secure Wi-Fi connections.

Zscaler software gives enterprises the ability to build walls around data, even when networked applications have been compromised. And the cloud-based code works across low security Wi-Fi networks at home, inside delis, coffee shops and hotel rooms, too.

When the company reported third quarter financial results in May, we learned that sales jumped 40% year-over-year, to $110.5 million. Traffic on its private access cloud grew 10x since February.

Shares have been zooming higher. Zscaler stock is up 162% in 2020. The surge puts shares at 41.4x sales. Given the size of the opportunity, and the pressing needs for the technology the company provides, this is reasonable.

Longer-term investors should join the battle against hackers – and buy ZS shares into weakness.

Comments (2)
No. 1-2
Jon Markman
Jon Markman


It's possible but no way to say for sure. The MGM hack was definitely about money, however, while the Musk-Gates-Bezos exploits were more about showing off. .... But either way both are wakeup calls that should make everyone aware that the hacker gangs can attack at will because most cybersecurity measures are largely a joke even this late in the game.


You think it's connected to the Elon Musk / Bill Gates Twitter hacks?