European Parliament's network hacked; public Wi-Fi shutdown
The European Parliament has shut down its public Wi-Fi network in Strasbourg after a hacker was found to have "captured the communication" between smartphones and tablets.
In a public posting to the European Parliament's internal IT email lists, the warning came after a man-in-the-middle attack was discovered that led to some staff mailboxes being compromised.
The Wi-Fi network is regularly used by visitors to the building, along with members of the media. The network shutdown will not affect staff and political work, as private Wi-Fi networks closed to the general public were not affected.
The shutdown will last "until further notice" as IT staff will begin installing certificates on all devices that staff use to access internal IT systems, including email.
But usernames and passwords of at least 14 members of European Parliament staff are thought to have been stolen, according to another post by Dimitrios Symeonidis, who works on the technical helpdesk at the European Parliament.
It's not clear if any sensitive or classified data was stolen, however.
In a public post, said his "best guess" was that hackers set up shop nearby to impersonate the network, called "EP-EXT," and "steal our credentials from the login page."
He added:
"After I type in my credentials, the rogue Wi-Fi is turned off for a minute or more, so my phone re-connects to the real EP-EXT network and I am asked for my credentials again. I would probably think that I mistyped the password or something and not think twice about it. After a minute the rogue Wi-Fi goes back online, waiting for the next victim."
The hacker behind this latest attack is not yet known. Media reports from Germany point to a lone non-state attacker. Der Spiegel reported (translated) that the hacker said he "did not need exception technical know-how," and wanted to "only demonstrate" how insecure the system was.
Many Brussels-based bureaucrats are still on edge following the leaks that the U.S. government was conducting surveillance on their political work.
Earlier this year following the release of more leaked documents by former U.S. government contractor Edward Snowden, the National Security Agency bugged European Union offices in Washington, New York, and Brussels.
Once we know more about this latest security breach, we'll update the piece.
Correction on December 5: Due to a poor translation, Mediapart is the name of a French news organization that reported the hack, not the name of the purported attacker.