How did it happen? Exactly the same way it happens at your local coffee shop or airport or hotel hotspot.
When a public WiFi user connects to a fake hotspot – called an evil twin – a hacker can launch a Man-In-The-Middle (MITM) attack, intercepting and stealing his victim’s data sent over the Internet. At the EU Parliament, the culprit was actually an ethical hacker working with the French investigative journal Mediapart to demonstrate public WiFi vulnerabilities. It was shockingly easy to do.
Confidential Government Information Grabbed Out Of Thin Air
The European Parliament said the MITM attack allowed the hacker to capture the communication between private smartphones and its public WiFi network. The hacker was able to access personal and confidential emails of 14 randomly selected MEPs, parliamentary assistants and employees, according to EurActiv.
When the EU body was informed about the security breach, it pulled the plug on its hotspot and advised the affected parties to change their passwords. It also issued this public WiFi warning:
“This kind of attack can be performed at any place where you are connecting through a Wi-Fi network (hotel lobby, airport, train station, etc.) and it is therefore important that you only accept to connect through secure Wi-Fi networks.”
Hacker Calls EU Parliament Public WiFi Attack ‘Child’s Play’
The hacker who penetrated the EU Parliament’s public WiFi network set up his operation in a public space near the EU Parliament and its members in Strasbourg. He deliberately limited the intrusion to incoming email. But the hacker could have easily expanded it to include outgoing email and other confidential files.
He described his cyber attack to Mediapart this way:
“It was child’s play. With a basic laptop equipped with WiFi, and a few bits of knowledge that everyone is capable of finding on the internet, anyone could do the same.”
As hotspot hacking attacks go, the European Parliament got off easy. The confidential information of its members was exposed. But it was not used for criminal purposes. Most public WiFi users who fall victim to a Man-In-The-Middle attack won’t be that lucky. It’s likely that their confidential information will be stolen and used to commit identity fraud.
Your best line of defense is to use a VPN like PRIVATE WiFi to encrypt your sensitive information at hotspots. That’s the only way to make it invisible to hackers.