The EU announced an investigation into alleged hacking of its diplomatic cables after a private cybersecurity company discovered sensitive documents online that appeared to have been stolen by China.
A selection of cables, gathered over three years, between EU diplomats have been shared with the New York Times newspaper by Area 1, the private cybersecurity firm who discovered the hack. Area 1 was founded by three ex-NSA employees, its website says.
The firm alleges the breach was the work of a Chinese group that is believed to be backed by the China’s People’s Liberation Army (PLA), given the hallmarks of the hack.
Revelations found in the cache of documents, which were copied from a secure network and posted on an open website (the NYT claims), include Ukrainian concerns that Russia was deploying nuclear warheads in Crimea, Chinese leader Xi Jinping’s comments that the US was “behaving as if it was fighting in a no-rules freestyle boxing match" on trade and discussions on EU exports to Iran.
Internal guidelines on ‘messaging’ were also found amongst the ream of documents. Deputy Head of the EU Mission to Washington, Caroline Vicini, advised diplomats to describe the US as “our most important partner” despite the Trump administration’s “negative attitude”.
The group gained access to the EU’s inner workings through a simple phishing scam, whereby a fraudulent email was sent to trick users into giving away details.
After gaining access, the hackers were able to connect to the EU’s database of diplomatic exchanges.
“People talk about sophisticated hackers, but there was nothing really sophisticated about this,” Area 1 CEO Owen Falkowitz told the NYT.
It may be simplistic, but phishing is an effective tool for hackers, says Rob Pritchard, founder of consultancy Cyber Security Expert, and as such the EU should be conducting training and campaigns internally to help staff recognise a threat.
_________________
Read more:
Careem hit by cyber attack with data of up to 14 million users stolen
Cyber security is 'number one priority' for companies in the UAE
Dozens of cyber attacks target UAE Government and companies
Ethical hackers and intelligence experts key to countering rise of cyber threats in UAE
_________________
“It’s a pretty common method of compromising systems, in fact it’s probably the best way to get into organisations, but the better defended the organisation, the less effective it’s going to be. In terms of espionage like this, it’s a pretty common vector,” he told The National.
“I’d expect the diplomatic core to be doing phishing awareness and general security awareness campaigns.”
Why Area 1 chose to share the files they had found with a newspaper is unknown, but isn’t best practice for a company of that nature, says Mr Pritchard.
This is pretty unbelievable, and certainly seems exceptionally unethical. https://t.co/0rMcHeaPhK
— Robert Pritchard (@TheCyberSecExp) December 19, 2018
After news of the hack broke on Wednesday, the European Council said it was aware of the allegations and was “actively investigating the issue.”
However, further detail is unlikely to be forthcoming from the EU.
“The Council Secretariat does not comment on allegations nor on matters relating to operational security,” a spokesperson said. “The Council Secretariat takes the security of its facilities, including its IT systems, extremely seriously."
The EU wasn’t the only victim of the hack. Area 1 said the UN and various foreign ministries also fell victim, along with over 100 other organisations, some of which had no idea until told by the firm.
