Hackers stole thousands of internal EU files
-
EU and China discussed cyber-security and data privacy at their summit in July (Photo: European Commission)
Chinese hackers have been reading sensitive EU diplomatic cables for the past three years, according to a US cyber-security firm.
"People talk about sophisticated hackers, but there was nothing really sophisticated about this," Oren Falkowitz, the CEO of Area 1, the US firm, told The New York Times on Tuesday (18 December).
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
"After over a decade of experience countering Chinese cyber-operations and extensive technical analysis, there is no doubt this campaign is connected to the Chinese government," an Area 1 expert, Blake Darche, added.
The hackers did it by sending phishing emails to diplomats in Cyprus - emails containing links that installed malicious software on their computers.
They then got the diplomats' passwords for the EU's internal diplomatic cable system, called Coreu, enabling them to read communiques shared by the 28 member states.
The extent of the hack is smaller than that of Wikileaks, which published over 250,000 US diplomatic texts in 2010.
The US leak involved highly classified information, but, according to Area 1, the Chinese hack only obtained texts graded as "Limite" or "Restraint".
The French terms are used to denote the lowest out of five levels of EU classification, which also include "Confidential", "Secret", and "Tres Secret".
But according to the EU's own literature on the subject, leaks of "Restraint" texts could still be "disadvantageous" to EU interests.
They might "adversely affect" diplomatic relations, "distress" individuals or "facilitate" crime and "improper gain."
Area 1 shared a sample of 1,100 EU cables out of the cache it intercepted with the New York Times, which, in turn published a sample of the sample.
The cables published by the US newspaper focus on China, India, Iran, Israel, North Korea, Russia, Ukraine, and the US.
In what may be the clearest case of a "disadvantageous" effect of the leak, a handful of cables discuss North Korean and Iranian entities and individuals that the EU intended to blacklist on nuclear proliferation or human rights grounds.
But advance notice of an EU designation, which includes asset freezes, would enable the entities or people concerned to move their money out of Europe before EU states took action.
EU-China summit
Meanwhile, one cable dated 16 July 2018, gave an insight into what happens behind the scenes at EU-China summits.
The EU diplomat who drafted the memo noted that Chinese leader Xi Jinping told EU Council chief Donald Tusk and European Commission president Jean-Claude Juncker that he was prepared to fight a trade war with the US if need be.
"Caving in would embolden the bully. The Chinese people would not accept this, even if a trade war would hurt everybody. China was not a backward country anymore," Xi said, referring to "bullying" on tariffs by US leader Donald Trump.
The summit was "good-tempered", but at one point Juncker made "a forthright statement that the EU expected to be treated as undivided and undividable", when Chinese premier Li Keqiang spoke of bilateral ties with EU states.
Tusk also "raised EU concerns about the human rights situation in China and the particular case of Gui Minhai", a Hong Kong dissident jailed by China.
Li gave Tusk no new information and lectured him on respect for Chinese law, but also "stated that respective [EU and Chinese] teams should meet and follow up on the case."
Most of the summit focused on trade and investment, with Li pledging "no forced technology transfer" from European firms and to "deal seriously with IPR [intellectual property] violations".
But if Area 1 was right about its attribution of the EU hack to China, then Li's promises might not be worth much.
Tusk, in a second irony, also asked Li for help in ensuring that "cyber-security" and "data privacy" concerns were properly dealt with.
Another EU cable, dated July 2018, also voiced concern about "China's growing engagement in Africa".
It said no-strings attached Chinese infrastructure investments there were "negatively impacting EU efforts to promote democracy, human rights and good governance and reducing the willingness of African elites to reform".
It also said the Chinese army, Chinese private security firms, and Chinese state media were building a presence on the continent.
"Chinese media are actively expanding their presence and cooperate and share content with dozens of African news outlets," the EU cable said.
"Europe's presence in Africa is underappreciated," despite being its main aid donor, it added.
Trump-Putin meeting
A further cable, from the EU mission in the US in July this year, shed light on what happened when Trump met Russian leader Vladimir Putin in Helsinki earlier the same month.
White House security chiefs told the EU that Trump agreed to "the idea of an US-Russia investigation swap (granting access to special counsel Mueller to interrogate indicted Russian officials if the US agrees on the same in the 'Browder case', including access to former US ambassador to Russia Michael McFaul)".
But the US officials also said that this deal would be "nipped down" in Washington.
Robert Mueller is a US investigator looking into Russian election meddling in 2016. Bill Browder is a British human rights activist who campaigns for sanctions on Russia.
The EU diplomat said the summit was "successful (at least for Putin)" in PR terms.
But the Mueller-Browder deal aside, Trump and Putin made "no agreements, beyond the agreement to keep talking".
In a cable from Moscow dated February 2018, the EU diplomat noted "EU-Russia relations are complicated" due to Russia's invasion of Ukraine.
But he said that when the EU's special envoy on Afghanistan visited Russia "the mood was cordial and Russian interlocutors were rather open in their willingness to discuss possible enhanced cooperation on a number of issues", such as EU mediation in Afghan government talks with the Taliban militant group.
An EU cable from Kiev, also in February, indicated that the Ukraine complications were bigger than publicly acknowledged, however.
Ukrainian officials told the EU that Russia-annexed Crimea was a "hot-zone where nuclear warheads might have already been deployed".
A cable from Kiev in July highlighted the cost of Russia's invasion of east Ukraine.
"Places where children could play safely four years ago are now riddled with deadly explosives affecting the area along the contact line where 200,000 children reside," it said.
"Landmines and unexploded ordnances were a main cause of children casualties in 2017, accounting for about two-thirds of all recorded deaths and injuries leaving many children with lifelong disabilities," it added.
Iran deal
Trade wars and Russia deals aside, Trump has also split from the EU by walking away from an EU-brokered nuclear arms control deal on Iran.
Two EU cables, one from an informal EU foreign ministers meeting in February 2016, and one from a Slovak visit to Israel in June this year, shed light on the case.
The EU ministers admitted that Iran had a "disturbing ballistic [missile] programme" and that "even in a best-case scenario, according to the deal Iran would presumably become a nuclear threshold state in 15 years".
They also said removal of EU sanctions on Iran, meant that "plenty of opportunities were now open in the area of trade and investment, where the EU had lost out" in the past.
"After 2025 ... Iran will re-launch its nuclear programme," Israeli diplomats told Slovakia.
Migration crisis
Meanwhile, the EU ministerial meeting in Amsterdam in 2016 also warned that "migration is turning into an existential threat for [EU] integration".
"Several FMs [foreign ministers] advocated the need to defend Schengen [the EU's free-travel zone] as a matter of priority," the cable added.
"It was a powerful symbol of EU integration; and it was far from sure that to start closing [internal EU] borders would work as a decisive deterrent against economic migrants, or asylum seekers," the cable said.
The EU foreign service told The New York Times on Tuesday that "is aware of allegations regarding a potential leak of sensitive information and is actively investigating the issue."
But it declined to comment "on allegations or on matters relating to operational security".
A spokesperson of the Mission of China to the EU told EUobserver: "Such a report is suspicious, groundless and extremely irresponsible.
"China is a major victim of cybertheft and cyberattack, and a steadfast defender of cybersecurity. China firmly stands against and fights in accordance with law criminal hacking activities in all manifestations.
"The competent authorities will conduct investigations according to law, provided that there is evidence. Regarding the issue of cybersecurity, we oppose any allusions or slandering out of ulterior motive."
This story was expanded on Thursday 20 December to incorporate the response sent by the Mission of China to the EU