In recent years we have seen many politically motivated Cyberattacks. One of the earlier known hacks was the Stuxnetattack, in which Israeli and American secret services were probably involved. More recently, we have seen IT security incidents that overshadowed last year’s US election, as we have already mentioned in a previous blog post about the Clinton Hack .
Now the question arises: Will the election in Germany be affected by cyber attacks as well? In this article, we will look at the current developments of the super-election year 2017: The elections in the Netherlands, France and Germany are important fundamental decisions for European democracy. As European citizens we are concerned about the persistent reports of cyber-security incidents. Here’s a short overview of past cyber attacks of a political nature:
Summer 2015: The German Bundestag Hack
Ein weitreichender Angriff auf die Infrastruktur des Bundestagsnetzes wurde nach Monaten entdeckt und beendetA far-reaching attack on the infrastructure of the German Bundestag network was discovered and ended after months. A phishing e-mail on behalf of the UN, which was clicked on by a member of parliament or an assistant, was identified as the gateway to the phishing attempt. The attack was not aimed specifically at the Bundestag, but at various political institutions and is now publicly attributed to Russian hacker groups (including APT28). Phishing E-Mail im Namen der UN identified, which had been clicked on by a member of parliament or an assistant. The attack was not targeted specifically at the Bundestag, but at various political institutions, and has since been publicly attributed to Russian hacker groups (including APT28).
September 2016: Cyberattacks on German top Politicians
Mehrfache gezielte Angriffe auf deutsche Spitzen-PolitikerSeveral targeted attacks on top German politicians have been carried out, which are connected with the upcoming Bundestag elections according to government experts. The attacks are officially attributed to the same hacker groups and have once again been carried out by phishing e-mails. This time the fake e-mails came on behalf of NATO – so far it has not been possible to make any statements about the extent of the damage.
But it is not only the German political apparatus that is a frequent target of hackers. The international community has to cope with many attacks. Here are a few examples that are known to the public:
December 2016: Cyberattacks on the OSCE
A recent cyber attack on the Organisation for Security and Cooperation in Europe (OSCE) has caused a stir. It is assumed that hackers have successfully stolen highly confidential data. Here, too, the German Federal Office for the Protection of the Constitution suspects Russian actors. Cyber-Angriff auf die Organisation für Sicherheit und Zusammenarbeit in Europa (OSZE) Aufsehen. Es wird davon ausgegangen, dass Hacker streng vertrauliche Daten erfolgreich entwendet haben. Auch hier vermutet das Bundesamt für Verfassungsschutz russische Akteure.
December 2016: Cyberattacks on the Polish Foreign Ministry
A professional attack on the foreign ministry in Warsaw was not stopped until December 2016. Several employees had received phishing e-mails on behalf of NATO.
December 2017: Cyberattacks on the Polish Foreign Ministry
The Czech foreign ministry was less fortunate than its Polish counterpart. In January, it was discovered that hackers have been reading the foreign ministry’s e-mail communication for weeks or even months. die E-Mail-Kommunikation des Außenministeriums mitlasen.
January 2017: Cyberattacks on NATO
At the end of January, NATO reported an increase of 60% in the number of threatening cyber attacks. It was evident that these were collectives of hackers who were receiving state support. Even the NATO article 5 alliance case is now being considered for cyber attacks of a certain magnitude. Anstieg bedrohlicher Cyber-Angriffe von 60%. Dabei sei klar ersichtlich, dass es sich hierbei um Hackerkollektive handele, welche staatliche Unterstützen erhalten. Sogar der Bündnisfall nach Artikel 5 der NATO wird mittlerweile für Cyber-Angriffe einer bestimmten Größenordnung in Erwägung gezogen.
The recent revelations of WikiLeaks also raise concerns about how even the US will deal with its offensive cyber units in the future – after all, they have been active in Europe several times in the past..
An Alarming Picture
It seems almost impossible that German politicians will be spared. In light of the international incidents and massive political intervention on the basis of cyber-attacks, one wonders: Were German politicians, at federal, state and local levels not yet hacked because they are so secure, or have the attacks just not been discovered? Are comprehensive measures already being taken in politics and business to protect against social engineering, social hacking and phishing? And is our political and economic system prepared for the present and future of organised cybercrime?
We can probably assume that this year will be very interesting not only at the political level, but also at the cyber level. Like the BSI President, we are left with just one plea to the parties: Take IT security seriously!
However, some current news reports cast serious doubts as to whether this awareness of the seriousness of the situation has really reached day-to-day political affairs. It is certain that administrations and parties, as well as NGOs and companies should definitely invest in IT security in order to survive in today’s digital world.Whether 2018 will also be a year of superhacks – I’d rather not even think about that.