Implications of Simon Coveney’s phone being hacked are unsettling | #government | #hacking | #cyberattack | #education | #technology | #infosec

Last week, the Minister for Foreign Affairs and Defence said his phone was hacked.

imon Coveney revealed this when answering a reporter’s question as to why he deleted potentially embarrassing text messages.

Initially, he said he had deleted the texts to save on data storage.

But photos then emerged of him using an iPhone 12 Pro, Apple’s top-end smartphone. It has at least 128GB in storage, enough to hold millions of text messages.

A second explanation was subsequently given — he deleted the messages as his phone had been hacked.

Whatever the interest in the original political mess over the Zappone appointment, this put a new complexion on things.

A minister in such a senior, sensitive position having his phone hacked?

The Sunday Independent has asked whether he reported this to authorities.

The Data Protection Commissioner’s office responded that there has been no complaint nor notification of any data breach received by Coveney or the Government, going back as far as May 2018, relating to the named hack.

Tánaiste Leo Varadkar explicitly said that he, a close contact in constant communication with Coveney, had not been informed of the hack on Coveney’s phone.

In a letter to the Oireachtas Foreign Affairs Committee, Coveney said the hack was “dealt with” by gardaí.

(A spokesperson for the Garda told the Sunday Independent they could not comment.)

Coveney then said: “It is already publicly known that my phone was compromised in 2020. What is not known is that some of my foreign minister colleagues across Europe were contacted using my phone’s identity as a front during that hacking incident. I believe the matter was dealt with swiftly and thoroughly by my department and the gardaí from whom I take ongoing advice.”

Could Coveney be confusing a phishing scam with the more serious issue of his phone being actually hacked? 

This is the most charitable interpretation. But if this isn’t the case, both Coveney and the Irish Government need to act quickly.

In general, iPhones are relatively secure. But we know from several investigations in recent years that high level software from the likes of Israeli company NSO is used to infiltrate smartphones and bypass almost all levels of security.

As Ireland’s Minister for Foreign Affairs and Defence, and a key EU and UN Security Council member, Coveney is uniquely placed to simultaneously be briefed about, and a target of, this technology.

So when a person of his stature and inside knowledge says his phone was hacked, what should the world think?

Coveney is regularly in touch with senior UK counterparts, as well as Irish officials and civil servants in positions of extreme diplomatic sensitivity.

For example, he would be in close contact with Niall Burgess, the secretary general of the Department of Foreign Affairs. Burgess is now leaving to become the Irish Ambassador to France. Did Coveney tell Burgess that his own phone had been hacked and that Burgess might be exposed? Has Burgess taken any measures to mitigate the risk that French officials might now feel exist?

One might ask the same of Coveney’s relationship with the Irish Ambassador in London, Adrian O’Neill. Or the security of his contact with Martin Fraser, currently the secretary general to the Government but due to become the next Ambassador to the UK when O’Neill steps aside.

Or indeed of Coveney’s contact with Ireland’s influential Ambassador to the US, Dan Mulhall.

It is inconceivable that Coveney has anything other than a close working relationship with all of these men.

If they have not asked Coveney about the nature of his phone’s hacking attack, it is now likely that counterparts in France, the UK and the US — who take IT security far more seriously than we do in Ireland — might.

I don’t think I’m overstating the risk here. Coveney is a serious politician. So when he says his phone has been hacked and his phone communications are at risk, it’s a serious matter.

If Coveney represented a company with customer data, he would be obliged under data protection law to inform others that their personal data has been compromised.

So it’s baffling — and concerning — that Coveney has apparently not made others (including Leo Varadkar) aware that his phone, together with potentially sensitive discussions, was compromised.

Cynical suggestions, that Coveney is overstating his phone’s security issues to try to brush aside a politically embarrassing episode, are unworthy. If he says his phone was hacked, we must accept that it was hacked.

But after Ireland’s €100m HSE IT security fiasco, it risks reflecting poorly on us if we don’t look at his claims more closely, 

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *