The European Union is “actively investigating” a potential leak of sensitive information after a report emerged that hackers infiltrated the bloc’s diplomatic communications for years, revealing the bloc’s foreign policy concerns over Trump, Russia and Iran.
In an article published on Tuesday, the New York Times (NYT) alleged that for the past three years hackers have been able to download thousands of EU diplomatic cables.
The bloc’s Council Secretariat said in a statement to Euronews that it is “aware of allegations regarding a potential leak of sensitive information and is actively investigating the issue".
“The Council Secretariat does not comment on allegations nor on matters relating to operational security.
“The Council Secretariat takes the security of its facilities, including its IT systems, extremely seriously,” it added;
According to cybersecurity company Area1 — cited by the NYT — hackers managed to get all the passwords they needed to connect to the EU’s entire database of exchanges after a run-of-the-mill phishing attack aimed at diplomats in Cyprus granted them access to the nation’s systems.
“There was nothing sophisticated about this,” Area1 CEO Oren Falkowitz told the NYT.
For three years, the hackers then copied EU sensitive information from secure networks to an internet site they had set up.
Area1 alleges that the methods used bear all the hallmarks of those used by an elite unit of China’s People’s Liberation Army.
The United Nations, the American Federation of Labor and Congress of Industrial Organizations, as well as various ministries of foreign affairs and finance worldwide, were also reportedly affected by the hack.
What do the cables say?
The cables contain reports by EU diplomats on the ongoing crisis between Russia and Ukraine following Moscow’s annexation of Crimea four years ago.
A cable from February 8 warns the peninsula has become a “hot zone where nuclear warheads might have already been deployed".
Another recaps the July meeting between Trump and Putin in Helsinki as “successful (at least for Putin)".
The documents also shine a light on the difficulty for EU diplomats to build a solid relationship with the Trump administration as disagreements over trade, climate and the Iran nuclear deal grew.
Caroline Vicini, deputy head of the EU mission in Washington recommended in a March 7 cable that European diplomats work around the US President by dealing directly with Congress and emphasising individual member states’ interests on issues ranging from trade to renewable energy and Brexit.
The leak also contained private accounts of a meeting with China President Xi Jinping in which he is quoted as saying that his country “would not submit to bullying” from the US “even if a trade war hurt everybody".
How bad is it for the EU?
The leak is obviously damaging to the bloc because it reveals the inner workings of its diplomatic apparatus.
It also details some of its concerns and communications between the 28 member states regarding the bloc’s strategy on trade, counterterrorism, migration and enlargement — information that if wielded properly could give an advantage to foreign powers.
Finally, it highlights how poorly protected the EU is against cyber threats.
However, most of the documents hacked pertained to the usual business of diplomacy, including reports on meetings and diplomatic trips.
The more sensitive communication — including on the 2015 nuclear deal with Iran — were kept on a separate system.