The Internet service and telecommunications provider to all the European Union’s official institutions was subjected to a malware attack that “no single company or authority could withstand on its own” the company’s secretary general admitted on Thursday.
Belgian company Belgacom counts the European Commission, the European Parliament, and the European Council among its customers.
Secretary general Dirk Lybaert and VP Geert Standaert of Belgacom told a special Parliamentary inquiry that Belgacom sounded the alarm when it discovered the malware in June. In July, results of an investigation showed a complex digital attack and previously unknown virus.
Standaert described the malware as “highly developed software” of the type that would normally only originate with a nation state. “The intruder had massive resources, sophisticated means and a steadfast intent to break into our network,” said Lybaert.
However the two also played down the impact of the attack, saying only internal Belgacom systems had been affected, and since the cleanup, no new viruses had been detected. They said that Belgacom has “no indications” the hacker was able to monitor phone calls and that the malware was not designed to destroy data.
A Dutch member of the European Parliament (MEP), Sophie In’t Veld, who was chairing the hearing, was incredulous. “Why would Belgacom internal systems be a target for a state? We’re talking about a massive, sophisticated attack. But all is fine because only internal systems are affected?,” she said.
Various press reports have suggested that the U.K.’s GCHQ (Government Communications Headquarters) was behind the hack. According to Belgian newspaper De Standaard the U.K. intelligence agency had conducted surveillance on Belgacom for at least two years.
German MEP Jan Philipp Albrecht said it was becoming increasingly clear that the GCHQ was behind the attack and pressed the Belgacom representatives to confirm this; however they refused to do so.
Standaert said that “at the moment Belgacom cannot confirm or deny allegations in press.” But he admitted that the company does not know how long the malware was in its system.
Belgacom referred the case to Belgian federal prosecutors who are currently investigating. Meanwhile the company is carrying out its own internal probe with the assistance of Hewlett-Packard, Microsoft, and FoxIT.