Hacked European diplomatic cables reveal a world of anxiety about Trump, Russia and Iran

Unlike WikiLeaks in 2010 or the Russian hack of the Democratic National Committee and other Democratic Party leaders in 2016, the cyber attack on the European Union made no effort to publish the stolen material.
Unlike WikiLeaks in 2010 or the Russian hack of the Democratic National Committee and other Democratic Party leaders in 2016, the cyber attack on the European Union made no effort to publish the stolen material.PHOTO: REUTERS

WASHINGTON (NYTIMES) - Hackers infiltrated the European Union's diplomatic communications network for years, downloading thousands of cables that reveal concerns about an unpredictable Trump administration and struggles to deal with Russia, China and the risk that Iran would revive its nuclear programme.

In one cable, European diplomats described a meeting between United States President Donald Trump and Russian President Vladimir Putin in Helsinki as "successful (at least for Putin)".

Another cable, written after a July 16 meeting, relayed a detailed report and analysis of a discussion between European officials and Chinese President Xi Jinping, who was quoted comparing Mr Trump's bullying of Beijing to a "no-rules freestyle boxing match".

The techniques that the hackers deployed over a three-year period resembled those long used by an elite unit of China's People's Liberation Army. The cables were copied from the secure network and posted to an open Internet site that the hackers set up in the course of their attack, according to Area 1, the firm that discovered the breach.

Area 1 made more than 1,100 of the hacked European Union cables available to The New York Times. The White House National Security Council did not have an immediate comment on Tuesday (Dec 18).

The compromised material provides insight into Europe's struggle to understand the political turmoil engulfing three continents. It includes memorandums of conversations with leaders in Saudi Arabia, Israel and other countries that were shared across the EU.

But it also revealed the huge appetite by hackers to sweep up even the most obscure details of international negotiations.


The cyber intruders also infiltrated the networks of the United Nations, the biggest American labour union AFL-CIO, and ministries of foreign affairs and finance worldwide. The hack of the AFL-CIO focused on issues surrounding the negotiations over the Trans-Pacific Partnership, a trade deal that excluded Beijing.

Some of the UN materials focus on months in 2016, when North Korea was actively launching missiles, and appear to include references to private meetings of the world body's secretary-general and his deputies with Asian leaders.

Some of the more than 100 organisations and institutions were targeted years ago. But many were not aware of the breach until a few days ago, when some were alerted by Area 1, a firm founded by three former officials of the National Security Agency.

The cables include extensive reports by European diplomats of Russia's moves to undermine Ukraine, including a warning on Feb 8 that Crimea, which Moscow annexed four years ago, had been turned into a "hot-zone where nuclear warheads might have already been deployed". US officials say they have not seen evidence yet of nuclear warheads in Crimea.

The European diplomats' account of their private meeting in July with Mr Xi quoted the Chinese President as vowing that his country "would not submit to bullying" from the US, "even if a trade war hurts everybody".

"China was not a backward country anymore," the European note taker described Mr Xi as saying.

In their conversations with US officials after the Helsinki meeting, European diplomats described efforts by the White House to engage in damage control after Mr Trump went off-script during a joint news conference with Mr Putin.

Mr Trump appeared to agree to allow Russians to question former US diplomats in exchange for the US interrogation of Russians who had been indicted by Special Counsel Robert Mueller. According to a July 20 document describing their private exchanges, White House officials assured the Europeans that Mr Trump's agreement would be "nipped down" to prevent the questioning of Americans.

A March 7 cable summarised the difficulties in relations between the US and the EU that had developed during the Trump administration. In it, a senior European official in Washington spoke of "messaging efforts" to deal "with the negative attitude to the EU in the beginning, which had created a lot of insecurity".

The official, Ms Caroline Vicini, deputy head of the EU mission in Washington, recommended that diplomats from the 28 member nations describe the US as "our most important partner", even as it stood up to Mr Trump "in areas where we disagreed with the US (eg, on climate, trade, Iran nuclear deal)".

The cable also recommended working around Mr Trump by dealing directly with Congress, and urged European diplomats in Washington to emphasise member state interest when pushing on a host of issues, including trade, renewable energy and Brexit. A spokesman for the EU's office in Washington declined to comment on Tuesday.

The trove of European cables is reminiscent of the WikiLeaks publication of 250,000 State Department cables in 2010. But they are not as extensive and consist of low-level classified documents that were labelled limited and restricted.

The more secretive communications - including a level known as "tres secret" - were kept on a separate system that is being upgraded and replaced, according to European officials. And cables that focused on decisions about world powers' 2015 nuclear deal with Iran - from which Mr Trump withdrew the US in May - are walled off from the Internet in an entirely different system.

Unlike WikiLeaks in 2010 or the Russian hack of the Democratic National Committee and other Democratic Party leaders in 2016, the cyber attack on the European Union made no effort to publish the stolen material. Instead, it was a matter of pure espionage, said one former senior intelligence official familiar with the issue who spoke on the condition of anonymity.

It also displayed the remarkably poor protection of routine exchanges among EU officials after years of embarrassing government leaks around the world.

In this case, the cables were exposed after a run-of-the-mill "phishing" campaign aimed at diplomats in Cyprus pierced the island nation's systems, said Mr Oren Falkowitz, chief executive of Area 1.

"People talk about sophisticated hackers, but there was nothing really sophisticated about this," Mr Falkowitz said. After getting into the Cyprus system, the hackers had access to passwords that were needed to connect to the EU's entire database of exchanges.

Area 1's investigators said they believed the hackers worked for the Strategic Support Force of the PLA, part of an organisation that emerged from the Chinese signals intelligence agency that was once called 3PLA.

"After over a decade of experience countering Chinese cyber operations and extensive technical analysis, there is no doubt this campaign is connected to the Chinese government," said Mr Blake Darche, one of Area 1's experts.

The Chinese Embassy in Washington did not return calls for comment on Tuesday.

After burrowing into the European network, called COREU (or Courtesy), the hackers had the run of communications linking the EU's 28 countries, on topics ranging from trade and tariffs to terrorism to summaries of summit meetings, from the vital to the insignificant.

Many of the reports were the ordinary business of diplomacy - weekly reports from missions from places like Kosovo, Serbia, Albania, Russia, China, Ukraine and Washington, and included descriptions of conversations with leaders and other diplomats or visits to non-European countries.

Among the cables were requests for authorisation to finance exports to Iran, as well as details of efforts throughout 2018 to continue economic arrangements that might entice Teheran to comply with the terms of the 2015 nuclear agreement's terms, even after Mr Trump abandoned it.

There was also an inquiry about whether to allow Mr Dmitry O. Rogozin, a former Russian deputy foreign minister who had called for the annexation of Crimea, to travel to Austria for an international meeting on "the peaceful uses of outer space". At the time, Mr Rogozin was under European financial sanctions.

There was much analysis in the cables of foreign policy and of Europe's strategies on issues of trade, counter-terrorism, migration and enlargement that could be picked apart by China and other countries looking for an advantage.

Asked about the hack on Tuesday, the National Security Agency said it was still examining the discovery of the European trove. But the former senior intelligence official said that the EU had been warned, repeatedly, that its ageing communications system was highly vulnerable to hacking by China, Russia, Iran and other states.

The official said the warnings were usually received with a shrug.

European officials said they are now trying to overhaul their outdated and vulnerable networks - an expensive process in which technological improvements usually cannot protect against flawed human judgment. They insisted that confidential, secret and "tres secret" material is handled differently than the cables seized by the hackers and noted a new system, known as EC3IS, that is being developed to handle the more sensitive documents that are shared among the diplomats.

For communications in capitals like Moscow and Beijing, yet another network, known as Zeus, is being installed for delegations of member states.

The Europeans appear, belatedly, to be waking up to the threat. Its senior staff members increasingly use encrypted telephones, and isolated "speech rooms" are being installed in key posts. One such room is already used for a daily 8.30am meeting of senior staff, and another is in use in the European Council building in Brussels for intelligence briefings.

"Of course no security system is foolproof, and they must constantly be upgraded," one senior EU official said.