Hackers – linked to China – infiltrated the European Union’s diplomatic communications network, downloading thousands of cables by entering the system through a routine Cyber-attack on Cyprus, according to the New York Times.
It said the techniques that the hackers deployed over a three-year period resembled those long used by an elite unit of China’s People’s Liberation Army.
Unlike WikiLeaks in 2010 or the Russian hack of the US Democratic Party, the cyberattack on the European Union made no effort to publish the stolen material, instead, it was a matter of pure espionage, one former senior intelligence official told the NYT.
It also displayed the “remarkably poor protection” of routine exchanges among EU officials after years of embarrassing government leaks around the world.
The cables were exposed after a run-of-the-mill phishing campaign aimed at diplomats in Cyprus pierced the island’s systems, Oren Falkowitz, chief executive of Area 1 – the firm that discovered the breach – told the NYT.
“People talk about sophisticated hackers, but there was nothing really sophisticated about this,” Falkowitz said.
After getting into the Cyprus system, the hackers had access to passwords that were needed to connect to the European Union’s entire database of exchanges.
Area 1’s investigators said they believed the hackers worked for the Strategic Support Force of the People’s Liberation Army, part of an organization that emerged from the Chinese signals intelligence agency that was once called 3PLA.
“After over a decade of experience countering Chinese cyberoperations and extensive technical analysis, there is no doubt this campaign is connected to the Chinese government,” said Blake Darche, one of the Area 1’s experts.
After burrowing into the European network, called COREU (or Courtesy), the hackers had the run of communications linking the bloc’s 28 states, on topics ranging from trade and tariffs to terrorism to summaries of summit meetings, from the vital to the insignificant.
Many of the reports were the ordinary business of diplomacy — weekly reports from missions from places like Kosovo, Serbia, Albania, Russia, China, Ukraine and Washington, and included descriptions of conversations with leaders and other diplomats or visits to non-European countries.
Among the cables were requests for authorization to finance exports to Iran, as well as details of efforts throughout 2018 to continue economic arrangements that might entice Tehran to comply with the terms of the 2015 nuclear agreement’s terms, even after Donald Trump abandoned it.
There was much analysis in the cables of foreign policy and of Europe’s strategies on issues of trade, counterterrorism, migration and enlargement that could be picked apart by China and other countries looking for an advantage.
But the former senior intelligence official said that the EU had been warned, repeatedly, that its aging communications system was highly vulnerable to hacking by China, Russia, Iran and other states.
European officials said they are now trying to overhaul their outdated and vulnerable networks — an expensive process in which technological improvements usually cannot protect against flawed human judgment.
They insisted that confidential, secret and “tres secret” material is handled differently than the cables seized by the hackers and noted that a new system, known as EC3IS, is being developed to handle the more sensitive documents that are shared among the diplomats, reported NYT.
