Unknown hackers have apparently gained access to the European database iFado (Intranet False and Authentic Documents Online), on which the security authorities of all EU member states, Norway, Iceland and Switzerland rely to fight irregular migration and organized crime. This emerges from a document from the General Secretariat of the European Council to the member states, which was sent on July 4th. The document classified as confidential, which the Süddeutsche Zeitung is an addendum to an earlier warning sent on June 29th. A deadline originally set for August to reset all user passwords is drastically shortened in the document. All users should now reset their passwords by July 15th, otherwise they would be automatically locked out.
The Fado database is used by the security authorities of the participating countries to share information about current security features, but also forgery techniques for travel documents, such as ID cards and passports, but also driver’s licenses and residence permits. iFado contains the most important information from this data archive, which is helpful when checking papers, for example by the police or customs.
This is particularly practical for the European border protection agency Frontex. “There are thousands of document types in circulation,” writes a Frontex spokesman. “It is impossible to know all of them.” If an employee has doubts about the validity of a document, they can confirm them with iFado. The collection of data makes work at EU border posts much easier. In Germany, in addition to the police authorities, customs and residents’ registration offices also have access to the system. According to the Federal Ministry of the Interior, there are around 1,200 users in Germany.
The hack could make particularly high-quality counterfeits possible
Personal data are in the database according to the regulation passed by the EU Parliament found only in exceptional cases. However, it is highly sensitive information. If unauthorized persons have had access to the system, they may be able to create particularly high-quality counterfeits, according to a spokesman for the Federal Ministry of the Interior. It is all the more surprising that there has apparently been no way for participating authorities to secure user accounts with multi-factor authentication. In addition to the password, such a procedure requires users to provide a one-time key generated by an app, for example.
In its warning, the responsible General Secretariat of the Council refers to an ongoing investigation by the EU’s cyber security authorities. The EU’s Cyber Emergency Response Team found the platform’s credentials on June 22 as part of a larger credential package being offered for sale on criminal forums on the dark web. So far it is unclear where the hackers got the data from. The warning to the member states also states that it has not yet been determined whether the access points were actively exploited by the cybercriminals. However, the risk seems to be significantly higher than initially assumed, as indicated by the drastically earlier deadline.
The fact that the access data was offered in a package could indicate that the hackers did not consider the accesses to be particularly valuable. But it could also be that the hackers had been using the accesses for years and now wanted to make money. How the EU authorities actually assess the case is unclear. Neither the General Secretariat of the Council, which is actually responsible, nor the EU Commission wanted to answer SZ’s questions about the security incident.
At the end of March 2020, the EU Parliament decided that the Fado system should be managed by Frontex in the future. This should soon make it possible to operate the platform more efficiently and securely. In the future, the system should allow different access levels for different groups of people. The move to a new platform was originally supposed to take place in 2023, but the EU currently seems to be planning for 2024.