Skip to main content

Cyberattack on German Government

December 1, 2018 | Expert Insights

German security officials have detected a fresh cyber attack on the email accounts of German lawmakers, the military and several German embassies by the Russian hacker group Snake.

Background

In February 2018, the German government confirmed that it had suffered a large cyberattack which infiltrated federal computer networks. It was then alleged that the Russian hacking group APT28 had placed malware in a government network and infiltrated both the Foreign Ministry and the Defence Ministry. Sources said the malware could have remained in the government's networks for as long as a year before the government discovered the breach in December 2017. 

The hackers reportedly infiltrated the government's "Informationsverbund Berlin-Bonn" (IVBB) network, a specially designed communications platform which is separate from other public networks to ensure a supposed added layer of security. It's used exclusively by the chancellery, the German parliament, federal ministries, the Federal Audit Office and several security institutions in Berlin and Bonn; the former German capital where some ministries still have offices.

The government said it receives roughly 20 attempted hacking attacks per day, while German intelligence services also carry out penetration tests once per week. APT28, also known as Fancy Bear, has been linked to Russian military intelligence. The group was identified as the likely source of an attack on the German parliament in 2015, as well as NATO and governments in eastern Europe.

In 2014, an aggressive cyber weapon called Snake infected dozens of Ukrainian computer networks including government systems in one of the most sophisticated attacks of recent years. Also known as Ouroboros, after the serpent of Greek mythology that swallowed its own tail, experts say it is comparable in its complexity with Stuxnet, the malware that was found to have disrupted Iran’s uranium enrichment programme in 2010. Ouroboros gives its operators unfettered access to networks for surveillance purposes. But it can also act as a highly advanced “digital beachhead” that could destroy computer networks with wide-ranging repercussions for the public.

Analysis

German security officials discovered fresh cyberattacks on the email inboxes belonging to several members of the German parliament, the German military and several embassies. Germany's domestic security service, BfV, discovered the attacks on November 14. The BfV believes the Russian cyber weapon "Snake" was behind the attack, but it was not yet clear if any data had been stolen in the attack. "The BfV was able to detect attacks again in the framework of investigating the cyberattack campaign 'Snake,'" the agency said in a statement to the magazine. "The victims are mainly in the government and political realm.”

“Snake” appears to have ties to Russia’s FSB intelligence service, with a focus on former Soviet states, Warsaw Pact members and countries in the Middle East, according to the BfV. The campaign has targeted government institutions as well as research and development facilities. Investigators believe the hacker group also accessed the nation's governmental network in December 2017, which was detected earlier this year. The incident raised questions about the German government's network security. "Snake" has been linked with the Russian secret service.

In 2015, a high-ranking security official stated that it was "highly plausible" that Russian hackers “Snake” was behind a cybertheft of files from the German Parliamentary Committee investigating the NSA spying scandal, later published by WikiLeaks. In late 2016, Bruno Kahl, president of the Bundesnachrichtendienst warned of data breaches and misinformation-campaigns steered by Russia. According to Kahl, there are insights that cyberattacks occur with no other purpose than to create political uncertainty.

Counterpoint

In February 2017 it was reported that a year-long probe by German intelligence "found no concrete proof of Russian disinformation campaigns targeting the government.” Hans-Georg Maaben, head of the country's Federal Office for the Protection of the Constitution, noted "growing evidence of attempts to influence the next federal election" in September 2017 and "increasingly aggressive cyber espionage" against political entities in Germany. The New York Times reported on September 21, 2017, three days before the German federal election, that there was little to suggest any Russian interference in the election.

Assessment

Our assessment is that while until recently Russian hackers had kept a low profile, there is no doubt that they have the capacity to inflict the full scope of cyber attacks, from denial of service to very sophisticated espionage. We believe that in order to protect their data, governments need to increase stakeholder collaboration; government employees need to understand the risks and security protocols of using mobile devices or operating in the cloud. We think it is important for officials to work with peer organisations, academia and the private sector to minimise the risk of cyberattacks.

India Watch

India is ranked third after the US and China in terms of cybercrime incidents. However, the senior-most bureaucrat at the home ministry has admitted that the country does not have the wherewithal to deal with the newest security challenge. Efforts by the government to strengthen the digital and cybersecurity system has failed to stop cyber attacks.

Despite regular security audits by government agencies, 22,207 Indian websites—including 114 government ones—were hacked from April 2017 to January 2018. Apart from this, 493 websites were used for malware propagation.

It is imperative for India to spruce up its cyber security apparatus and increase awareness on the threats that lurk in cyberspace.