EU Suffers ‘Serious’ Cyber Attack Ahead Of Summit

Two European Union organisations have been hit by a “serious” cyber attack, in the run up to a leaders’ summit on economic reforms in Brussels.

The European Commission and the External Action Service were the targets of the attack, which has been likened to a recent assault on France’s finance ministry. The European Commission has reportedly closed off external access to its intranet and email services, in order to prevent information from leaking out.

Urgent measures

Antony Gravili, a spokesman for the inter-institutional relations and administration commissioner, told BBC News that such attacks were not uncommon, but that an inquiry has been launched. “We are already taking urgent measures to tackle this,” he said.

Details of the attack and its possible repercussions are scant, but Gravili blamed the attack on malware, rather than any attempt to unearth secret documents relating to summit issues. However, according to Rik Ferguson of net security firm Trend Micro, this is a risky conclusion to jump to.

“Malware is simply one of the tools in the criminal and international espionage bag of tricks and making such a clear distinction before a thorough investigation has been completed may be counter-productive to say the least,” Ferguson said in a blog post.

Some news sites are claiming to have seen internal emails suggesting that systems may have been compromised for weeks, or even months. Staff at the agencies are said to have been asked to change their passwords and send sensitive information via secure email.

Nations under attack

Earlier this month, the French finance ministry was targeted by hackers using Internet addresses in China, in a cyber attack aimed at stealing files on the G20 summit held in Paris in February. Patrick Pailloux, director general of the French National Agency for IT Security, said “It is the first attack of this size and scale against the French state.”

In November 2010, the Asian nation of Myanmar, still widely known as Burma, was also virtually taken off the net by a sustained attack of unknown origin.

“Whilst governments have faced cyber attacks for some time, the elevated risk of sophisticated and persistent cyber attacks around high profile political events is worrying,” said Alan Bentley, international senior vice president at security firm Lumension, commenting on the news.

“During incidents of data breaches, it is best practice to shut down compromised areas to limit the chance of data leakage. This reactive approach to cyber threats is no longer a match for the increasingly sophisticated tactics being employed by cyber criminals. Governments must now prepare for the unexpected – not wait to be ambushed,” he added.

Last year, the EU carried out its Cyber Europe 2010 test, to check on Europe’s preparedness for an attack that attempts to paralyse its online services. It claims to have passed with flying colours.