Cyber security EU laptop and skull

View from Brussels: Spies in the building 

Image credit: European Union

The EU quarter of Brussels was rocked by news this week that one of its highest-ranking officials was allegedly the target of a spyware attack. It has put the spotlight back on cybersecurity failings and Europe’s weaknesses in the digital realm.

According to reporting by Reuters, the European Commissioner for justice was targeted last year by spyware designed by an Israeli surveillance firm. Other high-ranking staffers were also allegedly compromised.

Commission officials reportedly were made aware of a potential breach in November 2021, when Apple issued a warning notice. There have been no official confirmations regarding the attack, whether it was successful or what might have been compromised as a result.

Israeli firm NSO and its ForcedEntry spyware – which allows users to take remote control of smartphones – was allegedly the tool used. NSO denies that its product could have been used in this way.

Another NSO spyware tool, Pegasus, is the subject of a European Parliament committee that has been specially set up to investigate the scandal that it has unleashed. Work is due to begin later this month.

“These are very serious revelations. We need to get to the bottom of this. The parliamentary inquiry committee into the use of spyware in the EU will immediately investigate these new revelations,” said MEP Sophie in ‘t Veld, who is chairing that inquiry.

The Dutch lawmaker added that “we expect the Commission to conduct an internal investigation, and to duly inform the European Parliament. The other EU bodies must do the same. This is not a private matter; it touches the very integrity of EU democracy.”

Few details have emerged about whether the cyber attack was successful or who was behind it. That has not stopped EU-watchers from speculating about the matter.

The fact that Reynders is the head of justice policy and another target was reportedly a staff member in the team of Vera Jourova, a Czech vice-president of the Commission in charge of rule-of-law issues, has only added fuel to the fire.

Both the governments of Hungary and Poland have been found to have procured and used spyware and both are locked in an ugly spat over rule-of-law issues with the Commission.

Although more investigation is needed into whether there is a link between the two, Hungary and Poland have both admitted purchasing services from the surveillance firm in question but deny any wrongdoing linked to domestic espionage.

Other analysts have warned not to point the finger yet until a full inquiry has been held, citing Russia's ongoing aggression towards Ukraine and China's unpredictable foreign policy towards Europe as further factors.

It is certainly not the first time that communication tools have landed EU officials in hot water. Commission President Ursula von der Leyen was the subject of an inquiry over wiped phones dating back to her time as German defence minister.

The investigation focused on the use of external consultants.

Von der Leyen was also rapped earlier this year by the EU Ombudsman, who accused the president of maladministration in her dealings with the CEO of pharmaceutical giant Pfizer and the vaccine procurement period.

Journalists were reportedly denied access to text messages sent by von der Leyen during this time. The Commission has until the end of April to reply to the accusations.

All taken together, it shows that the EU institutions have significant security and transparency issues at the heart of its communication systems.

In a world more divided by geopolitical actors more than willing to deploy cyber warfare, Brussels has to get its act together quickly or risk becoming worryingly compromised.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles