The Vatican's Good Hackers, here's how they protect the Church
The Digital Swiss Guards Defending the Vatican.
This is how you might describe the Vatican's "good hackers" who, day and night, keep watch to protect the Holy See online.
The group is called Vatican Cyber Volunteers and has been active since 2022. The name itself makes one thing clear: they are volunteers.
The Vatican is the only state in the world protected by hundreds of hackers who act out of faith, shared values, and the importance of the Church in their lives (not all of them are Catholic).
Joseph Shenouda, a cybersecurity expert and founder and coordinator of the Vatican Cyber Volunteers, explains in an interview:
In the past, the Vatican has had these collaborations that provided a valuable but limited "point-in-time" security assessment.
A test captures the state of security at a precise moment, but the threat landscape is dynamic and constantly changing.
And the Vatican requires continuous monitoring of all its digital assets to detect and respond to threats as soon as they emerge.
Through a global network of volunteers, we provide the equivalent of 24/7 video surveillance. More specifically, we operate a global cyber defense intelligence network.
In essence, we monitor the entire digital spectrum related to the Vatican: from its public assets and network vulnerabilities, to dark web discussions, darknet forums, and the sale of compromised credentials. This constant vigilance is crucial for proactive defense.
We use government- and international-level threat intelligence tools, tactics employed by sophisticated hacker groups, that allow us to proactively hunt for threats, looking for signs of compromise based on the latest information about attackers.
The Vatican Hackers: All Volunteers
We work with 110 volunteers from around the world, all experienced cybersecurity professionals employed by various leading companies.
They donate their time and expertise to detect security alerts and potential threats related to the Vatican's digital presence.
I act as the central coordinator, collecting all incoming reports, verifying each finding to ensure accuracy, and then compiling a detailed report for the Vatican's internal IT department.
Our reports include clear, actionable instructions on how to resolve the identified issue.
We consider ourselves a collaborative partner and force multiplier for the Vatican's internal teams. We provide an external, real-world view of security from a potential attacker's perspective.
When we began, the Vatican's infrastructure was in a difficult state. Thanks to close collaboration, the security issues reported by our volunteers were consistently addressed and resolved by internal teams.
Our operating model is that of an external consulting group.
With so many volunteers using a wide range of professional tools and threat intelligence platforms, we achieve much broader and more comprehensive coverage than a single internal team could manage alone.
We primarily use LinkedIn for recruiting; our page serves as the main hub for attracting cybersecurity professionals.
Candidate verification is a key component, and I leverage my background in threat intelligence. However, the most important security measure is the operational structure itself: the flow of information is designed to be one-way, minimizing risk.
Individual reports are submitted through a secure, end-to-end encrypted channel like Signal. Once verified and used, the chat is deleted and we produce a comprehensive report that we deliver to the Vatican's IT department.
This compartmentalized approach, based on the "need-to-know" principle (limited access to strictly necessary information), ensures that no volunteer has a complete view of the Vatican's security situation and that sensitive information is never shared with the group.
They provide raw data, and we provide processed intelligence to the Vatican.
QUESTION – Are all the volunteers Catholic hackers?
ANSWER – It's a diverse group. Although some volunteers are Catholic, about half of our members come from other Christian denominations or faiths.
The unifying factor is not a specific religion, but a shared desire to contribute one's expertise to a good cause and protect a historically important institution.
QUESTION – Any concrete examples of cyberattacks on the Vatican that you've handled?
ANSWER – We recently discovered and reported a computer on a Vatican-affiliated network configured as an "open proxy." Anyone online could use it to hide their online activity for malicious purposes, making it appear as if the traffic was originating from the Vatican.
Following recent geopolitical events, we also detected activity by malicious actors, presumably based in Iran, planning retaliatory cyber attacks against Western religious organizations.
Another case involved the hacking of the website of the Augustinian order, which has ties to the Pope. The attackers inserted links that redirected visitors to a pornographic site, a clear act of reputational damage.
We frequently discover databases and login credentials related to Vatican entities for sale on dark web marketplaces and hacker forums. Our timely reporting allows the owners to change their passwords. Every day brings new discoveries.
Our primary focus is not on the digitization process itself, but rather on the cybersecurity of the Vatican's existing and future digital infrastructure. These are two distinct, yet related, fields.
We protect the Vatican's entire digital footprint, from public-facing websites and communications systems to internal networks and data archives, ensuring the confidentiality, integrity, and availability of all currently digitized assets.