Cyber-security company says China was behind hack of EU diplomatic messages
The EU announced an investigation into alleged hacking of its diplomatic messages after a private cyber-security company discovered sensitive documents online that appeared to have been stolen by China.
A selection of cables, gathered over three years, between EU diplomats were shared with
The New York Times by Area 1, the private cyber-security company that discovered the hack. Area 1 was founded by three former US National Security Agency employees, its website says.
The company claims the breach was the work of a Chinese group believed to be backed by the country’s People’s Liberation Army.
Revelations found in the cache of documents include Ukrainian concerns that Russia was stocking nuclear warheads in Crimea, Chinese leader Xi Jinping’s comments that the US was “behaving as if it was fighting in a no-rules freestyle boxing match” on trade, and discussions on EU exports to Iran.
Internal guidelines on messaging were also found among the documents.
Deputy head of the EU Mission to Washington, Caroline Vicini, advised diplomats to describe the US as “our most important partner” despite the Trump administration’s “negative attitude”.
The group gained access to the EU’s inner workings through a simple phishing scam, whereby a fraudulent email was sent to trick users into giving away details. After gaining access, the hackers were able to connect to the EU’s database of diplomatic exchanges.
“People talk about sophisticated hackers but there was nothing really sophisticated about this,” Area 1 chief executive Owen Falkowitz said.
It may be simplistic, but phishing is an effective tool for hackers, said Rob Pritchard, founder of consultancy Cyber Security Expert. The EU should be conducting training and campaigns internally to help staff recognise a threat, he said.
“It’s a pretty common method of compromising systems, in fact it’s probably the best way to get into organisations, but the better defended the organisation the less effective it’s going to be. In terms of espionage like this, it’s a pretty common vector.
“I’d expect the diplomatic core to be doing phishing awareness and general security awareness campaigns.”
Why Area 1 chose to share the files with a newspaper is unknown, but this is not best practice for a company of that nature, Mr Pritchard said.
After news of the hack broke yesterday, the European Council said it was aware of the allegations and was “actively investigating the issue”. Further details are unlikely to come from the EU.
“The Council Secretariat does not comment on allegations nor on matters relating to operational security,” a spokesman said. “The Council Secretariat takes the security of its facilities, including its IT systems, extremely seriously.”
The EU wasn’t the only victim of the hack. Area 1 said the UN and various foreign ministries also fell victim, along with more than 100 other organisations, some of which had no idea until told by the company.
The documents reveal discussions on EU exports to Iran and Ukrainian concerns over Russian nuclear weapons