back to article Marriott fined $600k for deliberate JAMMING of guests' Wi-Fi hotspots

The Marriott has been fined $600,000 by the FCC for paralyzing guests' personal Wi-Fi hotspots, forcing them to use the hotel giant's expensive network instead. The US watchdog today said the Marriott Gaylord Opryland in Nashville, Tennessee, used monitoring equipment to illegally boot hotel and convention center guests off …

  1. Greg 24
    Pint

    Oh dear

    Friday evening - couldn't really get past the Hotel name, fokkers!

    1. Kingston Black

      Re: Oh dear

      Were the owners watching re-runs of the Dick Emery Show?

  2. NoneSuch Silver badge
    Devil

    Excuse me while I de-auth Marriott from my list of acceptable travel hotels.

    (Make note for P.A.)

    Thank you. Please carry on.

    1. larokus

      Yeah unfortunately this news comes a month after I've prebooked for next week, though not in Nashville. Needless to say I'll be watching out for NetEnforcer, though I'm not exactly sure what the CRTC does if anything so my complaints will likely work as well as my hotspot.

      1. Dan 55 Silver badge

        Now would be the time to investigate Bluetooth/USB tethering...?

        1. Number6

          That was my thought too, I've used the phone on a USB cable before now.

          1. Anonymous Coward
            Anonymous Coward

            Prebooked

            Don't you just mean booked?

            Interestingly enough I found a lot of hotels were giving free WiFi access of a reasonable quality when I traveled through France a few weeks ago. Especially the smaller more independent ones, surprisingly nice rooms and good service too.

    2. Persiflage

      Excellent call...

      ...now excuse me while I instruct our travel partners to de-auth Marriott from the entire company's list of acceptable travel hotels. Someone just made the "only permitted if no other option available" list.

      But hey, we only use booking software supplied by well-known, reputable vendors and I believe my actions to be lawful, so there's no reason for them to be upset, right?

  3. Robert E A Harvey

    Harvey's law

    I travel all over the world for work, and stop in accomodation ranging from a guesthouse to a 5 star business hotel.

    Harvey's law says that the higher the price of the room the more likely you are to have to pay for internet access. And the slower it will be.

    I've spent €30 a night in a gasthof in Germany, and got free super-fast internet, and paid $250 a night at an airport in the USA and been unable to connect to an nntp server despite paying an extra $50 for the right to try.

    1. garetht t

      Re: Harvey's law

      I'm not sure a hotel should be expected to allow nntp access, considering it's unsavoury usages far outweigh it's legally safe usages.

      1. Number6

        Re: Harvey's law

        This is why the first thing you do when connecting to hotel wifi (or even a wired connection) is to establish a VPN to a trusted machine elsewhere that you know can access all the services you want.

        1. John Tserkezis

          Re: Harvey's law

          "This is why the first thing you do when connecting to hotel wifi (or even a wired connection) is to establish a VPN to a trusted machine elsewhere that you know can access all the services you want."

          I tried this at one hotel, and found they had a machine in the middle that passed on url requests to the outside world for you. In other words, you could not directly connect to another server via their systems (VPNs will never work).

          This is where Harvey's Law (Part II) comes in. For every hotel that has tighter restrictions, directly opposite the hotel will be a Cafe that offers free WiFi with any purchase. There you can do all your VPNing and NNTPing you like.

          1. Daniel B.

            Re: Harvey's law

            I tried this at one hotel, and found they had a machine in the middle that passed on url requests to the outside world for you. In other words, you could not directly connect to another server via their systems (VPNs will never work).

            This is where you set up OpenVPN on its "port-sharing" mode, where it listens on port tcp/443 so you can deal with this exact scenario.

            1. Anonymous Coward
              Anonymous Coward

              Re: Harvey's law

              Quote: This is where you set up OpenVPN on its "port-sharing" mode

              If the hotel is crap enough and expensive enough that will not help either. Example the Etoille convention centre (nowdays Grand Hayatt) in Paris. Last time I was there (IETF 2011) it was killing any persistent sessions _INCLUDING_ port 443 and disallowing IM (so you use the hotel phone you know).

              1. Anonymous Coward
                Anonymous Coward

                Re: Harvey's law

                If the hotel is crap enough and expensive enough that will not help either. Example the Etoille convention centre (nowdays Grand Hayatt) in Paris. Last time I was there (IETF 2011) it was killing any persistent sessions _INCLUDING_ port 443

                I could sort of try to understand that if it were a company network (but not really). However, for a business where you are the customer to try that, it borders on the psychopathically suicidal.

                1. Yet Another Anonymous coward Silver badge

                  Re: Harvey's law

                  " it borders on the psychopathically suicidal."

                  It did say "in paris"!

                2. Terry 6 Silver badge

                  Re: Harvey's law

                  Not psychopathically suicidal, just normal bean counter thinking. They only see ways to syphon cash, (sorry maximise revenue) not the effect this has on the overall business.

                  1. MachDiamond Silver badge

                    Re: Harvey's law

                    "Not psychopathically suicidal, just normal bean counter thinking. They only see ways to syphon cash, (sorry maximise revenue) not the effect this has on the overall business."

                    The larger hotels have driven my business to small chains and independents that offer free internet and a nice cooked breakfast to attract customers. Nearly all of the time I only need a nice clean room with peace and quiet to get my head down and enough hot water to sluice off the day's dirt. Posh hotels just don't offer anything I find useful.

              2. Daniel B.
                Boffin

                Re: Harvey's law

                If the hotel is crap enough and expensive enough that will not help either. Example the Etoille convention centre (nowdays Grand Hayatt) in Paris. Last time I was there (IETF 2011) it was killing any persistent sessions _INCLUDING_ port 443 and disallowing IM (so you use the hotel phone you know).

                There are ways to getting around this as well, let's just say that I've encountered most of these scenarios. Yes, I'm including the persistent session killing on port 443.

                Hotels should wise up on the fact that they aren't going to stop a skillful hacker from getting his/her unrestricted internet access. We're willing to pay for internet access (even if it is far more expensive in some hotels than what it should be), but we expect unfiltered access to the 'net when doing so.

          2. Tom Chiverton 1

            Re: Harvey's law

            You know you can run SSH over HTTP right ? So straight through proxies ?

      2. goldcd

        I was always dubious

        of the copious amounts of boxed tissues hotels seem to leave around - but you're not charged by usage type.

      3. This post has been deleted by its author

      4. rav

        Re: Harvey's law

        The Hotel does not have the authority to JAM or otherwise interferre with a licensed radio service in the United States. WiFi, Bluetooth, Mobile phone service, GPS, commercial radio and broadcast radio and even your garage door opener are all LICENSED radio services in the United States. This includes schools, restaurants, movie theatres and your private residence.

        WiFi is a licensed service. It is also illegal to interfere with Cell phone emissions and your mobile WiFi.

        It is illegal to manufacture, import, sell and possess this equipment.

        There are NO EXCEPTIONS for ANY reason at all. The FCC will fine you and confiscate your equipment.

        1. DaLo

          Re: Harvey's law

          They weren't interferring with the radio signal, they were doing it on the data layer.

          1. AndyS

            Re: Harvey's law

            They weren't interferring with the radio signal, they were doing it on the data layer.

            Interesting response. To a layman the difference is irrelevant, and the result is the same. I wonder if the law is so tightly written that this counts as a loophole?

            Obviously the FCC wasn't particularly happy about the situation, so I'd assume they don't believe it matters how you mess with the signal (whether by flooding the radio spectrum with noise, or injecting malicious data packets). They seem to have concluded the hotel's actions were illegal, and slapped down a pretty big fine.

            1. DaLo

              Re: Harvey's law

              Just to clarify - I wasn't stating that it was therefore legal or okay to do, it was specifically in response to interfering/jamming a radio signal, which may be the same to a lay person but might not be the same to an expert. Could a WiFi user who uses their hotspot the same channel and maximum permitted power as their neighbour be accused of signal interference - not while the device is operating as intended I would presume?

              Whether it was legal or not, or more specifically under which law it would be prosecuted is still unknown as the hotel chain in question decided to pay to not find out and the FCC decided to accept the payment and not pursue it (If someone settles with a patent troll out of court doesn't mean they are guilty or the patent is valid, just that it is the most commercially attractive option).

              However I would suggest that they could be prosecuted under laws relating to computer misuse/DoS/hacking/data interception etc rather than radio signal interference.

          2. SImon Hobson Bronze badge

            Re: Harvey's law

            > They weren't interferring with the radio signal, they were doing it on the data layer.

            It's making a transmission with the sole function to disrupt legal use of a facility. So while you might not technically be interfering with the user's transmitted radio signal, you are deliberately interfering with another user's use of the band. In the UK this would be illegal :

            Wireless Telegraphy Act 2006, Section 68 http://www.legislation.gov.uk/ukpga/2006/36/section/68

            "A person commits an offence if he uses apparatus for the purpose of interfering with wireless telegraphy."

            Good to see it slapped down. Now if only our UK bodies could stop spending all their effort on coming up with excuses not to deal with interference caused by Powerline adapters.

        2. streaky

          Re: Harvey's law

          "The FCC will fine you and confiscate your equipment."

          Strictly speaking you can do jail time for this in the US. Also in the UK.

          I'd want to know who's smart idea it was and prosecute them accordingly.

          Oddly enough I'm absolutely convinced (but have no proof) that something similar is done with 3G data around underground stations that aren't under ground around London, one day I'll take some kit with me.. Phone calls no problem, pushing data - good luck!

      5. streaky

        Re: Harvey's law

        "considering it's unsavoury usages far outweigh it's legally safe usages"

        Yeah alright. Are you going to argue reasons not to go near black people next? It's a protocol, you'll allow it. Traffic volumes I can understand, because it's <x> protocol without knowing up front why is extremely obnoxious.

  4. James 100

    A small step in the right direction

    Now, can we please see the de-auth loophole closed so any old idiot can't disable wifi networks, and shut down all the firms selling these DoS tools?

    My old university (in the UK) pulled the same stunt on anything within range; perhaps a few more six figure fines in the news will stop this being mistaken for acceptable.

    1. BryceP

      Re: A small step in the right direction

      This has already been closed with 802.11w. The revision still needs widespread implementation and it does also introduce new issues, but it does prevent deauth as long as the AP requires protected management frames. Finding a combination of AP and device that both support it might be the difficult part, but all AC devices (and I'd bet most N devices manufactured in the last couple of years) should.

      1. Phil W

        Re: A small step in the right direction

        De-authing networks does have it's legitimate uses though. For instance in a business environment where people shouldn't be using their own Wi-Fi or plugging in unauthorised equipment in your buildings but do so anyway.

        1. Daniel B.

          Re: A small step in the right direction

          De-authing networks does have it's legitimate uses though. For instance in a business environment where people shouldn't be using their own Wi-Fi or plugging in unauthorised equipment in your buildings but do so anyway.

          If you're concerned with people plugging in unauthorised equipment, you should have actual MAC filters in your level 2&3 switches, not doing illegal DoS on the airwaves. I remember from my college years that the Cisco Catalyst 2950 has a "protected" mode for switchports where you could lock a port to a single MAC address. I would expect beefier stuff to have these kinds of security.

          1. petur

            Re: A small step in the right direction

            I remember once plugging my laptop in a switch on a customers' desk, and having IT stand next to me within 15 minutes. Good times...

            1. Keven E.

              Re: A small step in the right direction

              "I remember once plugging my laptop in a switch on a customers' desk, and having IT stand next to me within 15 minutes. Good times..."

              A reason to not run a DHCP server? <wink>

          2. theModge

            Re: A small step in the right direction

            Universities in the UK tend to be picky about what connects to them over wired networks at least - authorized mac addresses only. Over the WIFI however that's been dropped some time between when I was an under-grad and going back to do a phd - the wireless is set up so as to be very separate to the wired, but anyone with a valid (active directory) credentials on the university network can use it. Via gift of eduorome this applies to other universities as well.

          3. Tom 13

            Re: you should have actual MAC filters in your level 2&3 switches

            That's not the case the quashing is meant to stop. It's meant to stop setting up the wifi device, removing the network cable and plugging up the wifi. If the data is on the PC is still gets exfiltrated.

        2. Roland6 Silver badge

          Re: A small step in the right direction @Phil W

          "De-authing networks does have it's legitimate uses though."

          Yes it does, however those uses are within your own private business premises and you use kit like the AirDefense Security & Compliance solution to enforce published company policy.

          In a public space - which includes hotel bedrooms, it's use is highly questionable, particularly if it is done without being publicly declared (I bet the Marriott's signing in slip didn't include the guest accepting a clause forbidding the use of private WiFi...).

          1. Anonymous Coward
            Anonymous Coward

            Re: A small step in the right direction @Phil W

            Actually while 2.4Ghz and 5Ghz are ISM bands, Wifi isn't usually "licensed" due to there being limited non overlapping channels in said bands, disabling wifi other than theirs *could* be considered protecting their service (crap as it may be), also, I don't recall them needing to prohibit private wifi in words, same as businesses operating on their own turf don't need to post signs about unauthorized access.

            As to hotel bedrooms being public space, I call bullshit. If you want proof, try staying in a hotel room without paying and claiming (once you end up in court) that you have the right because It's "public", seriously, Hotel rooms are not public by any definition, that's why you have to pay for the use of one.

            I'll add that I am actually against wifi blocking just to be able to gouge to sell your own, but I believe that was the point of the article: Profiting by creating adverse conditions to sell theirs.

        3. streaky

          Re: A small step in the right direction

          "For instance in a business environment where people shouldn't be using their own Wi-Fi or plugging in unauthorised equipment in your buildings but do so anyway."

          Yeah, no, there's legal ways to prevent outside signals. If your security policy is based on "no wifi" but doesn't account for other signals you're already screwed. This is not the way to do this - and as I mentioned somewhere up there ^ it's a jailable offence in the US and the UK.

          "disabling wifi other than theirs *could* be considered protecting their service"

          At best this is anticompetitive. If your service isn't a rip off and doesn't suck you shouldn't need this. If it does and you're jamming people, seriously..

        4. StargateSg7

          Re: A small step in the right direction

          I just don't bother with cow dung like that! I use a custom BIOS which I wrote myself on my CUSTOM wifi router which I carry myself EVERYWHERE I go and it SPECIFICALLY STOPS attacks like this! It finds a free port and VPN's it to wherever I go disregardng ALL de-auth packets and ANYTHING else unless it's MY laptop Mac Address and personal encrypt/decrypt keys. I even have multiple DSP chips in it so I can bypass wireless completely and use my cell phone carrier's 22 megabits download, 10 megabits upload connections (Telus in Canada) for relatively DECENT internet connections. I even put custom hardware DSP chips and SDR (Software Defined Radio) software (self-built) the router with a wireless 4G line aggregator system so that I can use up to SIXTEEN 4G phone lines to get up to long-range wireless 200 megabits upload and 100 megabits download. Just make sure you pay your monthly bills for the 16 phone 4G numbers!

          Sometimes us eggheads REALLY ARE SMARTER than the rest of the plebes!

          We DON'T HAVE TO PUT UP WITH THE COW DUNG! We just bypass it!

    2. Adam 1

      Re: A small step in the right direction

      Fire with fire!

      Find the sales office for these de auth tools and return fire.

    3. Tom 13

      Re: shut down all the firms selling these DoS tools?

      Not sure where things stand on it legally at the moment, but about 10 years ago there were entirely reputable firms selling equipment that would perform these functions as part of securing a company's infrastructure. One of our network admins reviewed a wireless access solution that would both optimize the bandwidths for the installed access points as well as quash any unauthorized points within the operational area.

  5. Anonymous Coward
    Anonymous Coward

    'Posh Hostel'

    Thank you for that one El Reg.

  6. Nate Amsden

    curious how it works

    in case someone here knows -- flooding wifi with deauth - how does that not impact the hotel's own wifi? Unless the hotel wifi is on a single channel and the deauths are flooding all other channels (in which case you could work around it by using the same channel as the hotel?)

    I rarely use hotel wifi myself whether it is free or not, For some reason I feel safer for using the mifi on my phone, and I'm paying something like $50/mo for mifi anyway so might as well use it (unless cell coverage is bad).

    Hotel wifi is generally bad in my experience anyway.

    On that note I've never used other public wifi access spots like coffee shops(I don't drink coffee so am rarely in one anyway), airports(don't fly often anyway - also never used wifi on a plane) or whomever else seems to offer "free" wifi, generally don't trust them either (not that I feel the urge to need to use them in the first place so it's not like it's hard to resist).

    1. BryceP

      Re: curious how it works

      They probably whitelist their own MACs and flood everything else. Even if they can't see the MAC addresses of other wifi networks they'll know which networks are theirs and thus which ones not to flood.

      I'm not sure what that would mean for address cloning, but I doubt your average conference attendee is going to bother with that.

    2. BristolBachelor Gold badge
      Coat

      Re: curious how it works

      It probably sniffs WiFi packets, and for any not on their netwotk, sends a deauth.

      The solution is this: the radio hardware is pretty obvious. Simply imagine that you suffer from "electro-smog" phobia, rip the stuff from the ceiling/walls and claim it was self-defence, as it assaulted you.

      1. Anonymous Coward
        Anonymous Coward

        Re: curious how it works

        "...rip the stuff from the ceiling/walls and claim it was self-defence, as it assaulted you."

        Ah, I see why you are BristolBachelor.

        1. Martin-73 Silver badge

          Re: curious how it works

          While ripping it from the walls is a bit much, I'd CERTAINLY have turned it off if I found out what was going on

          1. Anonymous Coward
            Anonymous Coward

            Re: curious how it works

            I would rip it off, smash it to bits, and chuck if off the window. Or go BOFH and PFY style. And go "I don't know what you talking about" on them.

            Or dial 911.

      2. Wensleydale Cheese

        Re: curious how it works

        "Simply imagine that you suffer from "electro-smog" phobia, rip the stuff from the ceiling/walls and claim it was self-defence, as it assaulted you."

        Nah, that's the wimp's approach.

        Locating the offending piece of equipment and smashing it to pieces with a sledgehammer sounds like much more fun.

        1. Anonymous Coward
          Anonymous Coward

          Re: curious how it works

          Real men would electrify the wires with the building mains.

    3. Daniel B.
      Boffin

      Re: curious how it works

      Having monkeyed with aireplay-ng and the whole set of tools, this can be done easily. Use airodump to scan the area, you'll get all MACs and to which BSSID they're associated with. Simply ignore the ones associated to your own infrastructure's BSSID, send deauth packets to the rest of 'em. Rinse and repeat.

      The only people I know that do this fake deauth packet business are those interested in cracking WEP or WPA. It is considered DoS and it's probably illegal under FCC rules. I'm surprised the FCC only slammed them with a $600k fine, I would hand them at least a $6 *million* fine to discourage not only them but any other establishment from doing this.

      1. Ken Hagan Gold badge

        Re: curious how it works

        " I'm surprised the FCC only slammed them with a $600k fine, I would hand them at least a $6 *million* fine to discourage not only them but any other establishment from doing this."

        The discouragement is there for anyone with a brain. $600k was the price for "not pushing the investigation to its logical, legal conclusion". The next offender might reasonably suppose that they won't be offered that easy option, since the publicity surrounding this case means that "everyone has been warned".

    4. streaky

      Re: curious how it works

      Filter out any ssid that is yours. Look for auth to anything that's left. Fire deauth at that MAC.

      EZPZ.

  7. BryceP

    Marriott's response is amazing.

    "We will continue to encourage the FCC to pursue a rulemaking in order to eliminate the ongoing confusion resulting from today's action and to assess the merits of its underlying policy."

    This is a gorgeous work of turnabout bullshit that is not being taken to task whatsoever by journalists. The FCC explicitly bars consumer (e.g., non-governmental) jamming of any communications network. Their definition of jammer is broad and includes any technique that effectively blocks use of said networks. Sending deauth packets to any unsanctioned network surely counts as jamming, and is malicious/bad neighbor behavior at best.

    That the FCC authorizes the use of hardware, in this case Cisco, is irrelevant and misleading, bordering on flat out lying - the FCC hasn't authorized the use of the deauth software, as that's not their business (they only regulate a very small amount of specific radio software), they're simply certified that the hardware is interference free. Anything that can see and access wifi can send deauth. You could program a Raspberry Pi to do it.

    I don't expect major corporations to not be assholes, but it'd be great if (1) the FCC had nailed their ass to the wall, and (2) the news media had taken Marriott to task for their bald-faced lies. If this were some kid they'd be charged with a felony, but a major corporation gets a free pass. Come on, shit ain't hard, people.

    1. Gene Cash Silver badge

      Re: Marriott's response is amazing.

      Yup, but the American media wouldn't know a deauth packet from their asshole. This El Reg story is the first I've seen that even mentions what Marriott was doing in terms more specific than "jamming signals"

      So the media's simply been baffled by the bullshit. For the American media, simply fact-checking a story is apparently pretty damned difficult.

      1. thomas k.

        Re: Marriott's response is amazing.

        "For the American media, simply fact-checking a story is apparently pretty damned difficult."

        Gee, that's remarkably similar to the NSA's (et al) justification for indescriminate, blanket surveillance - gathering evidence to prove probable cause in order to obtain a valid search warrant is just too much work.

        1. Roland6 Silver badge

          Re: Marriott's response is amazing. @thomas k.

          >Gee, that's remarkably similar to the NSA's (et al) justification for indescriminate, blanket surveillance

          As Marriott is a US company, that is to be expected; given their brief, the NSA would be very interested in the communications of Marriott's guests... So in this instance I would not be surprised to find Marriott has a hand up their back controlling the mouth...

    2. Fatman
      Joke

      Re: Marriott's response is amazing.

      but it'd be great if (1) the FCC had nailed their ass to the wall

      You can't do that to the JOB CREATORS!!!!! (or so says those of a certain "political persuasion").

  8. Henry Wertz 1 Gold badge

    Greasy.

    Wow that's greasy. And just so Marriott (et al.) know -- if I find agressive attacks against my equipment, I can and will respond in kind. If I found a hotel deauthing me, I would deauth them in kind, and try to crash their hardware so the channel is clear.

    1. Anonymous Coward
      Anonymous Coward

      Re: Greasy.

      this is probably not advisable. our legal system treats corporations differently from individuals, and as much as you wouldn't enjoy a night in a tennesse marriott, it most certainly beats an extended stay at riverbend.

      1. Rampant Spaniel

        Re: Greasy.

        Noooooo, corporations are people too! At least that was the line trotted out when they wanted to bribe politicians. Put the entire company in jail, or at least everybody at HOD level and above.

    2. Fred Flintstone Gold badge

      Re: Greasy.

      if I find agressive attacks against my equipment, I can and will respond in kind

      You may want to look up spoofing before you do that...

  9. Dave Harvey
    FAIL

    Not sure if this is hotel rooms, or the conference centre though

    Based on my experiences of conferences at these sorts of venues, the equipment is more likely to be used to protect the massively overpriced WiFi in the conference centre 9at the sort of rates quoted) than the "hotel guests'" WiFi, where they charge much less. One friend of mine at one of these very hotels, paid $1000/day for a wired connection only to find that it got disconnected during the first day - they wanted him to pay 3 times that amount, for daring to put a hub on it, and use 3 machines !!

    1. Anonymous Coward
      Anonymous Coward

      Re: Not sure if this is hotel rooms, or the conference centre though

      > One friend of mine at one of these very hotels, paid $1000/day for a wired connection

      Pardon the question, but under what circumstances would someone be willing to pay that amount in the first place?

      1. Yet Another Anonymous coward Silver badge

        Re: Not sure if this is hotel rooms, or the conference centre though

        When you are paying $20,000 for a trade-show booth and you need an internet connection to demonstrate your product.

      2. Tom 13

        Re: Pardon the question,

        Conference facilities in the US are all controlled by contract with the facilities. They all prohibit the installation of non-facilities wifi equipment for the purposes of running equipment installed by the company hosting the conference and vendors for the conference. Similarly they are likely to prohibit the host company from hiring a vendor to supply food even if the conference facility has no clue about making/supplying said food.

        Back when I was doing it, essentially your convention paid their T1 bill for the month. If the managed to sell it more than once they made money on it. I think our rates were on the order of $1000 for the hookup for the weekend + $325 per IP address. Cheap compared to the hassles of not having it and frankly we wanted the T1 speeds anyway.

  10. Anonymous Coward
    Anonymous Coward

    1) those evil bastards should go die in fire

    2) the fine should have been $60M, so they actually take notice (and be thankful it wasn't $600M)

    3) I wonder how that impacts connecting by Bluetooth instead of WiFi - after all, I suspect the issue was getting internet access on one's laptop via one's phone, which should be equally doable via Bluetooth or direct USB cable as far as I know...

    1. johnnymotel

      I'd savour the pleasure of going round all the hotel employees, phone tethered to laptop, going nananana

  11. Anonymous Coward
    Anonymous Coward

    Time for guests to sue

    for ALL access charges paid during the time the jamming was in effect. Wonder how much Marriott made on this little scam?? Bet it was more than $600K.

    1. Kevin 6

      Re: Time for guests to sue

      IMO they should have been forced to refund all their past guests the fees for internet usage they paid from when they started this scam on top of the 600k fine.

      This fine is more a slap on the wrist like BAD were only gonna take .1% of what you made off this while the common people get cheated.

      1. Rampant Spaniel

        Re: Time for guests to sue

        Couldn't agree more. I don't get how they are fined a tiny amount which will go in some junket fund and the public won't see any benefit and those that were defrauded aren't made while. Perhaps a class action would be in order for this.

  12. DNTP

    I sure hope that the IT techs they ordered to set this up kept written memos from management:

    1. Authorizing the exact procedure with full knowledge of the effect,

    2. Assuring IT that the company's lawyers and execs had determined it was legal.

    Because that's exactly what I'd do for an order like this, even though I'm sure a large, respectable company like the Marriott would never throw some techs under a bus.

    1. Ken Hagan Gold badge

      "I sure hope that the IT techs they ordered to set this up kept written memos"

      I expect they did. I imagine the investigators' conversation with management went something like, "Our preliminary investigation, which we conducted in the 10 minutes whilst we were waiting in the lobby, suggests an unusually large number of de-auth packets being sent on WiFi. Would you like to sign this consent decree now, or shall we call in your technical staff and ask them what's going on?".

  13. jamesb2147

    There be dragons here

    Marriott

    $500M in net profit last year on revenues of $13B.

    This is the same company that's beginning a campaign of putting tip envelopes in rooms so that guests are "more aware" of the "custom of tipping housekeeping."

    1. Aslan

      Re: There be dragons here

      It's polite to tip housekeeping. Envelopes to tip housekeeping are completely appropriate (if they are explicitly for collection by housekeeping without the interference of the hotel. Admittedly many times I don't tip housekeeping, but I always make it a point to tip housekeeping when I'm staying for 4 days or more. A stay of that length allows you to become familiar with the staff make specific requests of them, say get me 4 matched place settings of dishes not 2.5 mismatched ones, or don't make the bed today or don't touch my desk, or clean up from the dinner party I hosted last night. It lets you tell them come more or less often, or don't come in before such and such a time and get them to listen. It's nice to have that communication with them and helps you both respect each other. Most hotel staff do a good to very good job and they deserve the tips.

      Also, do understand that's the corporation as a whole not the company that operates the individual hotels. Gaylord is the company which operates that Marriott and they operate a number of other hotels as well, but not all the Marriotts.

      1. Tom 35

        Re: There be dragons here

        Sure, tip them if you are making special requests.

        But the envelops are not about that, they pay less then minimum wage because the staff get tips. In effect you are tipping the corporation by subsidising their payroll.

        1. Rampant Spaniel

          Re: There be dragons here

          It varies hugely state to state how tip credits work. There is an underlying scam there for sure but I didn't think housekeepers were in a category that could offset a tip credit against wages. Perhaps their thinking is that if they increase the amount of tipping housekeepers get they can buy a politician to have it declared a tipping job.

          Personally I treat housekeepers the same as servers, poor service no tip, mediocre service is a small tip but I do tip well for great service. If the rooms spotless I tip unless the resort forbids it, then I just hand them the money or bitch at the manager until they allow me to tip them.

          1. chivo243 Silver badge

            Re: There be dragons here

            @Rampant Spaniel

            I worked my way through higher education in the Chicago area "Flying Pies" and the tips went straight into my pocket, no gubbermint getting any. That is what my minium wage was for!

            As someone who busted my ass for tips, I appreciate the people who do these jobs well!

      2. Anonymous Coward
        Anonymous Coward

        Re: There be dragons here

        > It's polite to tip housekeeping.

        It's even more polite to pay them a decent wage instead.

        Tipping under those circumstances is more of a form of blackmail both from the customer to the worker and vice-versa. A well-paid employee will be motivated to do a better job as a matter of course, while a good customer knows to show appreciation in ways other than tipping, and not let tips be a bribe to excuse their own rudeness or inconsideration.

    2. Tim99 Silver badge

      Re: There be dragons here

      That is a pretty pitiful rate of return for a shareholder, so maybe that is why they are acting like scum.

      I can get a similar rate from one of the big Australian banks for a simple 3-4 year term deposit!

      1. Anonymous Coward
        Anonymous Coward

        Re: There be dragons here

        "That is a pretty pitiful rate of return for a shareholder"

        Not necessarily. The post didn't say $13bn of market cap, it said $13bn of annual turnover.

        But actually, Yahoo finance says MAR has $19.79bn market cap, a P/E of 30.70 [implies $644m earnings?], and yield of 1.20%. Obviously the market thinks they have long-term growth prospects, but many companies trade on higher P/E than that.

        1. Tim99 Silver badge

          Re: There be dragons here

          Not necessarily. The post didn't say $13bn of market cap, it said $13bn of annual turnover.

          Yes, I saw that. I have run busnesses and, frankly, $500m on a turnover of $13bn suggests that they are in a difficult market (or they are incompetent, or the executives might be taking more than a shareholder would like). Microsoft used to make a profit of >$0.80 on each $1.00 of turnover, Apple recently declared $7.7bn on a turnover of $37.4bn. One of the Australian banks I referred to reported a profit of $7.67bn on revenues of $44.87bn...

          1. Anonymous Coward
            Anonymous Coward

            Re: There be dragons here

            "Microsoft used to make a profit of >$0.80 on each $1.00 of turnover, Apple recently declared $7.7bn on a turnover of $37.4bn."

            Not comparable markets. In software, for example, Microsoft coded NT once, many, many years ago, and continue to sell the stuff at full price by putting on a new dressing each year, claiming that because the interface has changed it's all new. Result is that cost of sales is minimal, and 80 cents in every dollar tumbles straight through to the bottom line.

            Hotel businesses have huge standing costs (property, employment, electricity), which translates to a high cost of sales, so gross profit will be lower. There's few barriers to market entry, so lots of competition, and that caps the prices they can charge, so putting those together returns will always be much lower. What this means is that profit is driven by occupancy rates, and occupancy is very heavily affected by the wider economic situation, so the only levers the hotel can pull to affect its results are headline price (ie higher price when there's a show in town, lower price to try and get occupancy when things are slow), and their ability to milk the guests for extra costs.

            In this case Marriott's greed and desperation caused them to break the law, but as others have noted, corporations don't get punished like citizens, so I'd be unsurprised if Marriott are still doing this, or looking to see how they can achieve the same end result with different means.

            1. Tom 13

              Re: In this case Marriott's greed

              In this case I have to agree with the above poster: the focus on Marriott in this instance is misplaced. It is more properly placed on Gaylord. I've had good experiences with non-Gaylord Marriott. I've never stayed in Gaylord hotels but this sounds like exactly the sorts of scams I've heard associated with them. They've got a big operation near DC. Once you are across the bridge and in their hotel they own everything within easy travel distance and rape you accordingly.

    3. Tom 13

      Re: There be dragons here

      You shouldn't confuse Marriott corp with the local franchise. I doubt this directive came down from national, more likely it was the local franchise owner trying to recoup his wasted investment in expensive wifi services. Some of the conventions I go to are hosted at a nearby Marriott and have never had this sort of issue. The fine will hurt the local franchise more than it would have hurt national. Not that it will necessarily be noticeable.

      And yes, in the US you should tip housekeeping.

  14. Matt Bryant Silver badge

    Buy a 3G/4G dongle.

    Most hotel networks have truly rubbish bandwidth anyway, even the conference ones. A 3G dongle usually gives far better performance, and if you want to connect more devices just bridge the network and connect all the devices to a simple router or hub.

    1. Nick Kew

      Re: Buy a 3G/4G dongle.

      Got a 4G hybrid device: provides a choice of wifi or USB connection. Great for travel within the UK, including time spent on the train.

      But worldwide roaming charges? No thanks! Just never book accommodation without free wifi. At least, unless travelling on business and spending all day somewhere with it!

      1. Sonny Jim

        Re: Buy a 3G/4G dongle.

        Except that on the majority of train services I've used phone reception has been terrible, so mobile internet either doesn't work or is so unreliable it drives you up the wall.

  15. bex

    that would be the "Steer traffic to added-value services" part of the spiel on the netenforcer web site. I wonder how many Hotels do that?

    1. Fatman
      Joke

      RE: "Steer traffic to added-value services"

      NOW you get how Marriott manglement expects to increase shareholder value.

  16. karlp

    True Intentions?

    I am a network designer, and in conference type settings, these units are sometimes needed for anything to work at all.

    If you have a couple thousand - or more - wifi devices operating within one large open area, your rf engineering needs to be solid, and part of that is using every piece of available rf spectrum.

    People coming in and trying to use their own wifi hotspots can realistically screw up a lot of other people.

    I don't know what the real driver was behind these decisions, it may very well have been a malicious money grabbing exercise. However we don't know that.

    I can tell you for a fact that these types of systems exist in many large meeting spaces as a necessary tool to facilitate stability. I can also tell you for a fact that after these systems have been installed, the "no one can have 3rd party wifi networks for stability" has been retranslated in sales as "you are not allowed to use any network but ours, that'll be 300$ please" which is not them being malicious, it's just them using the language they know.

    As for the network you paid 300$ for being $h1t, (or your 20$ hotel internet being the same....) well that's just down to bad business. I can tell you in our systems we are routinely getting good response and throughput, although that normally entails multiple gigabit links (just a few weeks ago we did a network with 20 gigabit of internet....). Don't think it's just a business being cheap either, while that is often the case, I find it just as often that the IT people don't understand the needs or haven't properly enumerated and planned for the loads.

    Again, I am not saying that this wasn't an issue of malicious intent, but I do hope you recognize that these scenarios are well beyond your average SME wifi network, and some of the tactics used to keep them stable and responsive may strike the uninformed as overbearing.

    At very least hopefully some of you reading this will gather some new perspective.

    Karl P

    1. Tom 35

      Re: True Intentions?

      Wi-Fi is unlicensed bandwidth so what right do the hotel have to kill other peoples connections to protect their connections? We had to do it so our service would continue to make money?

      I work at one very large (25K this year) event every year and our shows and vendors that need internet get an expensive cat5 drop with their expensive power drop. Yes the wi-fi fell over during one peak time, and so did some of the cell networks. No one made a stink, some even took a walk to the other side of the hill so they could see a different cell tower (and buy better cheaper food). But if they had paid $100 for a connection I'm sure they would have put up a big stink.

    2. Adam 1

      Re: True Intentions?

      If you are talking about the physics involved, then yes, the 2.4 and 5GHz channels over which WiFi operates is a limited resource. Just like a road network, if everyone tries to drive at the same time then no-one will get anywhere quickly, but there are a couple of points that I take issue with:

      1. Is it reasonable to expect that the density of WiFi communication is any higher in a hotel environment such as this than it is in a residential building in the CBD?

      2. If there is a specific need for a specific set of rooms to be rf pure, then the solution is to build some sort of faraday cage around the room itself.

      3. If such active DoS measures are unavoidable (which would be an absolute legal minefield if it reached off premise btw), then the hotel should be providing a ***free*** alternative (guest APs or wired connections), or a lack of availability of WiFi channels should be very clearly stipulated at the time of booking.

  17. Aslan

    Great US coverage of this story

    For those grumbling about poor US coverage of Tech issues quite simply you're wrong. You're comparing a specialist publication El Register to mainstream press in the USA. Keep in mind El Reg has offices in the US and Australia. In fact ArsTechnica broke this story about 90 minutes before El Reg, so, point for USA there, but I don't really count that as a point, because I want my news accurate and comprehensive rather rather than first. I admittedly today like ArsTechnica's coverage a bit better on this issue, but both Arstechnica and El Reg are excellent news sites. http://arstechnica.com/tech-policy/2014/10/after-blocking-personal-hotspot-at-hotel-marriott-to-pay-fcc-600000/ Further the comments on this issue on ArsTechnica are both more interesting and useful than those here at the moment.

    I've worked as a production assistant to a meeting and event planner. It's very much true that hotels want $1500 a day to turn on the Wifi in the conference area even if they offer free wifi in the rooms and lobby. My solution was to load the server software we needed on a dual Xeon Dell workstation with the disks in raid 1, along with the art, event files, scripts, videos presentations and the lot. I then connected to T-mobile's cell network with my neXus One 7.2 Mbps HSDPA, and connected that to the workstation by usb. I connected the workstation by ethernet to my router plugged in the two or three various laptops which we were using to run things and then we had local access to the server as well as internet access. To make sure the wifi covered the conference area I attached two 14dbi omnidirection antennas to the router (Yes it's possible that exceeded allowable signal levels, but no one was using the hotel's wifi anyways since we didn't pay the to turn it on. Mostly this was years ago before everyone had a wifi hotspot, or even smartphone/tablet.) The network was just for the event production staff and the people we were coordinating with, occasionally we let an attendee use it.

    The hotel also wanted $.15-$.25 a page for copies, so I also brought along a mid size laser printer, a couple reams of paper and a spare toner cartridge. So anytime the schedule changed, anytime the script changed, 5-10 minutes later I'd grab the 100-300+ copies we needed from under the table where the laser printer was.

    The hotel charged us more than we wanted to pay for the conference space and really stuck it to us on the food. They tried to get us on the internet, and copy fees, but I wasn't going to give them the satisfaction.

    The sort of events we often did were corporate meetings, and annual celebrations for organizations. We put them on cost effectively. For example a 2-3 day event with 60 attendees the first day or two and 300 for the final day, 2 main rooms with stages, 1 being a ballroom, lighting (floods spots mood), and decorations, 4 smaller rooms, horderves and dinner for the attendees, a 2-5 piece band, sound for the stages. All of that and a bit more you're talking $35,000-60,000, but you could easily spend a lot more and an extra $4500 for wifi and several hundred dollars in copies just didn't make sense. You knew the hotel was screwing you over on some of the prices, and it was our responsibility to screw them over back, to keep the costs of the events reasonable for our clients.

    Edited for clarity and spelling.

    1. Z80
      Headmaster

      Re: Great US coverage of this story

      horderves?

      mon Dieu!

      1. Manolo
        Headmaster

        Re: Great US coverage of this story

        It made me giggle too, especially as the post was "Edited for clarity and spelling"

        Now, seeing as I'm neither French nor English, let's see if I can come up with the correct spelling: hors d' oeuvres. That should be it, I think. On a related note: I always find it strange that a main course is called an entrée in the USA. Don't they know the meaning of entrée?

        1. Boothy

          Re: Great US coverage of this story

          Quote: "On a related note: I always find it strange that a main course is called an entrée in the USA. Don't they know the meaning of entrée?"

          On my first trip to the USA, my friend, who was well known for playing pranks on people, told me on the flight over about the US using entrée in reference to the main course.

          Needless to say, I thought he was pulling my leg, figuring how on earth could anyone be so stupid as to use a word that means Entry, i.e. the beginning of, or start of, to refer to anything other than the starter, rather than the main course. Pfft at your silly suggestion. My friend of course stating "You'll see, you'll see".

          We landed, I saw! WTF!

  18. Anonymous Coward
    Anonymous Coward

    This was not guest WiFi access. No hotel charges $250 or more for WiFi access to a guess staying in a hotel room. In many cases, that would be more than the room. This was for people in the conference areas.

    1. Old Used Programmer

      Remember that this is the hotel industry (aka "hospitality industry") definition. A "guest" is anyone using the hotel facilities--whether in a sleeping room or convention space. In large spaces, a hotel would likely charge $250 per day for a single user. For $1500 per day, you could get the WiFi enabled in the main hotel ballroom. It's for "guests" either way.

      The other thing to remember is that hotels generally make their money selling rooms to sleep in and food. The more rooms you book for a conference/convention, the less you'll pay for the convention spaces. Book enough room-nights and the function spaces will be free (assuming a competent negotiator on your side). Hotels will negotiate *everything*. So long as you leave with a big enough profit so their corporate bosses don't get mad, you can get rid of practically all other charges.

      1. ckm5

        Not in my experience

        My experience (from running a couple of conferences) is different that yours. No hotel ever gave us free space, no matter how many rooms we were likely to book. What we did get is a kickback on each room booked and comp rooms for our staff.

        The real money maker, in my experience, is food and alcohol. The tabs on those were on the order of 10x the cost of rooms or conference space IRC (it's been a few years).

      2. Anonymous Coward
        Anonymous Coward

        "The other thing to remember is that hotels generally make their money selling rooms to sleep in and food. "

        The bed and board cover the hotel's costs, and the functions and extras actually generate the profit. So that includes conferences, weddings and the like, but also add ons like room service, phone calls, wifi and the rest.

        A quick look at Marriott's accounts shows global RevPAR at about $126, and gross margin at around 8%, so before interest and corporate costs they're making $10 per available room night. At their average occupancy rate of 70% that's $14 per guest night gross profit on average. I'll wager that half of that actually comes from non-room related services like functions, and they therefore make around $7 per room from add ons.

        Of course, Marriott being thieving bastards is simply the modern incarnation of the darker side of the "hospitality" trade:

        http://www.azlyrics.com/lyrics/lesmiserablescast/masterofthehouse.html

    2. John Tserkezis

      "This was not guest WiFi access. No hotel charges $250 or more for WiFi access to a guess staying in a hotel room. In many cases, that would be more than the room. This was for people in the conference areas."

      And that makes it allright?

  19. kain preacher

    You know those Alphabet Boys might have a few questions for this chap.

  20. zen1

    one question...

    Where did the fines go? Did it go to pay restitution to the victims? no. The only way the victims can recover any losses is a civil suit, which is bullshit, because the government should be working for the citizens.

  21. Daniel B.

    The US is a weird place

    Over here in Mexico, all hotels have free WiFi. The more expensive ones might have a login/password thing to check you really are a guest in the hotel, but that's as far as they'll go. Public spaces will sometimes have free internet, others have "infinitum movil" where you have to log in with your ISPs login/password combo.

    In the US, even wired internet is charged per-24hour access and it is too damn expensive. Oh, and they charge per-device fees. Meanwhile, most if not all public spaces are 100% free. Weird...

    1. phil dude
      IT Angle

      Re: The US is a weird place

      I was just in NYC and they wanted $15/day for wifi in room or lobby!!

      I travel a fair bit , and I used to have boingo which was $9.99/mth and worked in lots of weird places.

      Now I have T-mobile on my phone and the joiku hotspot tool and usually this will suffice.

      But as a general rule, if you want wifi, Starbucks, McDonalds or other "we sell food and drink when you sit" type places usually suffice.

      On the point about networking at conferences, the SCx conference brings their own networking for the conference, and it looks like they could serve a small city....!

      SciNet is an education to see...

      P.

  22. graeme leggett Silver badge

    Not in the small print

    I presume that it wasn't mentioned anywhere in the terms and conditions, which might be a bit of mitigation they could plead. Even if it was, would it have been in a 4 pt cursive font at the bottom of the last page?

  23. Truth4u

    a thousand bucks for wifi?

    Do you get a blowjob with that?

  24. Frankee Llonnygog

    Note to hotels

    If you market your hotel to business travellers, connectivity should be included in the room rate. That is unless it is in a country that is a hopeless connectivity backwater - like the UK

    1. Truth4u

      Re: Note to hotels

      But David Cameron just gave a speech saying tech companies should pay their fair share of taxes here because we have such great internet. Could David Cameron possibly distort the truth?

      1. Frankee Llonnygog

        Re: Note to hotels

        No - like Tony Blair, he is a 'pretty straight kind of guy' (depending on how you define 'pretty' and straight')

        1. Truth4u

          Re: Note to hotels

          Tony Blair was created in a Biological Warfare Laboratory. They were working on a germ so disgusting that it grew up into Tony Blair.

          1. MachDiamond Silver badge

            Re: Note to hotels

            "Tony Blair was created in a Biological Warfare Laboratory. They were working on a germ so disgusting that it grew up into Tony Blair."

            That's where all politicians are created. Come on, you don't think that nature came up with President Trump's skin tone, do you?

            Politicians also always seem to have perfect hair or really bad/no hair. That has to be genetic engineering.

    2. Arthur Dent

      Re: Note to hotels

      Oddly enough I've found UK hotels are pretty good about providing internet access, although some charge for it - most of the so-called budget chains charge (some charge for parking, even disabled parking, so charging for internet access is no surprise) and so do some of the most expensive hotels, but the middle range hotels generally don't charge. I've found much more problems in hotels in the USA, where a lot don't provide it all, neither free nor charged - it's 10 or 11 years since I was last there, maybe things have changed now, but 10 years ago USA hotels were much worse than UK hotels for internet access.

  25. Anonymous Coward
    Anonymous Coward

    Gaylord!

  26. Dave Harvey

    Somebody running a stand at a trade show, where they need to be able to connect back to base to get updates, or to show customers how their system works when connected to back end servers, "cloud" or whatever. It's not for catching on the latest gossip from The Register!

    Whilst $1000 is expensive, so is everything at a trade show, and I guess that's what Marriott play on.

    1. rav

      What the Marriot was doing was jamming your WiFi hotspot on your Mobile or Tablet. You could not tether your laptop or other equipment through your own WiFi to your Cell phone or your own hotspot.

      In fact the Marriot rolled over and agreed to pay up very quickly if your read the report on the FCC website.

      Marriot is evidentlly guilty of this in many other locations across the US and they just wanted to control the bleeding.

      1. Phil_Evans

        And that's the key point- they rolled over because it's simple deception. There's no need to dive into the tech-obfuscation given by the Marriot group in their statement, but I do love the 'insidious cyber-attack' reference. Perhaps we should learn just how good their internal net would be against similar vulns. And what's said in the disclaimer section about such nightmarish things if read the terms of use.

        It's simple highway robbery - your IP address or read a book.

  27. rav

    Here's a link to the FCC Enforcement Buruea.

    http://transition.fcc.gov/eb/Welcome.html

    Here is a link to FCC Enforcement actions over the years.

    http://transition.fcc.gov/eb/Orders/

  28. Velv
    Joke

    I seem to remember a stand up comic having a go at hotel wifi, especially those that provided free wifi, but only in the hotel reception area. It's amazing how quickly they change their policy if you sit their masturbating!

    (think it was Keving Bridges, and I paraphrase)

  29. Alan Brown Silver badge

    The "jamming equipment"

    Is the hotel access points themselves. it's part of the "rogue detection/mitigation" facility - however deauthing is _never_ turned on by default.

    All the enterprise systems offer this facility - and they're also all capable of detecting and dynamically avoiding frequencies used by portable hotspots anyway.

    The FCC could have impounded the hotel's entire wireless network, should Mariott have argued - and I'm pretty sure that point got raised.

  30. Anonymous Coward
    Anonymous Coward

    Marriott Gaylord Opryland - Hehehe

  31. Nigel 11

    Ker-plunk

    It takes years to build a good reputation and minutes to destroy one. Having destroyed it, what is going to persuade a pissed-off ex-customer to give you another chance?

    That's Marriot onto my "last resort only" list, along with Sony(*) and RyanAir(**). And the only way to get off that list, is for one of your competitors to do something even more heinous. (And even then, there's probably space for two).

    Now all I need is for a few tens of millions of other folks to start doing the same as I do.

    (*) for their music-CD rootkit exploit and the weeks of hassle that caused me. Yes, I know it was a decade ago. That's the whole point!

    (**) do you need to ask?

    1. Graham Cobb Silver badge

      Re: Ker-plunk

      You are not alone.

      Sony is not only on a last-resort list: they are on my never do business with them again list, for the same reason. I have not bought anything from any part of the Sony organisation since the rootkit.

      HP are also on the same list, for their DMCA abuse (also over 10 years ago). The list is absolute for my personal purchases but I also do my best not to do business with HP in my professional life as well, as long as I am not damaging the interests of my employer, of course.

    2. Arthur Dent

      Re: Ker-plunk

      Sony and RyanAir have been on my "never" list for a long time, and Marriot has now joined them. Apple got on it because the first time I tried to deal with them professionally they wanted contracts which no competent professional could have permitted his employer to get stuck in and wouldn't back down when this was pointed out to them (their legal department were not the problem, it appeared to be someone else in a position of power). Prior to that of course there was the famous fast-obsolescence white cases, which within two years would be an ugly yellow so that customers would have to replace their computers if they wanted them to look at all chic - and after two years replace the replacements, and so on. Then there was the legal trolling over the last few years - employing clever lawyers to persuade courts to ignore prior art on patents and on "design". For awfulness of their reputation with me, Apple and Sony share first place.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like