The European Parliament has resumed normal email service following a suspected cyberattack.
An attack on the Parliament’s systems is thought to have begun on March 24, two days after the European Commission and the European Union’s External Action Service detected a sustained and targeted cyberattack on their own systems.
“Following the attack on the Commission, our IT services started looking very hard at our own system. They noticed that there were abnormal levels of webmail activity, particularly overnight, when we wouldn’t expect such activity,” he said.
As a precaution webmail and some other external services were shut down and staff were told on Monday to change their passwords while an investigation was carried out. “The results of that investigation show that nothing was compromised, there was no massive, organized attack on Parliament’s systems. No malware was found, and, as I said, there was a non-malicious explanation for the unexpected level of traffic to our webmail system. So the steps taken have largely been precautionary,” said the spokesman. “The scale of the actual hacking problem was not dissimilar to that faced by any large organization. The high levels of activity we were seeing were due to the way in which some mobile devices connect to our webmail.”
The Parliament’s IT services are still monitoring the situation and a limited suspension of webmail access will continue between 1 a.m. and 6 a.m. for at least the next few days. The Parliament and the Commission run on totally separate networks and it seems unlikely that the two attacks were linked given the differences in scale and focus. There is still concern that professional, systematic hackers with a clear agenda are behind the Commission attack but this is not the case in the Parliament.
A separate e-mail problem in Parliament on Wednesday brought the e-mail system to a halt for three hours. The spokesman said that this was nothing to do with any attack and was simply a glitch that has now been fixed.
A few issues were discovered in the process of the investigation that still need to be followed up, but these are relatively minor, such as evidence suggesting a few individual home PCs were infected in one way or another.
Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com.