European Parliament Disables Webmail After Cyber-Attack

The European Parliament has disabled all remote access to e-mail and asked employees to change passwords during the five-day long cyber-attack.

Less than two days after the EU Commission and its foreign-service arm came under fire, the European Parliament's network came under cyber-attack. This is the third such incident on European governmental organizations in two months.

The attack on the European Parliament's computer network began March 24 and was in progress for at least five days, an EU spokesperson told European Voice. Employees were told on March 30 that the attacks had ended, but they had to continue to be careful.

The Parliament's IT team has put in security measures such as blocking remote access to email via Web browsers, according to the spokesperson. Employees were also told to change their network login credentials.

"Information technology services are working day and night to investigate," the spokesperson said.

Separately, the European Commission and its foreign ministry European External Action Service reported a large-scale malware-driven attack on its network on March 22. Employees were asked to change their passwords and all remote access to email had been revoked as the EC's security team investigated the breach.

While the Commission claimed the breach was the result of malware and not a direct assault on its systems, the Parliament did not provide any details of the attack.

An unnamed official told the European Voice that the attacks on EC and the Parliament appeared to have been "coordinated" based on the timing, but that information could not be verified. The Parliament and Commission have separate networks, so it is possible the attackers were snooping around to extract valuable information.

The EC attack occurred just ahead of a significant summit in Brussels to discuss the Libyan crisis, European debt and nuclear power.

"It is possible that Anonymous has begun to inspire -serial hacktivism,'" as the EC attack could have been a response to the Western intervention in Libya, Amichai Shulman, CTO of Imperva, told eWEEK. The hacktivist group Anonymous has recently launched attacks against a wide range of targets, including the music industry, companies who severed ties with whistle-blowing site WikiLeaks, and government Websites in countries engulfed in mass demonstrations.

It is unclear at this time whether the Parliament incident is related to the attack on France's finance ministry in February. In the attack that compromised more than 150 computers, the attackers were allegedly after documents on the G20 summit held in Paris that month.

Since some of the stolen files were redirected to Chinese sites, there was speculation the Chinese government may have backed the attack. Shulman dismissed the scenario as "unlikely," since China was part of the G20 and already had access to the documents. Instead, he said it was more likely that hackers from all over the world were using Chinese IP addresses because it was easier to exploit them.

Shulman donned his "conspiracy-theory hat" and speculated the agency had failed to secure its networks and was compromised by a simple worm or virus. "Rather than embarrassingly admit this security failure, they claim APT," Shulman said. He said it was unlikely an Advanced Persistent Threat would affect "only 150 computers."

APTs are generally complex and ongoing attacks that use unique attack vectors.