Russian State Hackers Attack WiFi at Hotels and Institutions: How a VPN Can Keep You Safe

Last week, seven Russian hackers were charged with hacking into WiFi networks to steal sensitive data from international institutions. NordVPN offers advice for staying safe when using public WiFi

October 10, 2018. Last week, seven Russian hackers working for the GRU Russian military intelligence agency were indicted by the US Department of Justice for a vast hacking campaign against various international organizations. The Russian agents were caught parking vehicles outside of target international institutions or hotels and hacking into WiFi networks.

Due to the nature of the targets, the Russian operation is considered a retaliation due to a number of different issues. International anti-doping agencies were targeted because Russia was accused of using doping in 2016 and 2018 Olympics. The Westinghouse Electric Company was targeted because it supplied nuclear fuel to Ukraine. Laboratories in Switzerland and the Netherlands were targeted due to their investigation of the Novichok gas attack by Russian intelligence in London and the use of chemical weapons in Syria.


According to the official report by the DOJ, when remote hacking efforts did not work, the conspirators hacked into the WiFi networks where their targets lived or worked. They would then steal victims’ credentials or attempt to plant tracking malware.


“The Russian hackers were using various hacking tools, such as WiFi Pineapple. This is a man-in-the-middle device that spoofs WiFi networks. Unsuspecting users then connect to legitimate-looking networks that are controlled by the criminals,” said Ruby Gonzalez, Communications Director at NordVPN. “Even if a user connects to a spoofed WiFi network, the data breaches could have been avoided if the victims had been using a VPN. A VPN encrypts the user’s communication between their device and the VPN server. We recommend travelers make sure they connect to the right network when abroad and use a VPN for added security.”


When a user connects to a fake WiFi network, their information is sent through the hacker’s hands. When using a VPN, the Internet traffic between theuser’s computer and theVPN server gets encrypted, so even if the hacker manages to intervene, they won’t be able to read the user’s data.