Cybercrime and the war in Ukraine
May 10, 2022The attack by a group calling itself "Killnet" was intended to overwhelm the servers of German authorities. A so-called DDoS (Distributed Denial of Service) attack.
Even the German agency responsible for tackling cybercrime, the Federal Criminal Police Office (BKA), was itself a target. It did not suffer much damage — merely a delay in loading its website, BKA Vice President Martina Link told DW. On the sidelines of a BKA presentation titled "Situation Report Cybercrime," Link spoke of a "'rather low-level" attack.
Nevertheless, this manageable DDoS attack is only the latest signal of a new — and threatening — development: Link refers to cyber groups and hacker collectives aligning themselves in solidarity with Russia or with Ukraine. They would then commit corresponding attacks — such as "Killnet". With that, "there is a risk that these attacks will also affect innocent bystanders, even if that was not intended," Link explained.
One thing is certain: The war in Ukraine is also being fought online, and from there it is spilling over into Germany's digital spaces. That is why the President of Germany's Federal Office for Information Security (BSI) Arne Schönbohm warned DW: "In view of the Russian war of aggression against Ukraine, the BSI continues to observe an increased threat situation for Germany." Schönbohm called on businesses, organizations, and agencies to review their IT security measures and make sure they were suitable for the current threat level. "Since Russia's attack on Ukraine began, there have been individual cases of additional IT security incidents, but these have only had isolated effects," the BSI chief continued.
Boundaries become blurred
The thing that worries criminologist Martina Link: She sees the boundaries between purely criminal and state-controlled hackers becoming increasingly blurred. This brings us back to the possible repercussions of the war in Ukraine.
At the end of February, at least 3000 wind turbines in Germany could suddenly no longer be accessed for remote maintenance. The system ran over the internet and the turbines were connected to the network via a satellite provider. This provider, however, was hacked — on February 24, the morning the war began. Probably because the Ukrainian authorities and military also used the same provider.
In its latest annual report, released in mid-2021, Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV) wrote: "The Russian intelligence services are making extensive use of cyberattacks for Russia's geopolitical power plays." It then lists several well-known hacker groups that it attributed to the secret services. These include"Fancy Bear," which has been active since at least 2004, and "Snake," an "extremely clandestine, technologically savvy attacker with international target selection."
Haya Shulman is a professor of computer science at Goethe University in Frankfurt and heads the department at the Fraunhofer Institute for Secure Information Technology. The cyber security expert is sure: Although hardly any cyberattacks in connection with the war in Ukraine have been registered, that does not mean they don't exist. That's because "successful cyberattacks are not detected," Shulman told DW. She refers to the hacking attack on the Bundestag in 2015. Or the hack of the federal computer network, which was publicly revealed in 2018. The network that was attacked was used for communication between the chancellery, ministries, and security services is mostly separate from the regular internet — and was considered secure.
First 'cyber catastrophe'
Online criminality is booming: The BKA recorded a marked increase in the number of cases to about 150,000 registered cases last year. Experts estimate the real number of cases to be significantly higher.
Many cyber attacks have far-reaching consequences and can affect all citizens in their daily lives. In early July last year, for example, hackers in the eastern German district of Anhalt-Bitterfeld attacked local authorities with ransomware. The malware encrypted all data and programs. The administration's servers and computers all had to be shut down. Social benefits could no longer be paid out, cars could not be licensed. The district declared a cyber disaster — something which was unprecedented in Germany.
COVID also drives cybercrime
Martina Link of the BKA lists several reasons for the "significant increase in the number of cases." Above all, the surge in digitization brought about by the coronavirus pandemic has created a wealth of new opportunities for criminals.
At the same time, the digital underground economy has evolved: From botnets to credit card data to malware, everything can be bought using Bitcoin. Because perpetrators work across borders, it is difficult for police forces to reach them. The rate of such crimes being solved is about 30% — below the German average for police crime statistics (PKS).
Since the perpetrators are so well-linked internationally, Martina Link relies on cross-border cooperation between authorities. "This has developed very positively in recent years," she told DW. She refers to the example of "Emotet" last year. Law enforcement agencies of several countries joined together to break up the infrastructure of this malware operation.
This article was originally written in German.
While you're here: Every Tuesday, DW editors round up what is happening in German politics and society. You can sign up here for the weekly email newsletter Berlin Briefing.