Chill, it's not WikiLeaks 2: Pile of EU diplomatic cables nicked by hackers

Spotted by infosec startup Area 1, according to NYT

The New York Times has published what it says are excerpts from hacked EU diplomatic cables that a cybersecurity company apparently made available to reporters.

The US newspaper said 1,100 diplomatic cables were handed to it by infosec startup Area 1, which it described as "a firm founded by three former officials of the National Security Agency".

Last time the NSA was in the news in connection with hacking of state secrets was when its former sysadmin contractor, Edward Snowden, revealed the American state agency's ongoing mission to compromise the world's internet communications.

According to the newspaper, the cables were posted online in plain text by hackers who successfully phished diplomats in Cyprus, discovering passwords that let them into a low-level EU database of diplomatic messages and cables.

Though the NYT quoted Area 1 researcher Blake Darche as attributing the hack to "the Chinese government", later drilling this down to "the Strategic Support Force of the People's Liberation Army", the question of attribution (ie, "who should we blame for this?") is a thorny one. Usually, the main method of attribution is to study the attack methodology and code used, which can reveal similarities with known previous attacks. State-sponsored hackers, however, have grown adept at borrowing each other's techniques to deflect blame.

A selection of the cables was released online by the NYT as a carefully sanitised PDF. They did not appear to contain anything of immediate interest from the UK point of view, consisting mostly of summaries of diplomatic meetings that appeared to have been circulated around personnel of the European External Action Service, the EU's quasi-national diplomatic corps.

In brief:

  • Afghanistan is unstable and produces lots of drugs, which means the US, Russia and the EU broadly agree that peace is needed in the region.
  • Everyone agrees sanctions should remain on North Korea until it drops its nuclear programme.
  • China's desire to claim the South China Sea as its own territory, in violation of international treaties, is being thwarted by US, British and French warships patrolling the area.
  • Routine visits and trade negotiations between countries and political blocs are largely continuing as they always have done.

As a rather red-faced NYT admitted, the hack "also revealed the huge appetite by hackers to sweep up even the most obscure details of international negotiations".

The EU Council issued a meaningless statement that failed to answer the question of whether the leak was genuine, merely saying it was "aware" of "allegations" and "does not comment" on them.

Quoting the usual nameless sources, the American newspaper also said that the EU "had been warned, repeatedly", by Americans, "that its ageing communications system was highly vulnerable to hacking by China, Russia, Iran and other states". This, it claimed, was usually shrugged off.

The Register is yet to speak to Area 1 about its discoveries and will have a more infosec-focused analysis of the breach online soon. ®

Sponsored: Becoming a Pragmatic Security Leader




Biting the hand that feeds IT © 1998–2019