NetworkToolbox news

European Parliament hacked

You may have already read about the recent successful attempt of a hacker breaking into mail accounts of European Parliament members. I don’t want to repeat the story here which can be found on numerous locations on the web.

Just in short: The EU Parliament uses an old Microsoft Exchange mail system along with a synchronization component called Active Sync on mobile phones. Both components have many and well known security flaws which were not fixed (or have not been replaced I would say). It was quite easy for the hacker to perform some kind of MITM (man-in-the-middle) attack while he was just sitting close to the parliament and waits for somebody to connect to the exchange server via WiFi.

So what is the lessen we can learn here. First of all, the IT department of the European Parliament did a really bad job. That’s quite obvious and there is no excuse for that. They even allow Windows XP computers inside their network which is like if they would roll out a big poster on the Parliament which reads “Hackers Welcome!” – unbelievable.

So thats not really a lessen we can learn so what else went wrong? As with this and other MITM attacks, there are often indications that something is not right. For instance, if somebody has compromised your network you may see “wrong certificate” messages in your browser or Email system or https: connections switch over to http: connections and things like that. In this case, users did receive an error message which they just confirmed and thus the hacker got access to the mail account. Of course users, especially users of Microsoft software may already got used to error messages but again, such messages should never be just ignored. So if your own network setup produces regular error messages, I can strongly recommend to find and solve the reason for that. Once it is solved (or even when not) see those messages at least as a reminder to change your passwords – which should happen on a regular basis anyway.

What else? The hacker did use WiFi for his attack. It is so easy to fake a public WiFi hotspot or to listen to communication that goes through a public WiFi hotspot that doesn’t use extra encryption. This attack could have been prevented if the Parliament members would have used a Cell/3G/4G/LTE connection instead of WiFi. You may wonder why they did use WiFi. If you look at the names of the people who have been compromised you will notice that all seem to be from other EU countries but France. In Europe, unfortunately, if you cross a border, you got pushed back to stone-age in terms of communication. In Europe there is almost no global data roaming available which means you have either to use GPRS at speeds of 171kbs or accept ridiculous communication costs. I doubt that the Parliament members had the costs in mind but they rather found that Internet is just not working on their devices without WiFi when being in Strasbourg.

Even though I think you as a user of NetworkToolbox are aware about the insecurity of WiFi but just in case: Try to prevent to use public WiFi hotspots wherever and whenever possible. Always give cell/3G/4G/LTE communication precedence if available, even if slower. Although these Networks are not 100% secure and by no means against NSA, GCHQ but way way more secure than any WiFi connection. It seem to get a common hobby for kids sitting with their laptops or phones on public places or transports and to setup their own “Free and secure Internet connection” to grab other peoples Email accounts and Facebook credentials. Moreover, I have seen so many wrong and insecure configured public WiFi networks that let anybody who is logged in to the network browse any computer connected to that network at the same time. You can try it out yourself with NetworkToolbox. You will be surprised.

Of course, sometimes there are no alternatives to WiFi and if you have to use it, ensure that your device is secured enough and try to prevent to send credentials at all or at least unsecured over the WiFi network. You can ensure this by using just https: connections when connecting to facebook etc. Even if you don’t plan to check your mails over WiFi and even if you just like to quickly browse a certain website, keep in mind that your mail client most likely will check for new mails in the background once you are connected. So ensure that you mail client has been setup using SSL/TLS etc. In addition, I change my passwords every time when I come back from vacation or business trip as even the aforementioned measures can not 100% protect you.

Next week I will write about security issues with TV Sets from LG and others that are known to spy out your privacy.

So as always, don’t trust the evil.

Have a great and secure weekend,