Commission orders shutdown of EU officials’ Signal chat over hacking fears

The European Commission has instructed several of its most senior officials to shut down a group chat on the encrypted messaging app Signal amid concerns it could be targeted by hackers, according to officials familiar with the matter.

Department chiefs and deputy chiefs were members of the group, three Commission officials told POLITICO. The decision comes as the European Union faces a series of espionage allegations and cybersecurity incidents. Last week, the Commission said it was investigating a cyberattack on its websites.

“Cyber operations” are “increasing in quality and quantity” including from both data-hungry criminals and foreign governments, said Sven Herpig, a cybersecurity and emerging threats researcher at German think tank Interface. “Politicians and political parties have always been targeted” by spies and snoops, he added.

Two officials said the Commission became aware of the group chat last month and asked members to delete it over fears they could be targeted by hackers. One official said there was no evidence that any member of the group had been intercepted, but the order to stop using the chat was issued due to increasing security concerns about messaging apps within the institution.

The move follows another security incident last month, when a private telephone conversation between a reporter from POLITICO and an EU official was intercepted and published online.

Three officials, speaking on condition of anonymity due to the sensitivity of the issue, confirmed that members of commissioners’ cabinets and other senior bureaucrats had received messages asking them to enter their Signal PIN codes, which were identified as phishing attempts.

According to two officials, users of WhatsApp have also been targeted, although attempted hacks have recently been more common on Signal.

The Commission’s official guidance advises employees to avoid WhatsApp and instead use Signal, which cybersecurity experts generally regard as more secure.

Separately, the Commission said on March 27 that it was investigating a cyberattack on its websites, with early findings suggesting that some data may have been stolen. In January, the institution reported evidence of a cyberattack on the technical infrastructure used to manage its mobile devices, which “may have resulted” in hackers gaining access to staff names and mobile numbers.

By Sabina Mammadli