EU institutions hit by 'major' cyber attack ahead of summit
-
The institutions have taken action to prevent the spread of unauthorised information (Photo: eurocontrol)
The European Commission and the External Action Service have been hit by a "major" cyber attack ahead of a key EU summit where crucial decisions on the future structure of the bloc, countries' economic strategies and the ongoing war in Libya are to be discussed.
The commission will not comment on the nature of the attacks due to security concerns, but has confirmed the institutions are indeed the focus of a serious strike. Meanwhile officials are comparing the attack to an assault on the French finance ministry last year ahead of a G20 meeting.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Don't miss out on
Our exclusive news stories and investigations. Influential. Investigative. Independent.
Why join?
Watch our founder Lisbeth Kirk explain the reasons in this 30-second video.
Already a member?
"We're regularly hit by cyber attacks, but this one's a big one," said an EU source familiar with the matter that did not want to be named.
An internal email seen by EUobserver and sent to all staff warned: "We have found evidence that both the commission and EEAS are the subject of an ongoing widespread cyber attack."
The commission is currently attempting to assess the scale of the threat underway and in order to prevent the "disclosure of unauthorised information", and has shut down external access to email and the institutions' intranet.
All staff have been asked to change their passwords and to send sensitive information via secure email.
One EU source suggested the attack was similar to the massive assault which bombarded the French finance ministry last last year and was described by budget minister François Baroin as "spectacular".
The authors of the attack had been particularly interested in files on the G20 summit held in Paris in February.
At the time, Patrick Pailloux, the head of France's National Agency for Information Systems Security described the attack as "pure espionage ... one of the most important attacks, if not the most important, ever to target the public administration."
Some 150 computers were affected. French officials also suggested that some of the information was redirected to Chinese sites.
An EU source suggested that in this case too, China may be among the suspects.
"This is an important summit in many ways. There are people who want to know what the different positions are in what's being discussed."
In the attack on Brussels officials are publicly refusing to discuss the scale of the attack or its source.
"We are not speculating on the origin," EU institutional affairs spokesman Antony Gravili told EUobserver.
It is thought to be the first such attack on the External Action Service, although Gravili was keen to downplay this record.
"It's difficult to say whether this is the first one. So much of the EAS is still technically DG Relex [the external relations department of the commission, the precursor of the EAS]," he said.
