A new book published the story .. Why did the US intelligence target the famous booking site “Booking.com”?
A hacker working for a US intelligence agency hacked the servers of the Booking.com platform in 2016 and stole user data from the Middle East, according to a book – published on Thursday – that confirmed that the online travel agency chose to keep the incident a secret and did not inform customers.
Amsterdam-based Booking.com made the decision after contacting the Dutch intelligence service AIVD to investigate the data breach.
On the advice of legal counsel, the company did not notify affected customers or the Dutch data protection authority, as booking.com was not legally obligated to do so, because no sensitive or financial information was accessed.
The IT professionals who work for Booking.com told a different story, according to the book De Machine: In de ban van Booking.com. The book’s authors – 3 journalists for the Dutch newspaper NRC – reported that the internal name of the breach was “PIN Leak”, because the breach involved PINs stolen from reservations.
The book also stated that the person responsible for the hack gained access to thousands of hotel reservations that include Middle Eastern countries including Saudi Arabia, Qatar and the United Arab Emirates; The disclosed data included the names of “booking.com” customers and their travel plans.
Two months after the hack, US private investigators helped the security department of “booking.com” determine that the hacker was an American who worked for a company that carried out tasks for the US intelligence services. The authors did not specify which agency was behind the intrusion.
Hotel and travel data has always been a highly sought-after commodity among hackers working for countries. And in 2013, an informant from the US National Security Agency exposed Royal Concierge, a program created by spies from Britain’s GCHQ to track reservations at 350 luxury hotels around the world. The spies used the data to determine which hotel targets of interest were staying at; So field workers can then plant listening devices in their rooms.
In 2014, security firm Kaspersky Lab unveiled the Dark Hotel campaign, a years-long campaign that used hotel Wi-Fi networks to infect the devices of targeted guests in order to gain access to information. sensitive.
The people behind the campaign, likely working on behalf of a country, have shown a special interest in political officials and CEOs worldwide.
In a review of the new book published on Thursday, the authors said a representative for Booking.com confirmed that there had been unusual activity in 2016, and that security personnel investigated the entire event immediately, and that the company never disclosed it. A Booking.com representative said the company had no legal responsibility for failing to disclose the breach, because no evidence was found that it caused “actual negative effects on the private lives of individuals”.