Skip to Content

Hackers Use NSA Tools to Spy on Hotel Guest Wi-Fi and Steal Their Details


The NSA’s leaked hacking tools are the gift that keeps on giving—for crooks at least. Security researchers at FireEye report that the Russian hacking collective known as Fancy Bear has been using the same Eternal Blue exploit that enabled the recent WannaCry and NotPetya ransomware attacks to compromise Wi-Fi networks in hotels. It's enabled them to harvest usernames and passwords from computers of travelers, without their knowledge.

FireEye believes that the hackers first penetrate the hotels' networks using a phishing attack, which relies on employees opening malicious files sent via e-mail, to gain access to a computer. Then, the EternalBlue exploit allows them to spread control to other devices and gain access to the ones that control the hotel’s Wi-Fi networks. The security firm has seen the hack hit hotels in seven European capitals and one in the Middle East.

Once they're up and running on Wi-Fi servers, the hackers are apparently able to monitor network traffic and fool devices into giving up usernames and passwords. FireEye’s Ben Read tells Wired that this is a “a new technique," which is “a much more passive way to collect [data] on people. You can just sit there and intercept stuff from the Wi-Fi traffic.”

If you thought that you could trust hotel Wi-Fi, now might be a good moment to reevaluate.