Romania’s Parliament Servers were attacked on Monday, January 29, and hackers stole 250 GB of data. The secret documents hosted on the vulnerable servers included the ID Cards of Romania’s Prime Minister Marcel Ciolacu and other politicians, contracts, internal communication and secret documents.
A few documents have already been published on the Dark Web, and the hackers asked for a ransom of 0.8 BTC, around USD 40,000.
The Romanian Anti-Terrorism prosecutors started an official investigation on Tuesday, January 30. Local media has immediately connected the cyberattack to the upcoming elections; in 2024, Romanians will vote for their president, their mayors, their members of the National Parliament and their members of the European Parliament. Yet, no official communication linked the attack to any state or private group.
The security breach is only the last one in a country famous for the intrusive methods of state institutions in the life of the citizens. Now, the roles have reversed, and the institutions’ representatives feel what it is like to have their data stolen.
Previous security breaches occurred in other Romanian state institutions, such as ministries or agencies, as the one in April 2022 against some ministries or the one in October 2023 against Romanian media, both from Russian hackers. Still, it has never been such a significant data theft or a crucial institution.
The security breach proves the lack of proactive measures by those who were supposed to take them. Among the responsible agencies and departments are the Chamber of Deputies’ IT Department, the STS – Romanian Service for Special Communication, the Cyberint – the Cyber Security Unit within the Romanian Intelligence Service and the DNSC – the Romanian Department for Cyber Security. All these state departments are responsible for applying all the necessary proactive measures to prevent such a cyberattack. They all have failed.
It might be just another ransomware, but it is not. Romania is the country hosting the European Cybersecurity Competence Centre – ECCC. From this perspective, the cyber-attacks only let the Europeans know their data is at risk at any moment.
On the other hand, Romania is also the country of Bitdefender, one of the giants in cybersecurity. The tech company warned Romanian authorities about the risks associated with how state institutions keep their data.
Russian? North Koreans? Individual hackers operating on their own? Who asks for 0.8 BTC as ransom after creating a security breach in the country’s Parliament servers? These are some of the questions the prosecutors, the investigators and the intelligence officers have to answer.
Meanwhile, journalists are free to speculate and to push different scenarios to the public. The truth is yet to be revealed in this case, if ever.