European Commission announces that it was hit by targeted attack, as cyber espionage campaign continues
The European Commission was hacked into yesterday just hours before a summit of EU leaders debating the military campaign in Libya, the Euro debt crisis and nuclear safety.
A spokesperson for the EC told AFP that all staff were warned that remote access to emails was no longer operational. They also confirmed that pages from European Union websites, notably those from the European External Action Service, which handles diplomatic relations for the 27 EU states around the world, were also closed down.
A commission spokesman Antony Gravili was unable to say whether police had been called in, saying only that an ‘in-house security team' was probing. He blamed the ‘serious attack' on malware rather than any attempt to unearth secret documents relating to summit issues. “I have no information at all linking the attack to the summit, we don't only suffer attacks at these times,” he said.
Rik Ferguson, director of security research and communications at Trend Micro, said that details on the nature, extent and consequences of the incident are currently very few, but the timing and targeting are highly reminiscent of the attack against the French finance ministry two weeks ago, which reportedly targeted information relating to the G20 summit.
He said that revealing this attack was the right thing to do in light of recent cyber espionage attempts. “Until an investigation takes place it is wise not to release any information as it may be subject to change and also because it will open the doors up to further attacks by revealing their vulnerabilities,” he said.
“These are targeted attacks looking for confidential information, while with the RSA SecurID attack they were looking for intellectual property. Until we know more about what was targeted it is difficult to figure out the motive. It is also difficult to say if this was successful, as nothing has been released, we know that this was a detailed attack and they are investigating but that does not mean that it was successful.
“Nevertheless, Aurora, Night Dragon, Stuxnet and the attacks on the G20 and EU summits graphically illustrate the new reality. Cyber espionage, just like cyber crime is more simple to perpetrate, more difficult to spot and carries much less risk than the more traditional methods. This is the new front line.”