Europol blocks its own forum after successful break-in
The European police authority has taken its "Europol for Experts" service offline. Previously, it had offered strategy papers, among other things.
For days, the EFE part of Europol has only displayed this maintenance message.
(Image: Europol, Screenshot und Bearbeitung: heise online)
The "Europol for Experts" (EPE) forum has been unavailable since at least Friday of this week. The website displays a static message, including the authority's logo, stating that the system is in maintenance mode. This situation persisted throughout the weekend and remained unchanged late Sunday afternoon.
The shutdown of the service was preceded by prolonged unauthorized access by an actor, as Europol confirmed to the Bleeping Computer portal. However, the authority stated that no "data on operations" had been stolen. In law enforcement jargon, this usually refers to details of investigations.
Several thousand members
It is not surprising that Europol is playing down the facts here, as EPE is a type of discussion forum with closed user groups in which various authorities discuss strategies, among other things. According to Bleeping Computer, one EPE sub-forum alone is said to have had around 6000 members, not only from Europe but also from private companies.
Videos by heise
According to a report in Der Spiegel, only EPE administrators can activate new members. It therefore seems crucial to clarify the incident whether the unauthorized access was due to a technical gap or human error. However, there is no information on this so far.
However, the intentions of the person or persons behind the unauthorized intrusion seem clear - at least if one is to believe information in a well-known forum for data theft and other illegal online activities. There, a person with the pseudonym "IntelBroker" offered data for sale over the weekend that was said to originate from EPE. On Sunday afternoon, a note can be found there stating that they had been sold. As always when dealing with cyber criminals, such information should be treated with great caution.
Manuals for procedures published by Interpol
The procedure for such data thefts, which are to be turned into money in the form of cryptocurrency, also includes the publication of samples. The samples shown in the gangster marketplace are said to include a manual for the confiscation of intangible assets. According to the data, it dates back to 2020 and instructions on how to reach the highly secretive messenger service Telegram "in an emergency" were also offered for sale. Many of the documents in the offers are marked as "FOUO", which at Europol stands for "for official use only", i.e. only intended for official use.
The suspected actor "IntelBroker", who offered the Europol data for sale, has recently appeared repeatedly as a data fence, and his motivation is likely to be primarily money. Only recently, he offered alleged information from a British army accounting system. However, the cloud provider Zscaler, which is affected by the incident, stated that it was only largely worthless data from a test system. In both cases, the digital intrusion at the British Army and at Europol, final investigations or comprehensive statements from the victim organizations are still pending.
(nie)
