Germany Grapples with Cyberwarfare

Fraud Prevention

July 7th, 2015

Actimize FMC Product Team, Financial Markets Compliance

Last month’s Trojan-led cyber-attack on the German Bundestag is truly earth-shattering in many ways. While the US information security community is currently concerned with the migration to EMV cards and the very significant Office of Personnel Management (OPM) breach, during a trip to Europe last month I noticed that this German incident made headlines and so thought it was worth us making some comparisons to the global cybersecurity situation in general.

Spear Phishing Champions: First of all, talk about a successful spear-phishing incident! If in fact Chancellor Angela Merkel’s own computer was the source of much of the infection, this is truly a stunning revelation and one which is incredibly savvy on the part of the adversary. Who wouldn’t open email from the German Chancellor if she were to send it to you?
Persistence: We hear about APTs (Advanced Persistent Threats) all the time, but this is a persnickety one to say the least. Media reports, both from within Germany and outside of it, have reported that the Trojan remains active and that it has remained active for approximately a month. Talk about persistence.
Merkel’s Special Relationship with Russia: Germany has been targeted before, and while attribution (which we all know is an increasingly touchy subject when it comes to cyber warfare) from last year’s incident was also ascribed to Russia, nothing is known for certain about who the attacker actually was or from where they emanated. This is incredibly ironic, too, since Merkel speaks fluent Russian, so much so that she and Russian President Vladimir Putin are known to speak Russian together when they are in direct contact. According to a Stasi document from 1984, “she is fascinated by the Russian language and the culture of the Soviet Union.”
BYOE (Bring Your Own Encryption): Reports in The Wall Street Journal state that “members of parliament have been trying to improvise their own security systems … increasingly using commercially available encryption services.” This is perhaps not surprising in the post-Snowden era, but it is something that one has to imagine is terribly disconcerting to an IT Department, never mind one which has legal requirements connected to archiving for the historical record.
Who Should Legislators Turn to For Support?: German legislators have been working to prevent their own German domestic intelligence services from participating in some aspects of the investigation due to concerns around those services having access to legislative debates, sensitive planning, and other confidential information. Sound familiar? Think about how difficult it must be for any legislator, no matter where they are in the world, to decline to bring in one’s own intelligence service to help remediate the situation when they know that doing so is probably the wise thing to do?
A Hardware Vendor’s Dream: The Bundestag has been contemplating a full-blown replacement of all equipment. Think about the staggering implications of this, the cost (estimated to be several million Euros), the time, and the publicity! And what’s to stop it from happening again in 12 or 18 months?

This incident truly sits at the crossroads between personal liberty, division of powers, and international diplomacy. And yet, what I find so fascinating about it is that cyber warfare serves as the primary catalyst for these discussions and takes them to areas that rarely overlap in the way they do with this incident.

Although a decidedly European event, this incident could have happened anywhere and will likely repeat itself in some manner in the near future, reminding us of the need for a holistic risk management framework – of course with the requisite funding and staffing – that is sponsored by the highest echelons within any organization.