Hackers were handling stolen data related to coronavirus vaccines before it was published on the dark web, according to the European Medicines Agency. It was a tactic that cybersecurity analysts say is aimed at trust and frustration.
The Amsterdam-based group, which regulates human and animal medicine products in the European Union, unveiled a cyberattack on Dec. 9 in which information included e-mail letters about a developed Covid-19 vaccine le Pfizer
Inc.
and BioNTech SE was stolen before the drug was approved by the EMA on 21 December.
A spokesman for the EMA said in an email that hackers published some letters “not in terms of completeness and original form and / or with comments or additions from the manufacturers. ”She declined to comment on the content of the documents or the authors of the emails. CERT-EU, a Brussels-based EU office that helps the bloc’s public bodies deal with cyberattacks, said in an email that it is helping the EMA investigate and respond to the breach.
BioNTech and Pfizer did not respond to requests for comment. BioNTech said last month that it learned from the EMA that hackers were gaining access to documents related to its vaccine. The company said it was unaware of the disclosure of data that could identify study participants.
Around 55 files were released with screenshots of email conversations, PowerPoint presentations and other documents from Pfizer, the EMA and other EU officials on two dark web forums, said Nicola Bressan, chief technology officer at Yarix Srl at Var Group SpA, an Italian cybersecurity company. who reported the data was discovered this month.
One post was first published on a darknet forum in the Russian language, and another on an English forum.
Files in the leak, according to documents viewed by WSJ Pro Cybersecurity, include those with names related to peer reviews, meeting notes and analysis regarding the vaccine, and answers to questions from regulators.
Some of the letters released were related to the timing of the EMA vaccine licensing and referred to the U.S. Food and Drug Administration clearing the drugs swiftly due to pressure from the Trump administration, Mr. Bressan said. The job titles referred to fraud and fake vaccines, he said. EU lawmakers have criticized the EMA for approving slower vaccines than US or UK regulators.
“It is clear that this type of information, whether handled or not, is intended to weaken the credibility of the vaccine,” Mr Bressan said.
Mr Bressan said there were no clear signs that the data had been altered, such as incorrect grammar or easy-to-handle documents. Mr Bressan said he had not contacted the EMA but contacted the Italian postal police about the leaks.
Diversification campaigns can damage share prices and the reputation of companies. While rare, documents containing false information have been leaked after hacks, such as when medical records were posted online after a cyberattack on the World Anti-Doping Organization in 2016 that sought to tarnish spoil some U.S. athletes.
U.S. intelligence authorities said in May that Chinese and Iranian hackers were targeting companies developing coronavirus vaccines. Cyberattacks originating in Russia and North Korea also targeted online accounts of seven companies investigating virus drugs and vaccines, according to Microsoft
Corp.
Countries have consistently refused to engage in such cyberattacks.
The release of manipulative vaccine data could weaken public acceptance of the drugs, said Benedict Hamilton, managing director at Kroll Business Intelligence and Investigations, a unit of consulting firm Duff & Phelps.
Dietram Scheufele, Taylor-Bascom chair of science communication at the University of Wisconsin-Madison, said scientists already have to counter misinformation on Covid-19 vaccines. Data-only manipulation makes that task more difficult, he said.
“This is probably the worst time something like this can be dealt with,” he said.
Suspicions about coronavirus vaccines are changing among European countries. France has a very low uptake, with an Ipsos poll in December showing that only 40% of the population want to be vaccinated.
Complex medicines data are an easy target for disinfection because nonexperts are difficult to understand, said Lukasz Olejnik, an independent cybersecurity researcher and former adviser to the International Committee of the Red Cross. “If anyone is already skeptical, they may accept that since the data was released, there must definitely be something special,” he said.
The information was later posted on a popular forum known for leaking data and that is accessible through the regular internet, said Kurtis Minder, chief executive of cybersecurity company GroupSense Inc.
It is difficult to fight hackers who intend to spread malware and attackers may also try to manipulate data while it is still within a victim network, he said. Sven Herpig, director for international cybersecurity policy at Berlin-based think tank Stiftung Neue Verantwortung.
It is vital that false information is quickly and publicly denied, Mr Hamilton said. Investigating a disinfection campaign can take time, he said, “at this point the damage has already been done.”
Write to Catherine Stupp at [email protected] and James Rundle at [email protected]