Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Medicine EU Security

EU Agency in Charge of COVID-19 Vaccine Approval Says it Was Hacked (zdnet.com) 40

The European Medicines Agency (EMA), the EU regulatory body in charge of approving COVID-19 vaccines, said today it was the victim of a cyber-attack. From a report: In a short two-paragraph statement posted on its website today, the agency discloses the security breach but said it couldn't disclose any details about the intrusion due to an ongoing investigation. EMA is currently in the process of reviewing applications for two COVID-19 vaccines, one from US pharma giant Moderna, and a second developed in a collaboration between BioNTech and Pfizer. An EMA spokesperson did not return a request for comment seeking information if the attack targeted its vaccine approval process or if it was a financially-motivated attack like ransomware. Nonetheless, in a follow-up statement released on its own website, BioNTech said that "some documents relating to the regulatory submission for Pfizer and BioNTech's COVID-19 vaccine candidate, BNT162b2, which has been stored on an EMA server, had been unlawfully accessed" during the attack, confirming that COVID-19 research was most likely the target of the attack.
This discussion has been archived. No new comments can be posted.

EU Agency in Charge of COVID-19 Vaccine Approval Says it Was Hacked

Comments Filter:
  • by gweihir ( 88907 ) on Wednesday December 09, 2020 @04:58PM (#60813586)

    And I mean hunt them down and lock them up for a long, long time. Hacking regular companies is one thing, but hacking hospitals, elements of the vaccine-system, etc. is directly and willfully killing people.

    • Bring back dead-or-alive bounties for these terrorists.

    • Time to treat these people as terrorists

      Terrorism is "the systematic use of terror especially as a means of coercion". This isn't terrorism, this is just petty extortion.

      Hacking regular companies is one thing, but hacking hospitals, elements of the vaccine-system is directly and willfully killing people.

      They rarely know what their target machines are actually used for so saying this is willfully killing people is a huge stretch.

      There have been instances where a hospital got hit by ransomware and when the attackers were told it was a hospital they gave them the keys. Apparently they thought they had hit a university.

      • by gweihir ( 88907 )

        Terrorism is also anything that attacks infrastructure and the fundamentals of society. If you attack anything, the full responsibility if you mistake your target is with you.

        • Terrorism is also anything that attacks infrastructure and the fundamentals of society.

          Technically, no, it is not. A lot of people have broken laws with no intention of causing any harm and then to their surprise caused a huge mess. That doesn't make them terrorists but it does make a lot of people unhappy.

          • In the US, if someone dies as a result of you committing a crime, you are charged with murder (even if it was your accomplice getting shot by the owner of the place you tried to rob). Not sure if this applies to Europe but it wouldn't surprise me if it did.

            • if someone dies as a result of you committing a crime, you are charged with murder (even if it was your accomplice getting shot by the owner of the place you tried to rob).

              Pff! Only if you live in Texas. Everywhere else you may get charged with manslaughter and corporations are only slapped with a fine.

              Not sure if this applies to Europe but it wouldn't surprise me if it did.

              The thing is, while they may be considered criminals in the places they hack, in their home countries they have committed no crimes. This means you have to be able to extradite them which in itself can be fought and is a complex process. In fact, they can cite the rather draconian laws and punishment in the US as a reason to not extradite them which has been successful in t

            • by gweihir ( 88907 )

              It does not, at least not in the European countries I know. But if you did any action (crime or not) where you needed to reasonably expect that there is a real risk somebody could be seriously injured or killed, then you will be charged with at the very least negligent manslaughter. This can be upgraded to regular manslaughter if the risk was high enough to not be minor and you needed to reasonably expect this could actually happen. And when the gain you expected is actually something obviously immoral and

          • by gweihir ( 88907 )

            And technically, I did not say they should be "regarded" or "identified" as terrorists, I said they should be "treated" as terrorists. You can treat people as something even of they do not fulfill the strict formal definition, obviously. Obviously anybody attacking medium-sized and larger enterprises _knows_ that hospitals, critical organizations, critical infrastructure, etc. can become a target by accident. Anybody not making very sure that is not the case is just accepting that and that makes them fully

            • And technically, I did not say they should be "regarded" or "identified" as terrorists, I said they should be "treated" as terrorists.

              Then the law would have to be modified for that to happen or they are not being treated equally under the law.

              • by gweihir ( 88907 )

                And technically, I did not say they should be "regarded" or "identified" as terrorists, I said they should be "treated" as terrorists.

                Then the law would have to be modified for that to happen or they are not being treated equally under the law.

                Nope. I am talking about the intensity and effort invested to hunt and find them.

      • by bjwest ( 14070 )

        They rarely know what their target machines are actually used for so saying this is willfully killing people is a huge stretch.

        This isn't the world of the 80's where you plug in a robo dialer and hack whatever system answers. These people know what they're hacking.

        • This isn't the world of the 80's where you plug in a robo dialer and hack whatever system answers.

          Actually, that's a pretty good analogy for how things actually happen because they are scanning IP ranges and ports for specific responses. Really, it's exactly like a 80s robo dialer.

          • by gweihir ( 88907 )

            This isn't the world of the 80's where you plug in a robo dialer and hack whatever system answers.

            Actually, that's a pretty good analogy for how things actually happen because they are scanning IP ranges and ports for specific responses. Really, it's exactly like a 80s robo dialer.

            Not true. A simple whois lookup often already tells you what you are attacking. As does a publicly visible web-server. There are a lot of other indicators. Somebody that does not know what they hack did not bother to find out.

            • A simple whois lookup often already tells you what you are attacking.

              The typical modus operandi is to probe IP addresses, not go after web servers (for which a WHOIS would be applicable). Web servers wouldn't have the vaccine info on it.

              • by gweihir ( 88907 )

                A simple whois lookup often already tells you what you are attacking.

                The typical modus operandi is to probe IP addresses, not go after web servers (for which a WHOIS would be applicable). Web servers wouldn't have the vaccine info on it.

                Seriously? You do not know how attackers proceed?

                • Seriously? You do not know how attackers proceed?

                  Usually they proceed blindly with automation because that's how they spread to the most machines. Only cybercrime syndicates do targeted attacks.

      • You are wrong in every word.

        - This is in fact terrorism. It may only be stealing but the direct result of it may lead to delayed arrival of vaccines, which, consequentially is the lost of lives. In this case, the lost of a lot of lives.
        - Hacking institutions that serve the well being of human condition such is killing whether the crooks want to admit or not. People die from hack because procedures that they needed to survive couldn't be made available on time as result of the hack. The asshole that caus
        • If you're smart enough to hack, you're supposed to know that computers in hospitals are used to save lives.

          Right because using an IP scanner that checks for specific responses is totally transferable to knowing what's on a computer in every industry in every region of the world that's in a language you may or may not be able to read. /s

          Are you really going to tell me that a crook breaks into an institution who operate on very specific function, does not know what the computers are used for?

          You are assuming they were specifically targeted rather than simply being caught up in a carpet bombing style operation. I'm not saying for a certainty that they didn't know but I am saying there is a good chance they had no idea.

          • by gweihir ( 88907 )

            You are assuming they were specifically targeted rather than simply being caught up in a carpet bombing style operation. I'm not saying for a certainty that they didn't know but I am saying there is a good chance they had no idea.

            If you carpet-bomb a city, you are fully responsible for all the hospitals, schools, kindergartens you destroy and all the civilians you kill. Why are you defending these people?

            • If you carpet-bomb a city, you are fully responsible for all the hospitals, schools, kindergartens you destroy and all the civilians you kill.

              Well it's a good thing it was only a metaphor.

              Why are you defending these people?

              I'm not, I'm simply refusing to jump to an unjustified conclusion when I know their general modus operandi which is committing petty crime, not terrorism.

              • by gweihir ( 88907 )

                I'm not, I'm simply refusing to jump to an unjustified conclusion when I know their general modus operandi which is committing petty crime, not terrorism.

                Attacking individuals or single stand-alone servers may be petty crime, at least in some cases. Attacking organizations is a whole different thing. And you cannot be in the intranet of an organization and _not_ notice it.

                • Attacking individuals or single stand-alone servers may be petty crime, at least in some cases. Attacking organizations is a whole different thing.

                  Not really, they are just spreading through intranet then. How it's done technically is different but they are still just petty criminals. You seem to have the hollywood perception of hackers: brilliant and evil. Honestly, they are mostly just petty thieves with just enough computer skills to stitch together something that someone else designed. I've seen their code and it sucks.

                  • by gweihir ( 88907 )

                    Attacking individuals or single stand-alone servers may be petty crime, at least in some cases. Attacking organizations is a whole different thing.

                    Not really, they are just spreading through intranet then. How it's done technically is different but they are still just petty criminals. You seem to have the hollywood perception of hackers: brilliant and evil. Honestly, they are mostly just petty thieves with just enough computer skills to stitch together something that someone else designed. I've seen their code and it sucks.

                    Nope. I am actually a security architect, security auditor, security consultant and security engineer. I also teach application security academically. Nobody needs to be "brilliant" to notice they are in an intranet. Nobody needs to be "brilliant" to find out what intranet that is and who it belongs to. All it requires is wanting to know.

                    • All it requires is wanting to know.

                      That's just it, they don't care who owns the computer as it's not a requirement. They hit a larger number of targets ever single day, so knowing who your are hitting is not something they bother with. The only time they bother with it is when they target organizations which is something that syndicates do, not your run-of-the-mill hacker.

          • It's pathetic that you keep going around replying to everyone's comments claiming that hackers use an IP scanner to find their targets. Only script kiddies use a target scanner. Experienced hackers have specific targets. In this case, the perpetrators want to steal information about the vaccine to sell it to the highest bidders. This may be russian or chinese. You keep trying to defend that the crook doesn't know what his target computers have, makes you look like one of those script kiddies yourself.

            Yeah
            • It's pathetic that you keep going around replying to everyone's comments claiming that hackers use an IP scanner to find their targets.

              How do you know that they were targeted?

              Only script kiddies use a target scanner.

              Yes, which is kind of the point because there is no information indicating it was a sophisticated hack.

              Experienced hackers have specific targets. In this case, the perpetrators want to steal information about the vaccine to sell it to the highest bidders.

              The only information provided was that they were hacked, so what makes you so sure the information was stolen and this wasn't simply randsomware?

        • by gweihir ( 88907 )

          - This is in fact terrorism.

          Strictly speaking it is not, because the motivation does not match as there are usually no political aims. But the damage it does is the same as in terrorism, including causing fear, disrupting infrastructure, killing people and generally destabilizing society.

          Hence it is high time that significant effort is invested in identifying and stopping these people. There needs to be a clear, red line that they must know to never step over. I am not saying to predator-assassinate them, I am saying to find them and

    • The European Medicines Agency (EMA), the EU regulatory body in charge of approving COVID-19 vaccines, said today it was the victim of a cyber-attack.

      It'll be the NSA. The US is pissed that the EU signed up for the vaccine ahead of them.

  • insider trading??
    and if you get locked up for that it's club fed and you get to keep the funds

  • For example: Con a middle-aged guy (who should know better) out of some cash in an online grift? Maybe a few months in jail.

    Con an 80 year old grandma out of grocery money in an online grift? 50 years in a federal prison.

    • No, conning someone is illegal regardless of if the person should have been able to protect themselves. Beating up Mike Tyson in a barfight doesn't get you a lesser sentence than beating up a 5', 120lbs guy.

  • Twenty bucks says the chinese did it.
  • Because why would we expect these folks to be competent?

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...