Skip to Content

Hackers Use NSA Tools to Spy on Hotel Guest Wi-Fi and Steal Their Details

August 11, 2017

The NSA’s leaked hacking tools are the gift that keeps on giving—for crooks at least. Security researchers at FireEye report that the Russian hacking collective known as Fancy Bear has been using the same Eternal Blue exploit that enabled the recent WannaCry and NotPetya ransomware attacks to compromise Wi-Fi networks in hotels. It's enabled them to harvest usernames and passwords from computers of travelers, without their knowledge.

FireEye believes that the hackers first penetrate the hotels' networks using a phishing attack, which relies on employees opening malicious files sent via e-mail, to gain access to a computer. Then, the EternalBlue exploit allows them to spread control to other devices and gain access to the ones that control the hotel’s Wi-Fi networks. The security firm has seen the hack hit hotels in seven European capitals and one in the Middle East.

Once they're up and running on Wi-Fi servers, the hackers are apparently able to monitor network traffic and fool devices into giving up usernames and passwords. FireEye’s Ben Read tells Wired that this is a “a new technique," which is “a much more passive way to collect [data] on people. You can just sit there and intercept stuff from the Wi-Fi traffic.”

If you thought that you could trust hotel Wi-Fi, now might be a good moment to reevaluate.

Keep Reading

Most Popular

Geoffrey Hinton tells us why he’s now scared of the tech he helped build

“I have suddenly switched my views on whether these things are going to be more intelligent than us.”

ChatGPT is going to change education, not destroy it

The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.

Meet the people who use Notion to plan their whole lives

The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.

Learning to code isn’t enough

Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.