The Vatican is so wide open to computer hackers that they can watch Pope Leo XIV chat on his tablet in a video call with his brother in Chicago, a cybersecurity expert warned.
Joseph Shenouda also said Vatican addresses are used to view pornography, “which isn’t very smart”.
He told the Dutch daily Nederlands Dagblad that the Vatican does little in response to daily phishing attempts. “If the Pope says anything about the war in Ukraine, we immediately see attacks,” he said.
A Chinese hacker group tried to hijack the Vatican’s email system while the Holy See was conducting delicate negotiations with Beijing about the appointment of bishops, he said. Some Vatican employees’ email addresses appear for sale on the dark web.
Shenouda, a Coptic Orthodox Christian living near Eindhoven in the southern Netherlands, said the Vatican admitted its shortcomings but says it lacks expertise to tackle the problem.
Its digital communications have been directed toward evangelisation, with little regard for security, he said, so some Vatican sites still use passwords like “welcome123” and have long-out-of-date systems, as revealed by simple scans. Fake Wi-Fi routers have been detected in St Peter’s Square.
“We’re talking about a state with ministries and diplomats that doesn’t have its digital security in order,” said Shenouda, who admitted to no longer being surprised by what he finds. “In Rome, it just doesn’t seem to sink in that they need to wake up.”
After first discovering such flaws in 2022, Shenouda founded a group called Vatican Cyber Volunteers which now involves 110 cybersleuths in several countries who send in their findings to him to bundle them into an occasional report for the Dicastery for Communications.
He said the Holy See should appoint its own information security officer, because the volunteers “do their work with the best of intentions, but it obviously best if the Vatican takes action itself”.