The entire computer system of the federal home affairs ministry was subject to a full, complicated cyber-attack as far back as April 2019, with all fingers pointing to China, according to De Standaard.
Unlike many other cyber-attacks, this one was clearly aimed at the collection of information rather than money. The ministry is one of the central links in Belgium’s whole system of government, in charge of the population register, election management, police databases, crisis management and so on.
When the break-in was first detected, it was flagged as a ‘national crisis,’ forcing other government departments to strengthen their defences in connection with the ministry. But the news was never made public.
Meanwhile, a complaint was made to the prosecutor’s office, and an investigating magistrate appointed.
The hack appears to be connected to the so-called Hafnium affair, which involved exploiting a security weakness in the Microsoft Exchange system, which organises mail traffic within large organisations. Once a hacker gets into Exchange, the possibilities are endless.
The Hafnium affair, described as ‘very complicated and advanced’ was a story of computer systems worldwide, and all fingers pointed towards a nation state origin, most likely China. The Belgian hack is just one of many worldwide.
To make matters worse, the revelation of the Hafnium attack aroused non-state hackers to seek out the weaknesses exploited for themselves, for their own purposes. Imagine the possibilities for identity theft of having access to population registers.
Microsoft explained how it worked.
“For starters, they gain access to an Exchange server with stolen passwords or through vulnerabilities that are not yet known,” the company said at the time.
“So they pretend to be someone who can access that server. Then they create a so-called web shell to remotely control the compromised server. And then they use that remote access to steal data from an organisation’s network.”
According to the Centre for Cyber-Security Belgium (CCB), the first traces of intruders in the home affairs ministry system date back to April 2019, fully two years ago.
“In March 2021, CCB cyber experts found traces of suspicious manipulation dating back to April 2019,” the centre told the RTBF.
“This is a very complex attack, for which hackers have resorted to techniques specifically designed to infiltrate a network undetected and to remain there as long as possible. The complexity of this attack indicates that this is an advanced and proficient attacker with extensive cyber capabilities, probably used for espionage purposes.”
The ministry has assured that the leaks have been plugged and the system is now fully secure, but what of the information that may have been stolen in the meantime?