Slashdot Mirror

← Back to Stories (view on slashdot.org)

European Parliament Computer Network Breached

Posted by CmdrTaco on from the breach-the-breach dept.

Orome1 writes "The computer network of the European Parliament has been targeted by a cyber attack that may or may not be linked to the attack against the European Commission and the External Action Service networks that took place a week ago. According to the Parliament's spokesmen, the attack was still ongoing yesterday morning and information technology services have put in place some security measures — such as blocking access to webmail."

17 of 47 comments (clear)

  1. Now they block access? by jhoegl · · Score: 4, Informative

    Webmail is one of the worst offenders in getting viruses. My brother works at a company that sells computer equipment and they had so many problems because their sales agents were clicking on all kinds of stupid shit in their personal email accounts.

    I always blocked personal email unless it was expressly allowed, and even then I told the user one issue and its turned off.

    I dont care if these are public officials. They want their public email, get it on their phones or somewhere else! I got shit to secure son!

    1. Re:Now they block access? by MrLint · · Score: 3, Insightful

      Heres a hint, don't let the user be admins. Then they can't brake out of their account.....

      and yes users are stupid. I had one guy who got a mail from USPS, about his Fedex tracking number on his expressmail delivery. He downloaded and opened and ran a zip file. When I asked him if he was expecting a delivery he said 'I dont know'.

    2. Re:Now they block access? by Opportunist · · Score: 2

      This is a good idea from a technical point of view. Until you get a boss that tells you in no uncertain terms ("do it or be fired") that he NEEDS admin access to his box.

      Now multiply that ego by a million and you are at a politician.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Now they block access? by AC-x · · Score: 2

      Heres a hint, don't let the user be admins. Then they can't brake out of their account.....

      Except in cases of privilege escalation exploits, and there's plenty of snooping that can be done by a program running under a user's context. I'm pretty sure most large corporate networks have all their non-techy users locked down, but that doesn't mean people can't still hack in through a non-admin account.

    4. Re:Now they block access? by malkavian · · Score: 2

      Deceleration doesn't affect computer security. That aside, users aren't stupid (in the main). They just aren't entirely sure what a computer will or won't do. The same as I'm not quite so sure I could do the job my system users perform (i.e. surgery, anaesthetics, haematology etc.). Part of my job is to make sure they're as safe as they can be in doing their job, while still allowing them to do it.
      There are so many infection vectors (compromised web sites, including the occasional high profile one, webmail, mail that makes it past the filters for the local mail servers etc.) that to blame it all on "stupid users" is completely unfair, unwarranted, and incorrect.
      Lack of admin on a machine doesn't mean that nothing can be done. After all, what's a crack from outside your site? Oh, can't be done because they don't have admin when they start looking? Course it can. Cracking is all about privilege escalation, just having someone execute something from an existing shell cuts out a lot of the hard work.
      As the the guy with the tracking number.. Wouldn't be the first time that an old 'lost' parcel got unearthed, and I've heard from the courier that there's new activity.. "I don't know" to the question of whether he's expecting a delivery is absolutely correct. You don't know 'till you look. However, to know to look safely, you need to know more about computers. That's where your training hat comes in (you have trained your users how to look for extensions on files, and what they mean, haven't you? That should be a basic security point. You've told them what these files do, right? If not, that's your problem as the professing expert, rather than theirs as users who rely on you to do what they know how to do).

    5. Re:Now they block access? by jhoegl · · Score: 3, Insightful

      You assume the user cares, and would listen to you.

      You assume wrong.

    6. Re:Now they block access? by Qzukk · · Score: 2

      A politician has no hire-and-fire control over staff outside of politics, even if they have that power at all (which I wouldn't think they do).

      Oh no, of course not, he could never fire you. Of course, it would be a shame if the department's budget was cut to $10. Of course, the politician would probably want to run that by your boss and get his input on the matter, to make sure the right cuts were being made.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    7. Re:Now they block access? by KhabaLox · · Score: 2

      It seems to me there was a government sys admin in San Francisco that stood up to his bosses and ended up in jail. OK, so not exactly the same situation, but still....

      --
      Ceci n'est pas un sig.
    8. Re:Now they block access? by EvilAlphonso · · Score: 2

      The article isn't very clear but, having worked there, webmail would probably refer to Outlook Web Access...

    9. Re:Now they block access? by GameboyRMH · · Score: 2

      But shouldn't Win7 and no admin rights go a long ways towards negating these types of malware?

      That keeps it from rooting the system, but a virus can still run with the user's privileges.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
  2. Hacker Skill by Ancantus · · Score: 2, Funny

    'This is not a couple of teenage boys hacking into the [EU] institutions,' said an official.

    But it could be the work of a person with the skills of 1,000 hackers.

    --
    Violence is the last refuge of the incompetent. -- Isaac Asimov
    1. Re:Hacker Skill by fuzzyfuzzyfungus · · Score: 3, Insightful

      Yup. It would be embarrassing if it were a couple of teenagers breaking in, therefore it is not a couple of teenagers breaking in.

      Perhaps it is the same mysterious "Advanced Persistent Threat" that hit RSA a little while ago...

  3. I Blame the Secreteries by jimmerz28 · · Score: 2

    I'd venture a guess that a lot of the secretaries are on coupon websites. Downloading and allowing god knows what to run.

    1. Re:I Blame the Secreteries by kvvbassboy · · Score: 2

      Even if this was true, the sysadmin, whether Windows or Linux, wouldn't have provided permission to just run something with write-access to root. I am sure it would have been more sophisticated than that.

    2. Re:I Blame the Secreteries by Opportunist · · Score: 2

      Most likely he has, because most likely he was told to.

      I worked for a while for politicians. If you think your boss has an ego that needs its own office, you never worked for one. OF COURSE he, his secretary and his dog need admin privileges. How dare you expect to be allowed to do more on the computer than him?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:I Blame the Secreteries by Opportunist · · Score: 5, Funny

      I call them an "OSI layer 8 security risk".

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:I Blame the Secreteries by malkavian · · Score: 2

      Wish I had points to mod that funny, informative and insightful simultaneously.