Press play to listen to this article
Hillary Clinton, meet Michał Dworczyk.
Polish ultra-conservative leaders face growing scandal as private emails from senior officials including Prime Minister Mateusz Morawiecki are leaked to the public following a hacking operation they claim was carried out by Russia .
The emails – which also belong to the accounts of the prime minister’s main aide, Michał Dworczyk, and health minister Adam Niedzielski – began appearing in early June on Telegram, a Russian encrypted messaging system, and relate to internal deliberations on issues ranging from vaccine supply to the government’s handling of protests against abortion restrictions.
Warsaw accuses Moscow. Officials argue that the hacked emails – which they say are partly fabricated – and their dissemination are part of a wider Kremlin-led disinformation campaign aimed at fostering division, instilling mistrust and harming citizens. Poland’s relations with other countries and the EU.
“The main objective of the ongoing attack is to undermine democratic values - freedom of expression and trustworthy public debate – targeted by disinformation,” said a Polish note sent to EU ambassadors and seen by POLITICO.
“The intercepted disinformation content is focused on the current public debate and aims to provoke, polarize and antagonize politicians and society, to question NATO values and trust, as well as the costs of modernization military; providing “evidence” of Poland’s direct involvement and sponsorship of riots in Belarus and instability in Eastern Europe, as well as damaging Polish-Lithuanian relations, “the document added.
But the European Union has yet to support any attribution of the attack, and critics say the ministers themselves are to blame for conducting official business on private email accounts – the same accusation that has helped defeat Clinton’s presidential candidacy.
The emails, sent through free public providers, contain information and conversation about the country’s military, handling of the coronavirus pandemic, and even jokes on the country’s public television. They will likely come from the private inbox of Dworczyk, head of the Prime Minister’s office and the main coordinator of the Polish coronavirus response.
The attack was the subject of discussion at a meeting of foreign ministers on Monday. On Wednesday, it was also discussed by ambassadors at the NATO level, according to an alliance official. Warsaw is now seeking to condemn attacks by European leaders at this week’s European Council summit.
“An attack on an EU member state is in fact a challenge for the whole of the EU”, says the Polish brief.
Leaked emails and official documents are regularly posted by two anonymous accounts on Telegram – one in Russian and one in Polish.
The Polish account, dubbed Poufna Rozmowa (or a “confidential conversation”), has been active since early June. IT Emergency Response Team experts for EU institutions, bodies and agencies (CERT-UE), an independent IT security organization, noted that there were multiple Facebook accounts and at least one Twitter account promoting Telegram content.
“Some of these accounts were most likely created solely for this purpose, others were legitimate compromised accounts,” according to a CERT-EU brief, consulted by POLITICO.
Screenshots posted on Telegram show email exchanges between senior Polish officials.
An exchange apparently shows officials debating whether to use the military against abortion protesters.
“No one had such an idea”, Dworczyk Told Weekly Wprost. “I will not say anything more on the subject as we are dealing with an attack by cyber criminals.”
Another email shows the characteristics of the anti-tank missiles that the Polish army is said to be about to purchase. In another, Morawiecki suggests that he does not trust public television as a reliable source of information.
Polish security services mentionned Tuesday that at least 4,350 email addresses “were targeted” in the attack, and the government said about 300 had been hacked.
The CERT-EU memo added that “it is not clear exactly which Michał Dworczyk email account was compromised and how it was achieved”, but added that “it is plausible that a private computing device or entire network in the Dworczyk focus has been compromised ”.
Polish security services said they had “analyzed several messages that could be used as potential phishing techniques” – a type of attack often used to steal data such as login credentials and credit card numbers.
Other addresses in Dworczyk’s exchanges, including Morawiecki’s email address, are personal rather than government accounts.
Dworczyk insisted that the information he sent from his private email address was never classified, but could have been sensitive. “This is the nature of the information exchanged in the world of politics,” he said.
He also pointed out that some of the information posted on Telegram had been fabricated, but gave no details.
“We do not know what other documents will be published on the two Telegram channels, but above all we do not know if they are and will be authentic documents,” said Andrzej Kozłowski of the Kościuszko Institute, an NGO specializing in security. Questions. “The history of these information activities shows that very often false and fabricated documents are mixed with the real ones.”
The Polish government accuses Russia of carrying out the hacking operation.
“The analysis of our services and the secret services of our allies allows us to clearly state that the cyberattack was carried out from the territory of the Russian Federation. Its scale and scope are wide,” said Jarosław Kaczyński, vice -first minister in charge. security who is the de facto leader of Poland, said in A declaration.
Polish security services said on Tuesday the attacks were carried out by a hacking group called UNC1151 with links to GRU, Russian military intelligence. The group is behind the so-called Ghostwriter disinformation campaign which promotes critical accounts of NATO’s presence in Eastern Europe, primarily Lithuania, Latvia and Poland. This hypothesis was supported by CERT-EU.
“The most likely hypothesis is that the Russian secret service is behind this hack, but we must not definitively prejudge it and rule out other possibilities,” Kozłowski said, adding that there are several factors that confirm Russian involvement, such as Russian interests in regional policy and similarities with other Russian attacks.
The European Commission has expressed its solidarity with Poland.
“These malicious cyber activities against Poland are another example of the rapidly changing cyber threat landscape and show the need for the EU to step up efforts to prevent, deter and respond to cyber threats,” said a spokesperson. word of the EU in a press release.
But officials are more careful before pointing fingers at Russia. A senior Commission official stressed that the situation is being analyzed, but nothing is certain. “It is good that Poland notified the EU, but the information they provided did not shed new light on the situation,” they said.
Private email accounts
The Polish opposition lambasted the government for allowing senior officials to use private and insecure email accounts, and demanded the resignation of Dworczyk and Morawiecki. They point out that when the private conversations of ministers from the previous Civic Platform party leaked in 2015, many of the officials involved were forced to resign.
But Morawiecki and Dworczyk rebuffed the accusations.
Dworczyk confirmed that he uses his private email for private purposes, but said there is a need to coordinate his actions as a government official, politician and private person.
“I haven’t broken any binding rules,” he told Wprost.
As a result of the hack, other politicians revealed that they were also using private mail servers.
“I have many mailboxes and I don’t know which one is private” mentionned Minister of Education Przemysław Czarnek.
Morawiecki also said government officials are the victims and should not be blamed.
“I will not follow the Kremlin scenario,” he said told reporters.
You want more analyzes of POLITICS? POLITICS Pro is our premium intelligence service for professionals. From financial services to commerce, technology, cybersecurity and more, Pro delivers the real-time insights, in-depth insights and the scoops you need to stay ahead of the curve. E-mail [email protected] to request a free trial.