14 MEPs emails intercepted by a hacker, thanks to Microsoft’s tech and lack of education

The French news paper Mediapart published a long article today, explaining how a hacker got access to private and professional communications of 14 MEPs using basic tech and a flaw in Microsoft Active Sync. Targeted people accepted a rogue certificate, enabling a man-in-the-middle attack.

A few comments:

  • the attack was partly caused by the Parliament’s technology, (it is relying on proprietary technology, denying people the possibility to use encryption they trust) but also on the lack of understanding of how technology works.
  • IT should be empowering. Betters (Free) tools are good, but a great deal of education is needed too…

The whole operation aimed at stressing the lack of awareness about IT security before the European elections, and making it an issue.

Mediapart quotes him:
“On one side we have citizens who know almost nothing of what is happening behind the scene in those institutions, links between political and economical powers.. on the other side, almost omniscient intelligence services can, thanks to their spying, decide the future of a political figure or influence decisions.”

The hacker said “I have the impression to see puppets, I wanted to shake them, to raise awareness.”

A big part of the article deals with security flaws in Microsoft’s products, unfair tenders in Europe and aggressive lobbying. The last section is about Free Software, with quotes from the two French associations promoting it: April and Aful.

The article finished with quotes from the very pro-Free Software French MP Isabelle Attard, stressing the absolute lack of understanding and interest of MPs for digital issues altogether.

I hope this great article will make it into international press

–> mediapart is an investigation online newspaper. Articles are not accessible without subscription. If you are interested by the full text, it seems that I can “offer” you the article thanks to my subscription, please ask.