In early August, hackers attacked Prime Minister Alexander De Croo’s chancellery. The incident was quickly tracked down. Microsoft switched to systems analysis, which cost € 315,000.
The Prime Minister’s Chancellery is a hub in Internet traffic for all kinds of government services, making the computers there attractive for attacks. Among other things, the access data of all 48,000 police officers are managed, as well as those of various cabinets, the Higher Finance Council, the Foreign Trade Agency and other services. Between August 8 and 10, alarms went off in the detection systems on that network because of them had detected a hack. As a result of the hack, everyone whose data is controlled by the registry had to change their passwords via Active Directory.
“Measures were quickly taken to protect the systems,” Prime Minister De Croo answered a series of questions on Belgian cybersecurity this afternoon. “The judicial investigation will have to show whether the suspects can be identified.”
Replacement of Huawei smartphones
Few details have been released about the attack itself. When the hack went public in late August, it looked like no data had been stolen. The Federal Prosecutor’s Office is conducting an investigation. ‘For the management of the incident, there was a collaboration with the Center for Cyber Security Belgium (CCB). “Microsoft’s frontline support and Microsoft DART (Detection and Response Team) were also used to analyze the entire infrastructure. That intervention cost € 315,000. Other interventions are part of the existing cooperation contracts. ‘
De Croo also stressed that a lot is being invested in cybersecurity. ‘Just to be clear, the stationery does not use Chinese or Russian products. A limited number of Huawei smartphones (Chinese origin van, red.) has been replaced in the meantime. ‘
Defense and Home Affairs are also attacked
The attack on the chancellery was the third attack on government services in more than a year. In May 2021 it seemed that Chinese hackers had penetrated the Interior network, in December it was the case of the Defense. For the first time, there was also a “diplomatic attribution” to those incidents. In doing so, the Ministry of Foreign Affairs appoints a manager without final jurisdictional clarity. This attribution took place in July.
“We did it on the basis of technical indications, intelligence at our disposal and geopolitical factors,” said De Croo. “For security reasons, I can’t go into all the details. We urged the Chinese authorities to take action against malicious cyber activities by Chinese actors. That was an obvious clue. In a public response, the Chinese embassy expressed its dissatisfaction with our statement and asked for concrete evidence to be provided. “
First position in the EU
Despite these three hacks, Belgium is considered the least vulnerable EU country in terms of cybersecurity. For about four months, our country has been at the top of the Bitsight ranking, an American company that measures the number of attacks, vulnerable and infected systems. De Croo attributes this leading position to the targeted warnings of the BCC. From July to September, he sent over a thousand notices to companies and organizations responsible for “essential services and critical infrastructure”, such as energy, transportation, finance and clean water.
