John Dalli, And other commissioners’, emails hacked

Malta Independent Sunday, 5 August 2012, 00:00 Last update: about 12 years ago

EU Health and Consumer Affairs Commissioner John Dalli has told EUobserver.com that no internal EU information was compromised when hackers broke into one of his private e-mail accounts in July, the website reported.

Earlier this week, Bloomberg reported that last year hackers stole emails from 11 EU officials, including EU Council chief Van Rompuy.

The breach was exposed last week by a team of US academics and cyber security firms that have been tracking a hackers group known by two names: Comment and Byzantine Candor.

The US investigators, who asked to remain anonymous, showed computer logs detailing the hackers’ behaviour to the Bloomberg news agency.

According to the logs, the group accessed the EU Council’s computer network at around 9am Brussels time on four occasions: 8 July, 11 July, 13 July and 18 July last year.

It hacked 17 e-mail accounts, grabbing around seven days’ of correspondence and any attached files from each account.

Apart from Van Rompuy himself, the group stole information from three former members and one current member of his cabinet staff: Sem Fabrizi, Jose Leandro, Zoltan Martinusz and Odile Renaud-Basso.

It also scalped Giles de Kerchove (the EU’s counter-terrorism tsar), Leonardo Schiavio (a senior EU foreign policy official) and four officials dealing with trade and development: Boguslaw Majewski, Massimo Parnisari, Alda Silveira Reis and Jan Van Elst.

At the time, the EU was involved in sensitive talks regarding the second Greek bailout.

Speculation among the US investigators is that the hackers are linked to the Chinese government. But China has repeatedly denied that it conducts any cyber espionage.

“The confirmation on the specific victims comes from the computer logs gathered by the researchers, which show the hackers’ activities in the EU Council networks via monitoring of the hackers” own command and control system, including the specific users whose accounts were accessed. We were provided with the logs and interviewed some of the researchers,” Bloomberg’s Michael Riley told EUobserver.

An EU official said the EU Council does not comment on individual cases. However, he noted that highly sensitive or classified information could not be easily compromised because it is stored on a separate computer network that is not connected to the Internet.

“Hackers frequently target EU institutions – many of these attacks show a high degree of sophistication. Some are based on techniques used by government agencies,” he added.

The Comment/Byzantine Candor group also targeted US oil firm Halliburton, a Canadian magistrate involved in a Chinese extradition case and the International Republican Institute in the US, among some 20 or so victims.