Saturday

1st Oct 2016

EU institutions hit by 'major' cyber attack ahead of summit

  • The institutions have taken action to prevent the spread of unauthorised information (Photo: eurocontrol)

The European Commission and the External Action Service have been hit by a "major" cyber attack ahead of a key EU summit where crucial decisions on the future structure of the bloc, countries' economic strategies and the ongoing war in Libya are to be discussed.

The commission will not comment on the nature of the attacks due to security concerns, but has confirmed the institutions are indeed the focus of a serious strike. Meanwhile officials are comparing the attack to an assault on the French finance ministry last year ahead of a G20 meeting.

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

"We're regularly hit by cyber attacks, but this one's a big one," said an EU source familiar with the matter that did not want to be named.

An internal email seen by EUobserver and sent to all staff warned: "We have found evidence that both the commission and EEAS are the subject of an ongoing widespread cyber attack."

The commission is currently attempting to assess the scale of the threat underway and in order to prevent the "disclosure of unauthorised information", and has shut down external access to email and the institutions' intranet.

All staff have been asked to change their passwords and to send sensitive information via secure email.

One EU source suggested the attack was similar to the massive assault which bombarded the French finance ministry last last year and was described by budget minister François Baroin as "spectacular".

The authors of the attack had been particularly interested in files on the G20 summit held in Paris in February.

At the time, Patrick Pailloux, the head of France's National Agency for Information Systems Security described the attack as "pure espionage ... one of the most important attacks, if not the most important, ever to target the public administration."

Some 150 computers were affected. French officials also suggested that some of the information was redirected to Chinese sites.

An EU source suggested that in this case too, China may be among the suspects.

"This is an important summit in many ways. There are people who want to know what the different positions are in what's being discussed."

In the attack on Brussels officials are publicly refusing to discuss the scale of the attack or its source.

"We are not speculating on the origin," EU institutional affairs spokesman Antony Gravili told EUobserver.

It is thought to be the first such attack on the External Action Service, although Gravili was keen to downplay this record.

"It's difficult to say whether this is the first one. So much of the EAS is still technically DG Relex [the external relations department of the commission, the precursor of the EAS]," he said.

Analysis

Renzi's EU attacks are survival strategy

Faced with a difficult referendum campaign, the Italian prime minister is playing the antiestablishment card, including verbal attacks on the EU and Germany.

Stakeholders' Highlights

  1. EFAEFA Supports a YES Vote in the Hungarian Referendum
  2. ACCAFinTech Boom Needs Strong Guidance to Navigate Regulatory Hurdles
  3. Counter BalanceWhy the Investment Plan for Europe Does not Drive the Sustainable Energy Transition
  4. Nordic Council of MinistersThe Nordic Region Seeks to Make Its Voice Heard in the World
  5. Taipei EU OfficeCountries Voice Support for Taiwan's Participation in ICAO
  6. World VisionNew Tool Measuring Government Efforts to Protect Children Released
  7. GoogleDid You Know Europe's Largest Dinosaur Gallery Is in Brussels? Check It Out Now
  8. IPHRHuman Rights in Uzbekistan After Karimov - Joint Statement
  9. CISPECloud Infrastructure Providers Unveil Data Protection Code of Conduct
  10. EFAMessages of Hope From the Basque Country and Galicia
  11. Access NowDigital Rights Heroes and Villains. See Who Protects Your Rights, Who Wants to Take Them Away
  12. EJCAppalled by Recommendation to Remove Hamas From EU Terrorism Watch List