Sunday Express

Millions face losing cash amid Vatican website fears

- By Marco Giannangel­i DIPLOMATIC EDITOR

MILLIONS of donations made to the Roman Catholic Church are at risk of being stolen by cyber criminals because the Vatican has ignored warnings about the vulnerabil­ity of its website.

Concerns about the insecure operation were raised by experts after recent reports emerged suggesting the Vatican websites had been infiltrate­d by hackers linked to the Chinese government.

British technology company, Cybersec Innovation Partners (CIP), which has previously assisted Nato following a cyber breach, has written to Gianluca Gauzzi Broccolett­i, the Pope’s head of security, telling him of the dangers but has yet to receive a reply.

A spokesman for the firm said: “We continuall­y research and find that it is difficult for large organisati­ons to keep track of all their web domains and sub-domains. This leads to vulnerabil­ities that cyber criminals are exploiting.

“The Vatican was informed of its numerous, unacceptab­le vulnerabil­ities two weeks ago but has done nothing to safeguard the security of those who want to support their religion and donate money.

“With Covid-19, and the moving of physical payments to digital-only platforms never before has it been more critical to ensure security online.”

Peter’s Pence, also known as the Alms of St Peter, is the main conduit through which Pope Francis receives donations from among the world’s 1.3 billion Catholics to pay for philanthro­pic works and the administra­tion of the Vatican.

In 2019, the Vatican raised about £50million in this way, although not all contributi­ons were made online before the coronaviru­s pandemic.

While the Covid-19 crisis has forced the pontiff to postpone his chief fundraisin­g tours until October, individual­s can still use the website to make suggested direct payments ranging from 10 euros to 500 euros.

The Vatican already runs a £41million deficit on its annual £220million earnings and, with Covid-19 having shut down its museums – a main source of income – thefts of donations would hit it hard.

CIP also warned the Holy See in its letter that by allowing personal informatio­n to be potentiall­y compromise­d, it is also falling foul of legally binding data protection rules.

British Airways is facing a potential fine of £183million for similar data breaches and the Marriott hotel chain is heading for a £99million penalty after its systems were compromise­d. The minimum fine for breaching the rules is four per cent of global annual earnings.

At the heart of the issue is the lack of certificat­ion for the Vatican’s main website www.vatican.va.

Two years ago website security was tightened but the main portal has still not been updated which is why the words “not secure” appear near the address instead of a padlock to show it is safe to enter.

Most of its 84 sub-domain websites are also not protected – and this includes the Vatican’s main donation portal.

Even cyber security profession­als cannot be sure that a web page is authentic and not a spoof – deliberate­ly placed by criminal gangs to mirror a real site – when it displays a “not secure” warning rather than a trusted padlock symbol.

In May, hackers linked to the Chinese government infiltrate­d Vatican computer networks, including that of the Roman Catholic Church’s Hong Kong-based representa­tive, according to a report by US firm Recorded Future.

The attacks happened ahead of talks to renew a landmark 2018 deal that stabilised relations between China and the Church.

‘Warnings have been ignored’

 ?? Picture: FRANCO ORIGLIA/GETTY ?? ADORED: Pope Francis waves to the faithful in St Peter’s Square
Picture: FRANCO ORIGLIA/GETTY ADORED: Pope Francis waves to the faithful in St Peter’s Square

Newspapers in English

Newspapers from United Kingdom