European Parliament and hacking – a long history

 

The European Parliament is in a continuous struggle to protect MEPs' data (CC Dan Barpus via Flickr)

The European Parliament is in a continuous struggle to protect MEPs’ data (CC Dan Barpus via Flickr)

The hacking of at least 40.000 European Parliament (EP) emails does not appear to be a singular event, but the latest in a series of worrying IT security breaches.

On Thursday, the French website Mediapart reported that an anonymous hacker had accessed confidential emails of MEPs and other staff of the European Parliament (EP).

The attacker described the hacking as “child’s play” saying he only used “ridiculous” computer equipment.

The Austrian MEP Martin Ehrenhauser received a list with metadata of 40.000 emails from different institutions, including the European Parliament and the German Bundestag. According to Ehrenhauser, a connection between the list and the cyber attack is very likely.

The hacking sparked a discussion about how vulnerable the European Parliament is to cyber attacks.

MEPs criticised that the EP was using out-of-date software and did not allow its staff to encrypt their communication.

Security concerns not taken seriously

It is not the first time the EU’s IT services face claims of not doing enough to protect confidential data and communication.

In April 2011, the Austrian MEP Hans-Peter Martin reported to Klaus Welle, the EP General Secretary, that his private emails were accessed from another office within the European parliament.

The European Parliament has not reacted to his report down to the present day, Martin says.

In another case, Heiko Frenzel, author of Sicherheit-Online (security online), wrote in October 2011 that he had contacted the European Commission (EC) to inform them about 40 security loopholes on EU servers.

“The first ten hints, which were sent over a period of time, were simply ignored, some of them deleted unread,” Frenzel said.

According to Frenzel, it took the European institution almost one year, until September 2012, to deal with the breaches.

European Parliament should improve its IT services

EU leaders are pushing forward new legislation to protect citizens’ data amid continuous revelations about the NSA’s spying activities in Europe.

If the EP wants to be taken as a serious negotiating party in cyber security issues, it should, first of all, aim at improving its own IT services and making it impossible for hackers to access confidential data with elementary computer equipment.

European Parliament hacked – attacker describes stealing 40.000 emails as “child’s play”

European Parliament in Strasbourg

Vulnerabilty of EP computers has been know for years, MEPs say (CC United Nations Photo)

A hacker has accessed 40.000 emails of MEPs and other staff of the European Parliament (EP), triggering a discussion about how vulnerable the parliament’s IT systems are to simple cyber attacks.

The hacker told the French website Mediapart yesterday that he succeeded in breaching the EP’s security using elementary computer equipment and “a few bits of knowledge that everyone is capable of finding on the Internet”.

He said his operation was aimed at raising awareness of how vulnerable the EP’s computer systems are to simple cyber attacks.

Today Austrian MEP Martin Ehrenhauser received a USB key with metadata of 40.000 emails, including the subject line, date, sender, recipient and the file name of attachments, Spiegel Online reports.

According to the report, the list does not only contain emails from staff of the European Parliament, but also the European Commission, the German Bundestag, parties and lobby groups.

Although a connection between the file and the cyber attack has yet to be established, Ehrenhauser considers it very likely that the two events relate to one another.

Out-of-date software made communication vulnerable

The breach of the EP’s protection measures, which the hacker described as a “child’s play”, has started a discussion about the parliament’s IT security.

Dutch MEP Sophia in’t Veld said that problems with the EP’s computer systems had been known for years.

Marjory Van den Broeke, the head of the EP press unit, said the IT services were investigating how the attack could happen: “It’s a technical issue, depending on the outcome of the investigation, we’ll see if and what measures should be taken.

According to Spiegel Online, the IT systems in the European Parliament are using old software, with some of the computers running the 12-year old Windows XP.

Jan Phillip Albrecht, MEP and data protection expert, said the EP was using software without knowing if back doors were built in. “We have been campaigning to use open source software for ten years”, he said.

The EP’s IT services forbid MEPs to encrypt their emails, Spiegel Online reports.

While investigating NSA spying activities, the hacking attack shows how vulnerable the EP is not only to big intelligence services, but also to a single hacker sitting outside the parliament building in Strasbourg.