US cyber security experts say that Herman Van Rompuy and senior officials, including EU Counter Terrorism head, Giles de Kerchove have had their emails hacked.
The break in began at 9.23 am on 18 July last year, according to logs, shown to Bloomberg. The hackers were inside the EU systems, gaining control of the exchange server, allowing access to all emails for just 14 minutes, but long enough to take vital data. The hackers continued to invade the systems for 10 days.
During several other co-ordinated intrusions by the same group were unaware thet they were under observation by a team of US security experts, who were tracking the group believed to be operating from China, called the Comment Group, after their technique of implanting code in seemingly harmless 'comments' in website code. Commenting is a way for developers to make notes on sections of code, without interfeering with the running of a website.
U.S. intelligence refer to the hacker group as Byzantine Candor. It is believed the group, one of ten to twenty in China, has been breaking into systems since 2002.
In 2008, Wikileaks published US cables that showed the US believed the Chinese were behind the group. The Chinese deny any involvement and vow to track down and punish anyone found to be involved in cyber crime.
Apart from EU top officials, the group also targeted over 1,000 organisations, including law firms, energy companies, NGOs and, for unknown reasons, an Italian restaurant in Manhattan.
President Obama warned in a Wall Street Journal op-ed, "the cyber threat to our nation is one of the most serious economic and national security challenges we face."
The revelation comes shortly after the US officials admitted that the US and Israel were responsible for the Stuxnet virus, initially targetted at the Iranian nuclear program, in an operation code named 'Olympic Games'.
The virus is believed to have disrupted the Iranian nuclear program in many ways, from destroying nearly 1 in 6 of Iran's centrifuges to making computers blast out AC/DC's song, 'Thunderstruck' at top volume in the middle of the night.
Stuxnet has broken out into the wild, although nobody knows exactly how that happened, but variations that share part of the code have been discovered.
There have also been newer virus' developed, including Duqu, which may be related to Stuxnet, but some security experts disagree.
Another, known as 'Flame' has also been detected, although it is believed to have been in operation for up to 8 years before being seen, although there is no indication of what it does. Kaspersky, a leading security firm said, "Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage."
They add, "the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it."