The European Medical Agency (EMA) has warned that information about COVID-19-related drugs and vaccines, stolen in a cyber attack last December and leaked online earlier this week, includes correspondence that was manipulated before publication “in a way that could undermine confidence in vaccines. “
It is not exactly clear how the information – which includes drug structure schemes and correspondence related to the COVID-19 vaccine evaluation processes – was manipulated.
We contacted the agency to ask questions.
A security researcher, Lukasz Olejnik, who raised concerns about the leak via Twitter, suggested that the manipulated data will be “perfect for sowing suspicion” because the biotechnical language involved in leaked correspondence will not be widely accessible.
Now I understand why this data is perfect for sowing suspicion. (misinformation). The documents are extremely airtight, using niche biotechnology technical language. No layman is able to understand this. Perfect for conspiracy thinking, because it has the percentages of the numbers. https://t.co/e0qfYoV3R0
– Lukasz Olejnik (@lukOlejnik) January 15, 2021
Likewise, it also seems possible that the high level of knowledge required to properly analyze data can limit the damage that manipulated versions can cause by limiting their viral appeal.
But it is notable that the EMA has raised concerns about the risk of relying on coronavirus vaccines.
“Two EU marketing authorizations for COVID-19 vaccines were granted in late December / early January after an independent scientific assessment,” writes the EMA in the latest update on the hack.
“Amid the high rate of infection in the EU, there is an urgent public health need to make vaccines available to EU citizens as quickly as possible. Despite this urgency, there has always been consensus across the EU not to compromise high quality standards and base any recommendation on the strength of scientific evidence about the safety, quality and efficacy of a vaccine, and nothing more.
“EMA is in constant dialogue with the EC and other regulators across the network and internationally. Authorizations are granted when the evidence convincingly shows that the benefits of vaccination outweigh any vaccine risks. All details of the evaluations scientific findings are publicly available in European public assessment reports on the EMA website, “he adds.
At the time of this writing, a criminal investigation into the cyber attack was still underway.
The attack was not attributed to a specific hacker group or state actor and there is no confirmation of who is responsible for trying to sew coronavirus-related misinformation by sowing tampered medical documents online.
However, last November, Microsoft warned that hackers backed by Russia and North Korea were targeting pharmaceutical companies involved in the development efforts of the COVID-19 vaccine.
In June, the European Commission also raised concerns about the risks of widespread misinformation of the coronavirus vaccine in the coming months – simultaneously checking the names of China and Russia as foreign entities that it said it confirmed to be behind supported disinformation campaigns. by the State targeting the region.
Therefore, it seems likely that the suspicion falls on the usual “hostile suspicion” states.
We have seen similar “adulterated spill” tactics attributed to Russia before – usually related to attempts to interfere in elections by defaming candidates for high political positions.
The researchers suggested that hackers responsible for breaches of the Democratic National Committee’s network in 2015-16 introduced tampered data in leaked emails – an attack that was later attributed to Russia.
Although, more recently, the infamous “Hunter Biden” laptop incident – which supporters of President Trump sought to leverage against his opponent for the White House (now president-elect) in last year’s presidential race) occurred.
In this case, any misinformation scam has failed amid a series of dubious claims about the discovery and timing of the claimed data cache (along with much greater general awareness of the risk of false digital defamation tactics in political campaigns following revelations about the scale of Russia’s social media influence in the 2016 US presidential election).
In a previous incident in 2017, emails related to French President Emmanuel Macron’s election campaign also leaked online shortly before the vote – coinciding with a document dumped on an Internet forum that suggested that the presidential leader had a secret bank account in Cayman Islands . An assertion that Macron’s political movement said was false.
In 2019, Reddit also linked itself to a suspicious Russian political influence trading account activity involving the leak and amplification of delicate trade negotiations between the UK and the U.S. on its platform during the UK election campaign.
It is not clear whether the leaked commercial dossier has been tampered with or not (it has been extensively edited). And it certainly didn’t bring an overwhelming electoral victory to Jeremy Corbyn’s Labor Party – which used the leaked data in its campaign. But a similar previous operation, also attributed to Russia, involved leaking fake documents on various online platforms. (This disinformation operation was identified and taken down by Facebook in May 2019.)
The emergence of leaks of manipulated medical data linked to vaccines and COVID-19 treatments seems to be a worrying evolution of hostile cyber disorders that seek to turn false data into a weapon to generate useless results for others – since there is a direct risk to public health if relying on vaccination programs are undermined.
There have been hacks at the state level targeting medical data before too – albeit without the background related to the pandemic of an ongoing public health emergency.
In 2016, for example, the World Anti-Doping Agency confirmed that confidential medical data related to the Olympic drug tests of several athletes was released by the Russian cyber hacker group, ‘Fancy Bear’. In this case, there were no reports of the data being manipulated .