European Parliament's network hacked; public Wi-Fi shutdown

Summary:The news comes not long after leaked documents showed the NSA was bugging and spying EU offices around the world. But the U.S. agency can likely be ruled out as a suspect in this latest hack, following reports from German media.

20130517PHT08440_original
The European Parliament in Strasbourg, France, where the attack took place Image: European Union

The European Parliament has shut down its public Wi-Fi network in Strasbourg after a hacker was found to have "captured the communication" between smartphones and tablets.

Read this

EU 'assessing U.S. relationship' amid PRISM spying claims

In a letter obtained by ZDNet, the EU justice chief hints at consequences to come for the U.S. government if European citizens were targeted by the NSA's PRISM program.

In a public posting to the European Parliament's internal IT email lists, the warning came after a man-in-the-middle attack was discovered that led to some staff mailboxes being compromised.

The Wi-Fi network is regularly used by visitors to the building, along with members of the media. The network shutdown will not affect staff and political work, as private Wi-Fi networks closed to the general public were not affected.

The shutdown will last "until further notice" as IT staff will begin installing certificates on all devices that staff use to access internal IT systems, including email. 

But usernames and passwords of at least 14 members of European Parliament staff are thought to have been stolen, according to another post by Dimitrios Symeonidis, who works on the technical helpdesk at the European Parliament.

It's not clear if any sensitive or classified data was stolen, however.

In a public post, said his "best guess" was that hackers set up shop nearby to impersonate the network, called "EP-EXT," and "steal our credentials from the login page."

He added:

"After I type in my credentials, the rogue Wi-Fi is turned off for a minute or more, so my phone re-connects to the real EP-EXT network and I am asked for my credentials again. I would probably think that I mistyped the password or something and not think twice about it. After a minute the rogue Wi-Fi goes back online, waiting for the next victim."

The hacker behind this latest attack is not yet known. Media reports from Germany point to a lone non-state attacker. Der Spiegel reported (translated) that the hacker said he "did not need exception technical know-how," and wanted to "only demonstrate" how insecure the system was.

Many Brussels-based bureaucrats are still on edge following the leaks that the U.S. government was conducting surveillance on their political work.

Earlier this year following the release of more leaked documents by former U.S. government contractor Edward Snowden, the National Security Agency bugged European Union offices in Washington, New York, and Brussels.

Once we know more about this latest security breach, we'll update the piece.

Correction on December 5: Due to a poor translation, Mediapart is the name of a French news organization that reported the hack, not the name of the purported attacker.

Topics: Security, EU

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.