Cyber Attack Hits European Commission

Malware was blamed for the "major" breach, launched on the eve of a summit focusing on euro instability, the war in Libya, and nuclear safety.
10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
On Wednesday, a large cyber-attack was launched against the European Commission, mere hours before a two-day Brussels summit focused on the European debt crisis and Portugal, as well as the war in Libya and nuclear safety concerns.

"We're often hit by cyber attacks but this is a big one," an unnamed source told the BBC.

The attack targeted the European External Action Service (EEAS), which is the European Commission's foreign ministry and diplomatic corps. (The commission itself serves as the European Union's executive body.) According to an internal memo seen by EUObserver, "We have found evidence that both the commission and EEAS are the subject of an ongoing widespread cyber attack."

As a result, the European Commission -- which has launched an investigation -- advised all of its staff to change their passwords and use only secure email for sensitive communications. It also disabled the intranet as well as remote email access.

The commission has so far declined to provide more details about the attack, although EU spokesperson Antony Gravili told the AFP international news agency that the security breach stemmed from a malware incident, rather than being a targeted attack aimed at stealing financial secrets.

But the malware could indeed have been used as part of a targeted attack, said Rik Ferguson, director of security research and communication at Trend Micro, in a blog post. "Malware is simply one of the tools in the criminal and international espionage bag of tricks and making such a clear distinction before a thorough investigation has been completed may be counter-productive, to say the least."

Security experts said that the attack parallels an attack against the French finance ministry in December 2010, in which at least 150 out of 170,000 ministry computers were compromised. In that case, attackers were apparently gunning for economic information relating to a Group of 20 summit, which was held in Paris in February, and focused on global financial imbalances, including China's valuation of its currency.

One French official labeled the attack as "pure espionage."

"Hackers were able to break into the ministry's computers after emailing a malicious Trojan horse to users," said Graham Cluley, senior technology consultant at Sophos, in a blog post at the time. "Once the users were fooled into running the dangerous code, the hackers could access the computers remotely via a backdoor."

At the time, an anonymous official told the BBC that the stolen French information had been redirected to Web sites located in China, but that its final destination was unknown.

Editors' Choice
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading