View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 11, 2022updated 07 Jul 2022 9:10am

European Commission officials targeted by spyware

Alleged spyware attack on European Commission officials shows the failings of conventional cybersecurity defences.

By Claudia Glover

At least five officials at the European Commission were targeted by spyware last year, according to a report by news agency Reuters. The alleged breach reveals the failings of conventional cybersecurity defences, experts told Tech Monitor, and bolsters the argument for spyware to be regulated like military technology.

European Commission spyware
Security researchers claim NSO Group’s ForcedEntry program was used to target EC officials. (Photo by
Menahem Kahana/Getty Images)

Former European Justice Commissioner Didier Reynders and at least four other Brussels-based officials were targeted using spyware, news agency Reuters reported today.

The officials were alerted to the breach in November last year, when Apple sent a mass alert warning thousands of users that they may have been “targeted by a state-sponsored attack”.

Security researchers have said that the affected individuals were targeted between February and November last year allegedly using a tool called ForcedEntry from Israeli spyware vendor NSO Group. It is not yet known who was behind the attempted breach or whether it was successful.

NSO Group denies that its software was used in the breach.

Earlier this year, the European Parliament launched an enquiry into spyware, after reports alleged that Pegasus – another product from NSO Group – had been used to spy on government critics in Poland and Hungary. The enquiry will examine “existing national laws regulating surveillance, and whether Pegasus spyware was used for political purposes against, for example, journalists, politicians and lawyers,” it said.

European Commission breach: can spyware be controlled?

Traditional cybersecurity measures are insufficient to defend against spyware, says Etay Maor, senior director of security strategy at Cato Network. “This is a highly targeted, highly sophisticated military-grade tool,” he says. “This is on the same level as a nation-state attack. It’s going to be extremely hard to stop it using conventional tools and conventional security methodology.”

Instead, spyware should be regulated like military technology, he argues. “You can’t build a tank and not let anybody know about it or even get the materials for it,” he says. Spyware vendors are “modern arms dealers … and there should be heavy regulation around them”.

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

International treaties may also be required, Maor argues. “We have the Geneva Convention so you’re not allowed to torture people. There should be things like this around cyber as well.”

Until then, anyone handling politically sensitive information should be careful in their use of technology, Moar says. “Officials in certain positions and, unfortunately, those journalists reporting on certain topics will have to think how they use the technology and what it means in terms of how it can be used against them.”

Max Heinemeyer, VP of cyber innovation at security company Darktrace, argues that AI-powered cybersecurity could defend against spyware.

“Whether it’s today’s issue with NSO’s targeted spyware, yesterday’s supply chain attacks or the exploitation of Log4j vulnerabilities, what we know is that humans can’t anticipate what tomorrow’s threat will look like,” he says. “We must stop chasing after the latest threats and instead use AI to understand the organisation, so that novel attacks can be mitigated against no matter where they come from.”

Read more: Spyware threatens both human rights and cybersecurity

Topics in this article: ,
Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU