European Parliament cuts Wi-Fi after French researcher breaks into email accounts

Evil Twin 2

The European Parliament has cut access to its public Wi-Fi network after detecting a man-in-the-middle attack on a number of email accounts apparently carried out by a white hat researcher out to expose poor security at the institution.

A message posted to an internal forum on Monday mentions that the attack "captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network)."

Network access was also cut at the same time on an indefinite basis. In the meantime, it advises Brussels, Strasbourg and Luxembourg-based users to apply for a certificate to switch them to the more secure private network.

"The consequence [of the attack] is that some individual mail-boxes have been compromised. All concerned users have already been contacted and asked to change their password," it read.

A second post proposes that this was carried out by a hacker who had set up an evil twin Wi-Fi router near the Strasbourg building, harvesting the email addresses of 14 individuals trying to access the real Exchange server.

"This kind of attack can be performed at any place where you are connecting through a Wi-Fi network (hotel lobby, airport, train station, etc.) and it is therefore important that you only accept to connect through known secure Wi-Fi networks," the warning said.

"If you connect by error to a network which cannot be considered secure it is also important in the future to immediately change your password again."

The evil twin attack is one of the oldest and simplest Wi-Fi hacks going and in truth it wouldn't have taken the Parliament's IT team long to discover that something was wrong; French title Mediapart had on 21 November exposed weak Wi-Fi security in an article, even interviewing the researcher who carried out the attacks.

"It was child's play", the anonymous hacker was quoted as saying in one translated account. MEPs lured into the trap by the attacker included Portugal, Markus Pieper from Germany, Constance Le Grip from France, the article said.

Suitably undressed, how might security now be improved? One imperfect answer is to use extra authentication. "Organisations can't continue to rely on basic username and password when it comes to authenticating users," suggested SafeNet vice president of cloud solutions, Jason Hart.

"Single-factor authentication solutions do not offer comprehensive protection against more sophisticated threats such as Man-in-the-Middle attacks in which hackers hijack legitimate user identities," he said. These add cost, complexity and make using networks harder but might now be the least worst option.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechsecurityEuropean Parliament

More about European ParliamentSafeNet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place