Cyber security expert urges the Vatican to strengthen Internet defenses
A cyber security expert urged the Vatican to take immediate action to strengthen its defenses against hackers.
Andrew Jenkinson, CEO of Cybersec Innovation Partners (CIP) group in London, told CNA that he contacted the Vatican in July to express concern about its vulnerability to cyber attacks.
He said he has not received a response to date, despite making several further attempts to raise the issue with the appropriate Vatican office.
The British cybersecurity consultancy approached the Vatican following reports in July that suspected state-sponsored Chinese hackers had targeted Vatican computer networks. CIP offered its services to address the vulnerabilities.
In a July 31 email to the Vatican City State Gendarmerie Corps, seen by CNA, Jenkinson suggested that the breach may have occurred through one of the Vatican's many subdomains.
Vatican City has an extensive system of websites administered by the Internet Office of the Holy See and organized under the top level domain of the “.va” country code. The Vatican's web presence has grown steadily since it launched its main website, www.vatican.va, in 1995.
Jenkinson sent follow-up emails in August and October, emphasizing the urgency to address weaknesses in the Vatican's cyber defenses. He noted that www.vatican.va remained "unsafe" months after the breach was reported. He also tried to contact the Vatican through intermediaries.
The gendarmerie corps confirmed on November 14 that they had received the information sent by Jenkinson. His command office told CNA that his concerns "have been duly considered and passed on, as far as they are concerned, to the offices managing the website in question."
A report, released on July 28, claims that hackers hacked Vatican websites in an effort to give China an edge in negotiations to renew a provisional agreement with the Holy See.
The researchers claimed to have discovered "a cyber espionage campaign attributed to a suspected group of Chinese state-sponsored threat activity," which they called RedDelta.
The study was compiled by the Insikt Group, the research arm of the US-based cybersecurity company Recorded Future.
In a follow-up analysis, published on Sept. 15, the Insikt Group said hackers had continued to focus on the Vatican and other Catholic organizations, even after their activities were publicized in July.
It noted that RedDelta ceased its operations immediately after the publication of its initial report.
"However, this was short lived and, within 10 days, the group returned to target the mail server of the Catholic Diocese of Hong Kong and, within 14 days, a Vatican mail server," he said.
"This is indicative of RedDelta's persistence in maintaining access to these environments to gather information, in addition to the group's aforementioned risk tolerance."
Hackers have often targeted the Vatican since it first went online. In 2012, the hacker group Anonymous briefly blocked access to www.vatican.va and disabled other sites, including those of the Vatican secretariat of state and the Vatican newspaper L'Osservatore Romano.
Jenkinson told CNA that the Vatican had no time to waste strengthening its defenses because the coronavirus crisis had created "a perfect storm for cybercriminals," with organizations more dependent than ever on Internet donations.
“Within a week of the Vatican's latest violation, we undertook a search of some of their Internet-related sites. Websites are like a digital gateway to the masses and are accessible globally. There has never been a better time for cybercriminals to launch attacks and a worse time for organizations to be insecure, "he said.