Hacker attacks on the German Bundestag

from Wikipedia, the free encyclopedia

There were repeated attacks by hackers on the German Bundestag . The attack with the most serious consequences to date probably took place from the beginning of 2015 and was discovered in May 2015. After extensive research into this attack, editors of the Zeit expressed fear in May 2017 that critical content from the data that had flowed out would be launched in the 2017 federal election campaign in order to change the mood in Germany.

The German government assumes that the major attack in 2015 was an action controlled by Russia . IT experts were able to gather evidence that the hacker collective known as " APT28 " (also known as " Fancy Bear ") and working as a unit of the Russian military intelligence service GRU initiated the attack.

Securing the network

The Bundestag has its own IT infrastructure, which is used to operate the internal Bundestag network "Parlakom". All MPs , including Chancellor Angela Merkel and other members of the government, as well as their parliamentary groups, administration, public relations and other parliamentary institutions, are affiliated with it. The computers of the constituency offices of the members of parliament outside Berlin are also connected to the Bundestag network. After mirror - Information Parlakom has about 20,000 federal accounts. The system has links to the free internet.

After the attack in 2015, there was resentment among MPs that the Bundestag had not connected to the federal government's network in 2009 when the decision was pending. This network is monitored by the Federal Office for Information Security (BSI).

Attack in January 2015

The largest attack to date on the Bundestag's internal network became known in May 2015. According to information from the German Press Agency , the attackers who were allegedly working for the Russian secret service started their action in December 2014 or January 2015. According to the information currently known to the public, they have placed a Trojan horse piece by piece on the individual physical computers via the internal network. According to a report by Spiegel Online, they first infected the computers of the left-wing faction with the Trojan, thus gaining access to administrator passwords. According to Spiegel , computers belonging to the CDU / CSU parliamentary group in the Bundestag were the first to be affected.

On April 30, 2015, several members of the Bundestag received an identical email. The address of the sender ends in “@ un.org” and therefore appeared to come from the United Nations and was sent by a server that the Bundestag firewall did not classify as problematic. The mail had the subject line “Ukraine conflict with Russia leaves economy in ruins” and contained a link to a supposed UN bulletin. When the link was activated (click), a link was made to a website that looks like a UN website, but actually installed malware on the mail recipient's computer unnoticed ( Trojan horse ). The hackers then had unnoticed access to the Bundestag's IT systems and were able to access sensitive content such as passwords and administrator accounts, which the attackers could use to obtain additional data.

The attack was only discovered in early May 2015 when the malware became active across the Bundestag network. IT specialists from Parliament and the Office for the Protection of the Constitution reported at around the same time that strangers had attacked the Bundestag's data network. The possibility was given that all IT devices (hardware) in the Bundestag would have to be replaced. Even several weeks after the cyber attack was discovered, the spyware was still active on the computers. At times, the entire Bundestag network was shut down.

"One can assume that several computers are now being controlled remotely, which is why some areas have been completely switched off so that the security of this data can still be guaranteed", explained IT expert Götz Schartner in DRadio .

According to the FAS , many MPs were annoyed that Bundestag President Norbert Lammert (CDU) had informed them too late about the extent of the hacker attack. The Reuters news agency quoted the CDU domestic policy Armin Schuster as saying: "The house is burning." The SPD-power politician Lars Klingbeil said the Mitteldeutsche Zeitung , one has the issue in the agenda committee Digital set twice on the agenda, be it but no one Come from the administration and have reported.

Goals and past data

The attackers attacked a. the representative office of Chancellor Angela Merkel and the Bundestag Vice- President Johannes Singhammer (CSU), as well as the computers of Martin Rabanus (SPD) and Bettina Hagedorn (SPD), both of whom sit on the trust committee for budget control of the federal intelligence services .

In total, more than 16 gigabytes of data, including e-mails from parliamentarians, presumably leaked to foreign servers.

Investigation by Claudio Guarnieri

Before the global attack on the entire Bundestag became known, servers belonging to the left-wing parliamentary group in the Bundestag were infected with malware from outside . This apparently comes from a state-sponsored group from Russia. This is the result of an investigative technical analysis by IT security researcher Claudio Guarnieri . Its detailed report analyzes the technology, effects, possible origins and a signature to identify the Trojan. The report was originally prepared for the left-wing parliamentary group in the Bundestag and was later published on the netzpolitik.org portal .

Guarnieri writes that attributing malware attacks is never easy, but in the course of the investigation he found evidence that the attacker was linked to a government-backed group called the Sofacy Group (APT28) (also known as APT28 or Operation Pawn Storm ) . Previous analysis by FireEye security researchers suggested the group may be of Russian origin. However, there is no evidence that allows the attacks to be assigned to specific governments or states.

Investigations and Consequences

The federal prosecutor's office started investigations into suspected espionage. On May 5, 2020, NDR, WDR and Süddeutsche Zeitung reported that the Federal Prosecutor General of the Federal Court of Justice had issued an international arrest warrant against a Russian hacker . The hacker is said to work for the Russian military intelligence service GRU and played a decisive role in the Bundestag hack. The American FBI has been looking for the hacker for two years, as he is said to be responsible for the hacker attacks on the US Democratic Party and the World Anti-Doping Agency . The suspect is the Russian Dmitri Badin .

After the hacker attack became known, the then President of the Office for the Protection of the Constitution, Hans-Georg Maaßen , suggested that a foreign intelligence service was behind the attack. The search for authors was also made more difficult by the fact that many files that were helpful for the investigation were destroyed by deletion routines . According to the Bundestag administration, the technology may need to be rebuilt. The administration of the Bundestag sent an email to all members of parliament and employees on June 22, 2015, in which they referred to IT security standards.

Federal Interior Minister Thomas de Maizière (CDU) saw a foreign intelligence service behind the cyber attack. He recommended that the Bundestag set up a specially shielded network modeled on the federal government.

The domestic political spokeswoman for the Left, Ulla Jelpke, called for countermeasures. She suggested creating more security through an operating system and software based on open source (Linux applications). In addition, it should be possible to encrypt e-mails and files on all computers. This has not yet been the case in the Bundestag.

Political Consequences

After the attack, politicians demanded that not only companies but also federal authorities meet certain minimum requirements for their computer systems in the new IT security law. These are to be determined by the Federal Office for Information Security (BSI).

The inclusion of federal authorities in the IT Security Act goes back to an amendment proposed by the CDU and SPD coalition groups. The introduced law should initially only oblige companies such as banks, insurers or energy providers to provide better protection against attacks on their computer systems. Important companies need to report severe attacks on their systems. Petra Pau (left), on the other hand, said: “A race between the secret services does not create more security.” She only sees the secret services as strengthened and confirmed in their existence.

In October 2020, the Council of the European Union issued implementing regulation (EU) 2020/1536 and resolution (CFSP) 2020/1537 entry bans and account freezes against the director of the Russian military intelligence service GRU , Igor Kostjukow and the hacker and officer Dmitri Badin . In addition, a GRU military intelligence agency responsible for cyber attacks was placed on the EU sanctions list.

Attack on military installations in August 2015

Der Spiegel reported in December 2015 that the same authors as in January had become active again. This time military facilities were targeted. The Russian IT security company Kaspersky Lab reported that it had discovered a new wave of attacks that had been going on since August 2015. The attacks are primarily aimed at military facilities. According to Spiegel , there were attacks on several NATO countries and armaments companies, particularly from the aerospace industry. It was again about the hacker group "Sofacy" or "APT28".

Attack from the end of 2016

At the end of 2016, Russian hackers penetrated the federal data network by first infecting one of the connected computers with malware. The attacked information network Berlin-Bonn (IVBB) is largely decoupled from the Internet and was considered secure. It is used for communication between the Chancellery, ministries and other security authorities. Communication between the authorities takes place via the IVBB in the form of e-mail, telephony and the Internet. The hackers stole documents on the Brexit negotiations and on Ukraine from the computers of the Foreign Office . It was not until December 2017 that the Federal Office for Information Security discovered the attack, but initially allowed the attackers to do so in order to collect more information about them. The hacker attack first became public in February 2018. According to German security authorities , behind the attack is the Russian hacker group Turla , which is also known under the names Snake and Uroburos and has been active since 2007. The parliamentary control body announced in a special session that the hacker attack was still ongoing in March 2018.

See also

Web links

Individual evidence

  1. a b c Patrick Beuth, Kai Biermann , Martin Klingst, Holger Stark : Merkel and the chic bear. In: The time . May 11, 2017. Retrieved May 15, 2017 .
  2. a b Cyber ​​attack on the Bundestag: arrest warrant for Russian hackers. In: tagesschau.de. May 5, 2020, accessed May 5, 2020 .
  3. Axel Kannenberg: Secret service suspected behind attack on Bundestag. In: heise online , May 20, 2015.
  4. a b : Christiane Habermalz infected fraction computers with Trojans. In: Deutschlandfunk Kultur , May 30, 2015.
  5. ↑ The entire IT network of the Bundestag must be replaced. In: Süddeutsche Zeitung . June 14, 2015, accessed August 10, 2018 .
  6. Archive link ( Memento from June 20, 2015 in the Internet Archive )
  7. a b Cyber ​​attack on the Bundestag: arrest warrant against hackers. In: tagesschau.de. May 5, 2020, accessed May 5, 2020 .
  8. The Bundestag is threatened with digital total write-off. In: Deutschlandfunk , June 10, 2015.
  9. https://netzpolitik.org/2015/digitaler-angriff-auf-den-bundestag-investigativen-bericht-zum-hack-der-it-infrastructure-der-linksfraktion/
  10. Dietmar Riemer, NDR, ARD Berlin: Hacker attack on Bundestag apparently started months ago. In: tagesschau.de. June 19, 2015, archived from the original on March 4, 2016 ; accessed on April 12, 2018 .
  11. Hacked: Trojans on Merkel's computer too. In: Rheinische Post , June 14, 2015.
  12. Cyber ​​attack on the Bundestag has consequences. In: Free Press . June 12, 2015, accessed May 7, 2020 .
  13. DER SPIEGEL: EU imposes new sanctions on Russia - DER SPIEGEL - Politics. Retrieved October 22, 2020 .
  14. Official Journal of the European Union, L 352, October 22, 2020
  15. Bundestag hackers apparently active again. In: tagesschau.de. December 4, 2015, archived from the original on July 2, 2017 ; accessed on April 12, 2018 .
  16. ↑ Hacker attack on the federal government: Maaßen speaks of an attack of Russian origin . In: Zeit Online , April 11, 2018.
  17. Kai Biermann , Ferdinand Otto: Russian hacker group Snake is said to be responsible for the attack. In: Die Zeit , March 1, 2018.