The federal government blames Russia for a hacker attack on the SPD headquarters. The target is the cyber warrior group “Fancy Bear” (APT28), which is also said to have been responsible for the attack on the German Bundestag (2015) and on US politician Hillary Clinton (2016).
Are Russian espionage attacks increasing?
There are no official statistics on cyber attacks from Russia, also because it is very difficult to pinpoint the exact origin of the hacker groups. However, there are two topics that are increasingly motivating Russian state hackers to become active in the West: the Ukraine conflict and the prospect of being able to influence elections in Western countries. “Russia remains the biggest threat to Europe in the run-up to the European Parliament elections,” says Jamie Collier of security firm Mandiant. “Russian operations are likely to take place across Europe and attempt to undermine support for Ukraine and trust in NATO and the EU.”
What does Russia want to know and what goals do the Russians have?
The SPD provides the Federal Chancellor and, as the governing party, plays a key role in determining Germany’s foreign policy. Of course, it is interesting for Moscow to see how Berlin reacts to the Russian war of aggression against Ukraine and what plans there are for military and financial support for Kiev. Russia’s goal is to influence the debate in its own interests, for example to increase fears in the SPD of an escalation through arms deliveries to Germany. Beyond the specific case, it is about destabilizing political systems in the West, spreading uncertainty, carrying out industrial espionage or even cracking bank information – for example as a means of putting pressure on Russian officials who have sent their money abroad.
What role do paid hacker groups play in this?
The connections between the Russian secret service and the hacker industry in Russia are considered to be close. The FSB began recruiting capable cybercriminals years ago. The groups “Fancy Bear” (APT28) and “Cozy Bear” (APT29) are the best known and are said to have close ties to the secret services. “Fancy Bear” hit the headlines because of the attack on the Democratic Party during the 2016 US election campaign, but also an attack on the Bundestag (2015). “Cozy Bear,” in turn, is said to have spent years collecting information for Moscow about the stationing of the US missile shield in Eastern Europe. There are also hacker groups that launch attacks on commercial properties abroad for Moscow. The most famous group here is “Evil Corp”.
Doesn’t the West also spy on other countries?
It can be assumed that Western secret services are also active as attackers in cyberspace. On the one hand, particular competence is attributed to the Anglo-Saxon secret service network “Five Eyes” – a cooperation between the USA and Great Britain as well as Canada, Australia and New Zealand. In addition, the cyber troop Unit 8200 from Israel is considered particularly powerful. Sometimes smaller services such as the Dutch secret service AIVD also achieve spectacular espionage successes. For several years starting in 2014, the Dutch were able to virtually look over the shoulder of the Russian troop “Cozy Bear” via manipulated security cameras in a Moscow office.
What’s special about the “Fancy Bear” cyberattacks?
Western secret services usually use spied secrets to inform their own country’s political decision-makers. The services of friendly states are also informed about particular threat situations. Russian services often do not act so cautiously, but are aimed at a large audience. In its most serious attack to date on Hillary Clinton’s 2016 presidential campaign, “Fancy Bear” sought broad publicity through organizations such as Wikileaks. The interference in the election campaign was accompanied by “trolls” who stirred up sentiment against Clinton on social networks from St. Petersburg.
How is German counterintelligence organized?
After the focus in recent years had been on militant Islamism and right-wing extremism due to the terrorist threat, the focus has recently been changed so that more resources are now flowing into counterintelligence again. The Federal Office for the Protection of the Constitution has sent warnings to members of the Bundestag several times in the past two years. Among other things, the domestic secret service points to the increased threat from state or Russian state hackers due to the Russian war of aggression against Ukraine. There were also warnings about cyber attacks and influence operations by China as well as the Iranian secret service’s spying on opposition members in Germany.
Are private individuals also targeted by hacker groups?
Private citizens are more at risk of falling victim to common cybercriminals who use ransomware to encrypt their data in order to extort a ransom. But the secret services’ sights aren’t just on government members or other elected officials. Political activists, journalists and social media influencers are also considered at risk.
How can you protect yourself against such cyberattacks?
There is no 100% protection against sophisticated attacks of the type APT (“Advanced Persistent Threat”), also because the attackers are often already aware of security gaps in computer systems that the public has no idea about. In order not to make things too easy for attackers, the IT systems – from the operating system to the application software – should be kept up to date. Attacks are also made more difficult when email inboxes and other sensitive applications are protected not just with a username and password combination, but with a second factor, such as a USB security key. The new passkeys, which also use biometric information such as fingerprints or facial recognition methods such as FaceID, also offer better protection than usernames and passwords.