Slashdot Mirror

← Back to Stories (view on slashdot.org)

European Parliament Culls Public Wi-Fi Access After Email Hack

Posted by samzenpus on from the one-bad-apple dept.

hypnosec writes "A white hat hacker managed to break into multiple email accounts thereby forcing the European Parliament to cutoff its public Wi-Fi access. The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament. Through an internal mailer, members of the Parliament were informed that a 'hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).' The public Wi-Fi has been cut-off indefinitely and users at located at Brussels, Strasbourg and Luxembourg have been advised to apply for certificates and switch to more secure networks."

4 of 68 comments (clear)

  1. Re:forcing them to cutoff access? by Anonymous Coward · · Score: 5, Informative

    it seems the more rational response is the fix the problem instead of treating the symptom.

    On the medium term the Parliament will take additional measures to further secure the communication to the Parliament.

    It sounds like they're shutting off the public system and encouraging people to use a more secure private system until they can figure out how to fix it. There's no point leaving the vulnerable system running while you work on a fix.

  2. Certificates by Anonymous Coward · · Score: 3, Informative

    They already use certificates to connect to their private wifi.
    Why not use certificates to connec to their email? Then a public wifi shouldn't have any impact.
    TLS/SSL should be sufficient, right?

  3. Re:forcing them to cutoff access? by Anonymous Coward · · Score: 2, Informative

    > until they can figure out how to fix it.

    It says "indefinitely".

    Which is not the same as "permanently". "Indefinitely" can easily mean "Until we fix it, but as we don't have an ETA on that we're just going to say indefinitely so that people aren't constantly nagging us about whether it's going to be back tomorrow, next week or next month because we'd rather do a good job than rush it".

  4. Re:what makes this white hat? by j0ris · · Score: 4, Informative

    The included links of the submission don't provide any further details about this "white hat hacker".

    This link does: http://www.euractiv.com/specialreport-cybersecurity/eu-parliament-investigating-hack-news-531877

    "The hacker says his aim was simply to raise awareness about the vulnerability of the security system of the Parliament, at a time when the NSA spying scandal was shaking public opinion across Europe.

    The hacker sat in a public place near the Parliament building in Strasbourg and managed to make nearby smartphones and computers pass through the “wifi” of his computer to connect to the internet. That was the hardest part of the procedure, he explained.

    Then he accessed an application most MEPs use and which signals when new mail arrives in their inbox. The app does warn the user that an intruder is trying to access their data, but the message is “obscure”, the hacker said, and most users click OK, thereby giving access permission."