EU Commission bans top officials from using Signal groups

The EU Commission is cracking down harder on digital espionage. It has instructed its highest-ranking officials to immediately dissolve a central Signal group for internal communication. According to Politico, department heads and their deputies are primarily affected by this measure. The order stems from fears that the chat group may have become the target of targeted cyberattacks.

The Brussels government institution does not officially comment on internal security procedures. However, the move highlights the growing nervousness in Brussels in the face of a series of cyberattacks that have shaken EU institutions in recent times.

The decision was made according to the report after the Commission became aware of the group's existence last month and deemed the risk of compromise too high. While there is no evidence yet that communication has actually been intercepted, the threat situation has escalated. Just recently, a private phone call between a journalist and an EU official was intercepted and published. Insiders also report sophisticated phishing attempts. These were intended to trick cabinet members into revealing their Signal PIN codes, thus causing them to lose control of their accounts.

When Encryption Reaches Its Limits

Sven Herpig from the think tank Interface warns that the quality of state-controlled cyber operations is constantly increasing. While Signal is still considered one of the most secure options, security ends when the end device itself is compromised. If an attacker gains control of the smartphone, even the best end-to-end encryption is of little use: chats and images can then be read directly on the device. However, Herpig emphasizes that there are currently few better alternatives to encrypted messengers like Signal or Threema.

Commercial messengers are actually designed for private use. Matthew Hodgson of the messenger service Element complains that basic functions for authorities are missing. For example, there is no central user management to automatically remove employees from all groups when they leave the service. Furthermore, there are no secure authentication interfaces, as are common in state IT infrastructures. The fatal consequences of such deficits were demonstrated, for example, by the “Signal Gate”. In this incident, a journalist ended up in a group where high-ranking US politicians were discussing military strikes.

The Commission is now reacting with stricter IT guidelines and regular checks of employee hardware. At the same time, investigations are underway into an attack on its websites, which strongly suggests data theft. As early as January, the technical infrastructure for managing mobile devices was attacked, giving unauthorized persons access to names and mobile numbers. Recently, Dutch authorities warned of a global campaign in which Russian cybercriminals are using fake Signal support bots to lure users into traps.

(wpl)