EU institutions hit by 'major' cyber attack ahead of summit
The European Commission and the External Action Service have been hit by a "major" cyber attack ahead of a key EU summit where crucial decisions on the future structure of the bloc, countries' economic strategies and the ongoing war in Libya are to be discussed.
The commission will not comment on the nature of the attacks due to security concerns, but has confirmed the institutions are indeed the focus of a serious strike. Meanwhile officials are comparing the attack to an assault on the French finance ministry last year ahead of a G20 meeting.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
"We're regularly hit by cyber attacks, but this one's a big one," said an EU source familiar with the matter that did not want to be named.
An internal email seen by EUobserver and sent to all staff warned: "We have found evidence that both the commission and EEAS are the subject of an ongoing widespread cyber attack."
The commission is currently attempting to assess the scale of the threat underway and in order to prevent the "disclosure of unauthorised information", and has shut down external access to email and the institutions' intranet.
All staff have been asked to change their passwords and to send sensitive information via secure email.
One EU source suggested the attack was similar to the massive assault which bombarded the French finance ministry last last year and was described by budget minister François Baroin as "spectacular".
The authors of the attack had been particularly interested in files on the G20 summit held in Paris in February.
At the time, Patrick Pailloux, the head of France's National Agency for Information Systems Security described the attack as "pure espionage ... one of the most important attacks, if not the most important, ever to target the public administration."
Some 150 computers were affected. French officials also suggested that some of the information was redirected to Chinese sites.
An EU source suggested that in this case too, China may be among the suspects.
"This is an important summit in many ways. There are people who want to know what the different positions are in what's being discussed."
In the attack on Brussels officials are publicly refusing to discuss the scale of the attack or its source.
"We are not speculating on the origin," EU institutional affairs spokesman Antony Gravili told EUobserver.
It is thought to be the first such attack on the External Action Service, although Gravili was keen to downplay this record.
"It's difficult to say whether this is the first one. So much of the EAS is still technically DG Relex [the external relations department of the commission, the precursor of the EAS]," he said.