The European Parliament has cut access to its public Wi-Fi network after detecting a man-in-the-middle attack on a number of email accounts apparently carried out by a white hat researcher out to expose poor security at the institution.
A message posted to an internal forum on Monday mentions that the attack “captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).”
Network access was also cut at the same time on an indefinite basis. In the meantime, it advises Brussels, Strasbourg and Luxembourg-based users to apply for a certificate to switch them to the more secure private network.
“The consequence [of the attack] is that some individual mail-boxes have been compromised. All concerned users have already been contacted and asked to change their password,” it read.
A second post proposes that this was carried out by a hacker who had set up an evil twin Wi-Fi router near the Strasbourg building, harvesting the email addresses of 14 individuals trying to access the real Exchange server.
“This kind of attack can be performed at any place where you are connecting through a Wi-Fi network (hotel lobby, airport, train station, etc.) and it is therefore important that you only accept to connect through known secure Wi-Fi networks,” the warning said.
“If you connect by error to a network which cannot be considered secure it is also important in the future to immediately change your password again.”
The evil twin attack is one of the oldest and simplest Wi-Fi hacks going and in truth it wouldn’t have taken the Parliament’s IT team long to discover that something was wrong; French title Mediapart had on 21 November exposed weak Wi-Fi security in an article, even interviewing the researcher who carried out the attacks.
“It was child’s play”, the anonymous hacker was quoted as saying in one translated account. MEPs lured into the trap by the attacker included Portugal, Markus Pieper from Germany, Constance Le Grip from France, the article said.
Suitably undressed, how might security now be improved? One imperfect answer is to use extra authentication. "Organisations can’t continue to rely on basic username and password when it comes to authenticating users," suggested SafeNet vice president of cloud solutions, Jason Hart.
"Single-factor authentication solutions do not offer comprehensive protection against more sophisticated threats such as Man-in-the-Middle attacks in which hackers hijack legitimate user identities," he said. These add cost, complexity and make using networks harder but might now be the least worst option.