The European Parliament has shut down its public Wi-Fi network after it was breached by cyber criminals.
The EU body posted a statement online on Monday admitting the network had fallen victim to a man-in-the-middle attack, which sees hackers sitting on the network and using software to seek out vulnerabilities on users’ devices, such as tablets and smartphones.
The IT service desk said individual mailboxes had been affected, although it had already contacted the compromised parties to ask them to change their passwords before posting the notification. As a result, it had taken the “precaution” of closing the network until further notice.
“This kind of attack can be performed at any place where you are connecting through a Wi-Fi network (hotel lobby, airport, train station, etc.) and it is therefore important that you only accept to connect through known secure Wi-Fi networks,” it warned.
“If you connect by error to a network which cannot be considered secure it is also important in the future to immediately change your password again.”
More on cyber breaches
- Banks to test cyber defences
- Thales launches critical infrastructure cyber security lab
- US publishes draft cyber security framework
- Outsourcing: The soft underbelly of cyber risks
The statement continued: “We also recommend you to revisit your need for sharing your personal user-id and passwords with other persons. Please do use other trusted facilities to share information such as the function delegation.”
Users have been provided with software certificates in the meantime, allowing them to connect to the European Parliament’s private Wi-Fi network.
We contacted the IT team and press department of the European Parliament to find out when the network was set to return and how many people had been affected, but neither had returned our request at the time of publication.
Last week, net-monitoring firm Renesys said it had uncovered evidence of mass hijackings of network traffic, observing live man-in-the-middle hijacks on more than 60 days involving about 1,500 sets of IP addresses since the start of 2013.
Renesys said criminals had re-routed data to and from finance firms, net phone services and governments during the attacks it observed, proving man-in-the-middle route hijacking had now moved from a theoretical concern to something that happens fairly regularly.