The order was given to department heads and their deputies, according to three European Commission officials familiar with the matter. The embargo comes as the EU grapples with a series of espionage attacks. The European Commission announced last week that it was investigating a cyberattack on its websites.
— There are more and more cyber operations. And they are becoming more and more refined. Their authors are both data-hungry criminals and foreign governments, says Sven Herpig, a researcher on cybersecurity and new threats at the German think tank Interface. “Politicians and political parties have always been targets of spies and intruders,” he adds.
The commission became aware of the group chat last month and asked its members to delete it, fearing they could be targeted by hackers
– inform two officials.
The article continues below the video
There is no evidence that any members of the group were intercepted, and the order to stop using the chat room was issued due to growing concerns about the security of the institution's messaging apps, one of them says. Last month, a private telephone conversation between a POLITICO reporter and an EU official was intercepted and published online.
Three Brussels officials admit that members of commissioners' cabinets and other senior officials received messages asking for their Signal PIN codes, which were identified as phishing attempts.
“Signal is quite secure, but if an attacker takes control of the phone, they can gain access to chats, including photos and all other data stored on the phone,” Herpig says. — If you want to communicate as a politician, as a parliamentarian, you have no better options.
Users of the messaging app WhatsApp have also been targeted, although hacking attempts have been more common on Signal recently, two officials say.
Changes after the last wave of attacks
The Commission's official guidance to its staff suggests that they should avoid WhatsApp and use Signal insteadwhich cybersecurity experts consider more secure.
— We do not comment on internal security practices. We take cybersecurity threats very seriously and have clear internal guidelines for our employees, explains the EC spokesman.
The institution is taking the latest wave of attacks seriouslyconducting comprehensive cybersecurity assessments and regularly replacing officials' phones and devices, say two EC officials.
The Commission is investigating a cyber attack on its websites, and preliminary findings indicate that some data was stolen, POLITICO learns. In January this year The commission announced that it had found it evidence of a cyber attack on technical infrastructurewhich he uses to manage mobile devices, which “could have resulted in” hackers gaining access to the names and mobile phone numbers of employees.
Signal hacking and vulnerabilities are not just a problem for the Commission. Last month, intelligence services in the Netherlands warned of a “large-scale global cyberattack campaign” in which Kremlin hackers impersonated the fake Signal tech support chatbot to trick officials into revealing app PIN codes. Similar warnings were issued by security services in France, Germany, Portugal and the UK.
“The best solutions you have right now are Signal, Threema, and to some extent WhatsApp,” emphasizes Interface's Herpig. Threema is an encrypted communication application developed in Switzerland.
Signal and WhatsApp lack features required for government communications, says Matthew Hodgson, CEO of Element, which has created the technology used by many European governments for secure communications applications. – You can't kick someone out of a WhatsApp group if they get fired from a government job. There is no single sign-on, no authentication-based access control. There is a single point of failure.
The use of Signal by government officials came into the spotlight last year after the editor-in-chief of US magazine The Atlantic was accidentally added to a Signal group chat attended by some of the most senior members of the US government, including Vice President J.D. Vance, and in which they were discussing detailed military plans – in a security breach dubbed Signalgate. The incident highlighted the extent to which commercial messaging applications have become integral to government operations.
I’m Ashley Davis as an editor, I’m committed to upholding the highest standards of integrity and accuracy in every piece we publish. My work is driven by curiosity, a passion for truth, and a belief that journalism plays a crucial role in shaping public discourse. I strive to tell stories that not only inform but also inspire action and conversation.
