For three years, guests at the "Aurora Grand" had accepted this as normal. "It's just the backup WiFi," the front desk would say. "If the main fiber goes down, connect to BK-5G and log in here."
And just like that, the hotel’s backup network had a new master. Cipher didn’t want to steal credit cards. Too noisy. He wanted persistence . http- bkwifi.net
The problem? Starlight Networks went bankrupt in 2019, and no one renewed the domain’s enterprise DNSSEC. The hotel’s internal DNS still pointed to a local IP (192.168.88.2) – but the public registration of bkwifi.net had lapsed. In 2022, a grey-hat hacker known only as "Cipher" noticed the expired domain. He bought it for $11.99 on GoDaddy. For three years, guests at the "Aurora Grand"
When a luxury hotel chain’s backup WiFi portal ( http://bkwifi.net ) is hijacked, a junior network engineer discovers a decade-old backdoor that turns a convenience page into a silent data vacuum. Part 1: The Blue-and-White Portal The screen was painfully simple. A white box on a blue background. No HTTPS padlock. Just a form asking for a room number and a last name. Cipher didn’t want to steal credit cards