A Parliament spokesperson said the institution was concerned about how easily an anonymous hacker broke into MEPs’ personal emails, as was revealed yesterday (21 November) by French investigative journal Mediapart.
“It was a child’s game”, the anonymous hacker said.
With “ridiculous” computer equipment and “a few bits of knowledge that everyone is capable of finding on the internet”, the hacker broke into the personal files and confidential emails of MEPs such as Ana Gomes from Portugal, Markus Pieper from Germany, Constance Le Grip from France and 11 others.
The hacker says his aim was simply to raise awareness about the vulnerability of the security system of the Parliament, at a time when the NSA spying scandal was shaking public opinion across Europe.
The hacker sat in a public place near the Parliament building in Strasbourg and managed to make nearby smartphones and computers pass through the “wifi” of his computer to connect to the internet. That was the hardest part of the procedure, he explained.
Then he accessed an application most MEPs use and which signals when new mail arrives in their inbox. The app does warn the user that an intruder is trying to access their data, but the message is “obscure”, the hacker said, and most users click OK, thereby giving access permission.
The Parliament head of the press unit, Marjory Van den Broeke, expressed concern about the information disclosed by Mediapart.
The House IT services are “investigating” the issue “since this morning” to “establish how this happened," he said.
“It’s a technical issue, depending on the outcome of the investigation, we’ll see if and what measures should be taken,” Van den Broeke stressed.
She added, however, that inducing people to use a certain wifi service is something that “is seen everywhere in the world”.
Although this is the first “cyber security” problem in the European Parliament, the security of the EU institutions has been compromised in the past: a post office inside the parliamentary assembly was robbed during a nearby summit of EU heads of governments, and an ING bank located on the ground floor of the Parliament was attacked by a man armed with a gun, raising serious questions about the buildings' security in Brussels.
According to Eurobarometer, Europeans remain very concerned about cyber security. 89% of internet users avoid disclosing personal information online, and 12% have already experienced online fraud.
The EU’s new European Cybercrime Centre (EC3), based in the Hague, opened in January 2013.
It will facilitate research and development, ensure capacity building among law enforcement, judges and prosecutors and will produce threat assessments, including trend analyses, forecasts and early warnings.
The Commission simultaneously launched an EU-wide cybersecurity strategy, which aims to establish cross-border cybersecurity rules and practices, and coordinated attack response.
- Mediapart: «It was child's play»: how a hacker broke into MEPs' secret email accounts
- Euractiv Germany E-Mail-Konten von EU-Abgeordneten gehackt