European Parliament Computer Network Breached

Orome1 writes "The computer network of the European Parliament has been targeted by a cyber attack that may or may not be linked to the attack against the European Commission and the External Action Service networks that took place a week ago. According to the Parliament's spokesmen, the attack was still ongoing yesterday morning and information technology services have put in place some security measures — such as blocking access to webmail."

Re:

[ocdscouter]

Well, somebody had to go first.

Now they block access?

[jhoegl]

Webmail is one of the worst offenders in getting viruses. My brother works at a company that sells computer equipment and they had so many problems because their sales agents were clicking on all kinds of stupid shit in their personal email accounts.

I always blocked personal email unless it was expressly allowed, and even then I told the user one issue and its turned off.

I dont care if these are public officials. They want their public email, get it on their phones or somewhere else! I got shit to secure son!

Re:

[sandytaru]

My favorite is the fake UPS invoices. "Hey, we have an invoice from a recent UPS packed that was shipped to you. Click the attachment to see it!"

Re:

[GregC63]

After being repeatedly warned... I've had 2 users do that just yesterday. Dumbasses...

Re:

[KhabaLox]

So did my boss. Though in his defense he was expecting an email from UPS. Luckily MSSE caught it and neutralized it completely, as far as I can tell. I ran a DDS log which looked clean, and an F-Secure online scan came back with only tracking cookies.

But shouldn't Win7 and no admin rights go a long ways towards negating these types of malware?

Re:

[GameboyRMH]

But shouldn't Win7 and no admin rights go a long ways towards negating these types of malware?

That keeps it from rooting the system, but a virus can still run with the user's privileges.

Re:

[cavreader]

I believe there are app config settings where you can alter the way programs are executed if you want to. You can also configure the user permissions to limit any potential damage. The biggest security risk in any OS is the user. Trying to lock down the entire OS can also cancel out some of the legitimate functionality.User vigilance and awareness is the best protection against getting a virus. The people creating the viruses and bots are really good at identifying OS weaknesses even when you are running an

Re:Now they block access?

[MrLint]

Heres a hint, don't let the user be admins. Then they can't brake out of their account.....

and yes users are stupid. I had one guy who got a mail from USPS, about his Fedex tracking number on his expressmail delivery. He downloaded and opened and ran a zip file. When I asked him if he was expecting a delivery he said 'I dont know'.

Re:

[Opportunist]

This is a good idea from a technical point of view. Until you get a boss that tells you in no uncertain terms ("do it or be fired") that he NEEDS admin access to his box.

Now multiply that ego by a million and you are at a politician.

Re:

[L4t3r4lu5]

That's not how it works. A politician is not your employer, the government is. A politician has no hire-and-fire control over staff outside of politics, even if they have that power at all (which I wouldn't think they do).

Working in the public sector myself, though not politics, I have no problem telling my employer that they cannot have admin access to their local machine, and certainly not to the domain, unless they sign off that they accept that I am released from any and all responsibility under

Re:

[Qzukk]

A politician has no hire-and-fire control over staff outside of politics, even if they have that power at all (which I wouldn't think they do).

Oh no, of course not, he could never fire you. Of course, it would be a shame if the department's budget was cut to $10. Of course, the politician would probably want to run that by your boss and get his input on the matter, to make sure the right cuts were being made.

Re:

[L4t3r4lu5]

Constructive Dismissal [wikipedia.org]

Re:

[KhabaLox]

It seems to me there was a government sys admin in San Francisco that stood up to his bosses and ended up in jail. OK, so not exactly the same situation, but still....

Re:

[AC-x]

Heres a hint, don't let the user be admins. Then they can't brake out of their account.....

Except in cases of privilege escalation exploits, and there's plenty of snooping that can be done by a program running under a user's context. I'm pretty sure most large corporate networks have all their non-techy users locked down, but that doesn't mean people can't still hack in through a non-admin account.

Re:

[MrLint]

Oh indeed exploits are always an issue. However, at least in the place I work, anyone who wants admin is give it, with the most flimsy of reasons to the most incompetent people. So I just sit and wait for the train wreck.

Re:

[Culture20]

And the userland driveby downloads can sit in the background, schedule themselves to run on boot up/log in, regularly download new exploit attempts (just before patch tuesday), or act as bonnet members for ddoses, etc.

Re:

[malkavian]

Deceleration doesn't affect computer security. That aside, users aren't stupid (in the main). They just aren't entirely sure what a computer will or won't do. The same as I'm not quite so sure I could do the job my system users perform (i.e. surgery, anaesthetics, haematology etc.). Part of my job is to make sure they're as safe as they can be in doing their job, while still allowing them to do it.
There are so many infection vectors (compromised web sites, including the occasional high profile one, webm

Re:Now they block access?

[jhoegl]

You assume the user cares, and would listen to you.

You assume wrong.

Re:

[malkavian]

No, I don't assume at all. Just part of my remit to make sure they have a fair stab at doing the right thing. By and large, they do. No such thing as perfect, it's all risk mitigation.

Re:

[Opportunist]

I'd wonder why webmail access was available in the first place. Isn't there some requirement for auditability of their mail? I mean, they're public servants, isn't that like opening a backdoor for shady deals?

Aside of that, one of the FIRST things I recommend during a security audit is to disallow any mail traffic but auditable and company owned systems, on all levels. Usually it is trivial to get it done for the lower echelons, but the resistance at C-level is crippling. In other words, yes, we'll do it fo

Re:

[jhoegl]

I hope you document their response and have them sign off on it.
One of the biggest concerns is that their policies can be pushed back on you. As if it is your fault you told them and they didnt listen.
But yes, I also lock down port 25 for everyone except vital systems.

Re:

[Opportunist]

Of course, and of course they sign it off without a problem. Why not? It doesn't threaten their ability to get the certificate they're aiming for (yes, a security cert does NOT certify that you're secure, only that you have evaluated the risks, if you choose to ignore them, so be it), so why shouldn't they sign it off? It IS very funny sometimes, though, to read how they justify their "need" for webmail or access to certain pages (e.g. facebook) that MUST NOT be accessed by anyone else in the company for th

Re:

[Teun]

Members of the European Parliament are elected representatives from 27 different countries, each with their parties and own mail systems.

The Parliaments own mail system likely only handles a fraction of the total mail.

Re:

[Opportunist]

Likely, but the rest should not be handled by freemail providers!

Re:

[EvilAlphonso]

The article isn't very clear but, having worked there, webmail would probably refer to Outlook Web Access...

Re:

[Nefarious Wheel]

This is all beginning to look like the cyber wars in David Brin's "Earth". I think I'll take that one off the shelf again, deserves a re-read.

Hacker Skill

[Ancantus]

'This is not a couple of teenage boys hacking into the [EU] institutions,' said an official.

But it could be the work of a person with the skills of 1,000 hackers [slashdot.org].

Re:Hacker Skill

[fuzzyfuzzyfungus]

Yup. It would be embarrassing if it were a couple of teenagers breaking in, therefore it is not a couple of teenagers breaking in.

Perhaps it is the same mysterious "Advanced Persistent Threat" that hit RSA a little while ago...

Re:

[Opportunist]

APT? Is that the umbrella corporation or just the new catch-all TLA for all the other TLAs?

Skills of 1000 Hackers

[dkleinsc]

(apologies to Wilson Pickett)

Got to hit the IP like Tim Berners-Lee.
Mash the keyboard, set up the d-words.
See if its a MIPS, get to backbone from SLIP
Find the SSH key like the great Trinity
Hey! Uh!

Na na-na-na-na na-na-na-na-na-na-na-na-na-na na-na-na-na
I need somebody to help me type it one time
(Na na-na-na-na na-na-na-na-na-na-na-na-na-na na-na-na-na)
Wo--ow!

Re:

[malkavian]

Actually, no. Windows by and large.

I Blame the Secreteries

[jimmerz28]

I'd venture a guess that a lot of the secretaries are on coupon websites. Downloading and allowing god knows what to run.

Re:

[kvvbassboy]

Even if this was true, the sysadmin, whether Windows or Linux, wouldn't have provided permission to just run something with write-access to root. I am sure it would have been more sophisticated than that.

Re:

[Opportunist]

Most likely he has, because most likely he was told to.

I worked for a while for politicians. If you think your boss has an ego that needs its own office, you never worked for one. OF COURSE he, his secretary and his dog need admin privileges. How dare you expect to be allowed to do more on the computer than him?

Re:

[jimmerz28]

We call them "queen bees".

Re:I Blame the Secreteries

[Opportunist]

I call them an "OSI layer 8 security risk".

Re:

[malkavian]

Wish I had points to mod that funny, informative and insightful simultaneously.

Good!

[Anonymous Coward]

I hope whoever did this grabbed all documents they could find and will be putting them on WikiLeaks or whatever. This is the only way we'll ever see any kind of transparency in EU goverment.

idiots

[Anonymous Coward]

I cant believe all the half ass comments here for a tech discussion. This is going on with a broader spectrum. Shame on /. and shame on this userbase. Amazing how some are unwilling to connect the dots, and submit good journalism / editorials.

here an example: http://www.wired.com/threatlevel/2011/03/australian-pm-hacked/

br- an old reader

Verify?

[Ceriel Nosforit]

I can't trace the source of this news. TFA mentions "an official", but who and where are a mystery. The websites of the EP and the EC make no mention of this.