Cyber security expert urges Vatican to strengthen internet defenses

CNA Staff, Nov 18, 2020 / 07:00 am (CNA).- A cyber security expert has urged the Vatican to take immediate action to strengthen its defenses against hackers.

Andrew Jenkinson​, group CEO of Cybersec Innovation Partners (CIP) in London, told CNA that he had contacted the Vatican in July to express concern about its vulnerability to cyber attacks.

He said that to date he had received no response, despite making several further attempts to raise the issue with the appropriate Vatican office.

The British cyber security consultancy approached the Vatican following reports in July that suspected Chinese state-sponsored hackers had targeted Vatican computer networks. CIP offered its services to address the vulnerabilities.

In a July 31 email to the Gendarmerie Corps of Vatican City State, seen by CNA, Jenkinson suggested that the breach might have occurred through one of the Vatican’s many subdomains.

Vatican City has a sprawling system of websites administered by the Internet Office of the Holy See and organized under the country code top-level domain “.va”. The Vatican’s web presence has expanded steadily since its launched its main website, www.vatican.va, in 1995.

Jenkinson sent follow-up emails in August and October, emphasizing the urgency of tackling weaknesses in the Vatican’s cyber defenses. He noted that www.vatican.va remained “not secure” months after the breach was reported. He also sought to contact the Vatican through intermediaries.

The Gendarmerie Corps confirmed Nov. 14 that it had received the information sent by Jenkinson. Its command office told CNA that his concerns “have been duly taken into consideration and transmitted, as far as their competence is concerned, to the offices that manage the website in question.”

A report, released July 28, said that hackers had breached Vatican websites in an attempt to give China an advantage in negotiations to renew a provisional deal with the Holy See.

Researchers said they had uncovered “a cyberespionage campaign attributed to a suspected Chinese state-sponsored threat activity group,” which they referred to as RedDelta.

The study was compiled by the Insikt Group, the research arm of the U.S.-based cybersecurity company Recorded Future.

In a follow-up analysis, published Sept. 15, the Insikt Group said that hackers had continued to focus on the Vatican and other Catholic organizations even after their activities were publicized in July.

It noted that RedDelta ceased its activities immediately after the publication of its initial report.

“However, this was short-lived, and within 10 days, the group returned to its targeting of the Hong Kong Catholic Diocese mail server, and within 14 days, a Vatican mail server,” it said.

“This is indicative of RedDelta’s persistence in maintaining access to these environments for gathering intelligence, in addition to the group’s aforementioned high risk tolerance.”

Hackers have frequently targeted the Vatican since it first went online. In 2012, the hacking group Anonymous briefly blocked access to www.vatican.va and disabled other sites, including those of the Vatican secretariat of state and the Vatican newspaper L’Osservatore Romano.

Jenkinson told CNA that the Vatican had no time to waste in shoring up its defenses because the coronavirus crisis had created “a perfect storm for cyber criminals,” with organizations more dependent than ever before on donations via the internet.

“Within a week of the Vatican’s latest breach we undertook research on a number of their internet-facing sites. Websites are like a digital doorway to the masses and can be accessed globally. Never was there a better time for cyber criminals to launch attacks and a worse time for organizations to be insecure,” he said.