At least 32 mobile devices emitted hookup or dating app data signals from areas of the Vatican ordinarily inaccessible to tourists and pilgrims.

The information came from analysis of commercially obtained signal data that was legally acquired by The Pillar. It covered a period of 26 weeks during 2108.

At least 16 mobile devices emitted signals from the hookup app Grindr on at least four days within the non-public areas of the Vatican City State. In addition, 16 other devices showed use of other location-based hookup or dating apps, both heterosexual and homosexual, on four or more days.

The data set assessed by The Pillar is commercially available. It contains location and usage information that users consent to be collected and commercialized to use the app.

The use of any hookup app within the Vatican City State's secured areas could pose a security risk for the Holy See.

And using the Grindr app by Vatican residents and officials could present a particular diplomatic security risk for the Holy See in its dealings with China.

Grindr was launched in California but was acquired by the Chinese gaming firm Beijing Kunlun Tech in 2016.

While it was under Chinese ownership, the Committee on Foreign Investment in the United States (CFIUS) deemed the app's ownership a national security risk. This was over concerns that data from the app's some 27 million users could be accessed by the Chinese government and used for blackmail.

In fact, while still Chinese owned, Grindr allowed third-party engineers access to the personal data of millions of U.S.-based users. This included their personal details and HIV status, according to media reports last year.

Under intelligence and cybersecurity laws, Kunlun Tech could have been compelled to turn over the data from company servers to the Chinese government for any reason pertaining to "national security," experts have warned.

In recent years, the Holy See has been the target of several cyber-espionage attacks appearing to originate in China and apparently linked to China's diplomatic negotiations with the Vatican.

In the months before the renewal of the Vatican-China deal in 2020, the cybersecurity media outlet Recorded Future reported that both the Vatican and the Diocese of Hong Kong had been targeted for hacks by RedDelta, a Chinese-state sponsored hacking organization.

The impact of legally purchased app data has already been made apparent in the Vatican.

The US Conference of Catholic Bishops general secretary Monsignor Jeffrey Burrill resigned on 20 July after cell phone data appeared to show he frequently used the gay dating app Grindr.

Burrill's resignation came after staff had learned on Monday of "impending media reports alleging possible improper behaviour."

The Pillar published an article on Wednesday that presented evidence the priest engaged in serial sexual misconduct.

Vatican City State policy does not presently prohibit employees or residents from the use of location-based hookup apps, even within secured locations connected to diplomatic responsibilities, Vatican officials have told The Pillar.

Sources

The Pillar

Cyberscoop reports hackers posed as UCANews.com journalists in order to gain an advantage for China in negotiations with the Holy See.

Researchers at the security firm Recorded Future first identified hackers affiliated with a group called Mustang Panda in July.

The hacker group was conducting espionage against targets involved in negotiations around the operations of the Catholic Church in China.

Information on Catholicism in China has been of keen interest to the Chinese government since the Vatican cut off diplomatic relations with China in 1951.

After a brief halt to their activities, the hackers changed their approach, making detection more difficult.

The latest spate of targeting has included ‘spoofed' email headers including specific lures about the provisional agreement between the Vatican Holy See and the Chinese Communist Party.

Hidden in the email is malware which allows a remote user to steal data. They can even take control of affected systems without permission or authorization.

The findings show how intent hackers are on collecting intelligence on entities involved in diplomacy between the Vatican and the Chinese Communist Party.

The resurgence of the hacker campaign came just days before the Vatican announced it had officially extended an agreement with Beijing about the appointment of Bishops in China.

Cybersecurity expert Andrew Jenkinson of Cybersec Innovation Partners in London has expressed concern over the Vatican internet security and vulnerability to cyber-attacks.

The Vatican has a sprawling system of websites, they are administered by the Internet Office of the Holy See.

The Vatican's web presence has expanded steadily since it launched its main website, www.vatican.va, in 1995.

Jenkinson noted that www.vatican.va remained "not secure" months after the breach was reported earlier this year.

Sources

Cyberscoop

Tech Radar