Hotel hacker confesses to Trojan mayhem

A hacker has pleaded guilty to stealing data from the guests of 25 US hotels by installing keylogging Trojans on business centre PCs.

Mario Simbaqueba Bonilla, 40, was able to steal passwords, account data and other personal information, the US Department of Justice (DOJ) announced. The computer fraud scheme had more than 600 victims worldwide, including Department of Defense employees, the DOJ said.

He used money obtained in the scheme to buy expensive electronic devices, including a home theatre system, and to fund luxury travel to Hong Kong, France, Jamaica, the US and other locations, according to the indictment in US District Court for the Southern District of Florida.

Bonilla, sometimes working with a co-conspirator, used a series of complex computer intrusions to steal money from payroll, bank and other accounts.

Simbaqueba Bonilla used the data he intercepted from his victims, who were typically guests at hotels throughout the US, to steal or divert money from their accounts into other accounts he had created in the names of other people he had victimised in the same way, the DOJ said.

Through a complex series of electronic transactions designed to cover his trail, Simbaqueba Bonilla would transfer the stolen money to credit, cash or debit cards and have the cards mailed to himself and others at Pak Mail and other commercial mailing addresses.

Federal agents arrested Simbaqueba Bonilla when he flew into the US in August.

R Alexander Acosta, US Attorney for the Southern District of Florida, warned travellers to think twice before entering personal information on a public computer.

"Unfortunately, this is not an isolated case," Acosta said in a statement. "The Internet is an outstanding tool, but it is vulnerable. Criminals like Bonilla use the Internet to steal our banking and personal data, and then our money."

Original reporting by Grant Gross, IDG News Service.