European Parliament Culls Public Wi-Fi Access After Email Hack

hypnosec writes "A white hat hacker managed to break into multiple email accounts thereby forcing the European Parliament to cutoff its public Wi-Fi access. The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament. Through an internal mailer, members of the Parliament were informed that a 'hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).' The public Wi-Fi has been cut-off indefinitely and users at located at Brussels, Strasbourg and Luxembourg have been advised to apply for certificates and switch to more secure networks."

Re:forcing them to cutoff access?

it seems the more rational response is the fix the problem instead of treating the symptom.

On the medium term the Parliament will take additional measures to further secure the communication to the Parliament.

It sounds like they're shutting off the public system and encouraging people to use a more secure private system until they can figure out how to fix it. There's no point leaving the vulnerable system running while you work on a fix.

Re:forcing them to cutoff access?

nobody is forcing them to do anything. it seems the more rational response is the fix the problem instead of treating the symptom. if someone wants to hack your server, do you think something like removing wifi access will stop them?

Why do you think they are not fixing the problem? The rational, first response is to stop the compromise getting any worse, as they have done. The next thing is to actually work out a proper and complete fix, which takes at least a little time. The geeky, fuckwitted, I'm-so-leet response would be to leave the public wifi up, slap on a simplistic set of changes quickly as possible and to miss some of the vulnerabilities.

what makes this white hat?

[patrixmyth]

'Hey, I just kicked in your door to show how easy it is to kick in your door!'
'Hey, I just graffitied your wall to show how easy it is to graffiti your wall!'
'Hey, I just kicked you in the balls to show how easy it is kick you in the balls!'

Calling yourself a security researcher doesn't magically give you rights to go dick with other people's networks.
Email over a public wifi network is no less secure than a cellphone call, hallway conversation or written notes.

A public wifi is a convenience and very useful for the right purposes. A white hat researcher reveals unknown vulnerabilities to the people who build protocols. This was an asshole with a script, a laptop and a desire for attention.

Re:what makes this white hat?

[j0ris]

The included links of the submission don't provide any further details about this "white hat hacker".

This link does: http://www.euractiv.com/specialreport-cybersecurity/eu-parliament-investigating-hack-news-531877

"The hacker says his aim was simply to raise awareness about the vulnerability of the security system of the Parliament, at a time when the NSA spying scandal was shaking public opinion across Europe.

The hacker sat in a public place near the Parliament building in Strasbourg and managed to make nearby smartphones and computers pass through the “wifi” of his computer to connect to the internet. That was the hardest part of the procedure, he explained.

Then he accessed an application most MEPs use and which signals when new mail arrives in their inbox. The app does warn the user that an intruder is trying to access their data, but the message is “obscure”, the hacker said, and most users click OK, thereby giving access permission."

Comment removed

[account_deleted]

Comment removed based on user account deletion