Germany bolsters cyber defences for upcoming election
Germany’s national cyber security agency BSI has warned political parties in the country to shore up their computer defences after high profile hacking took place in the recent French and American elections.
The head of the country’s domestic intelligence agency last week accused Moscow of gathering a large amount of political data in cyber attacks, and said it would be up to the Kremlin whether to meddle in the 24 September elections.
The government has boosted funding to the BSI and will add 180 jobs to the agency this year. It is also expanding a cyber defence centre and has stepped up data sharing with private sector firms. It is also considering legislative changes that will allow it to strike back, such as by destroying an enemy’s servers in the event of a major cyber attack.
Despite the extra vigilance, over a dozen cyber experts, German lawmakers and government officials have said the leaders of Europe’s most powerful nation face a huge challenge if they come under attacks like those on US presidential candidate Hillary Clinton and France’s incoming President, Emmanuel Macron, whose emails were hacked.
Security researchers and US officials believe Russian hackers were behind the US attack, and have warned Berlin that Moscow now has its sights on Germany. The origin of the hack of Macron’s emails last week is still under investigation.
UK Prime Minister Theresa May recently said that strong cyber security was essential to keep the upcoming general election a fair race echoing German and French concerns.
Government and party officials declined to comment on whose accounts were hit in 2015.
The BSI believes Merkel and her conservative Christian Democrats (CDU) are being particularly targeted by APT 28, a Russian group US officials have blamed for the hacking of Clinton’s emails.
The BSI said APT 28, also known as Pawn Storm or Fancy Bear, was behind the 2015 attack on Germany’s parliament as well as two attacks on the CDU last year.
Security firm Trend Micro said the group struck the think tanks of both the CDU and the Social Democrats, junior partners in Merkel’s coalition government, in March and April. Trend Micro said the group also targeted Macron.
Russia denies involvement in the attacks, saying it never interferes in the internal political affairs of other countries. A Kremlin spokesman said he had no idea who was behind APT 28: “We do not know who these people are and have no relation to them.”
But US and German officials say the connections are clear. The head of Germany’s BfV domestic intelligence agency, Hans-Georg Maassen, last week said Russia is orchestrating cyber attacks and influence operations to destabilise German society. And while Germany has strengthened its defences, gaps were inevitable, he said.
“I’m reminded of Sisyphus continually rolling a boulder to the mountain top only to be overtaken by his inevitable fate,” he said, referring to the Greek myth symbolising a futile act.
At a meeting with Merkel in Russia this week, President Vladimir Putin described allegations of Russian attacks related to the US presidential election as rumours.
But US and European officials say Moscow wants to erode confidence in Western democracies and undermine European unity.
“Putin’s short-term goal is to weaken the European consensus on sanctions against Russia,” said Hans-Peter Uhl, legal adviser for Merkel’s conservative bloc in parliament.
“The long-term objective is to divide the EU and secure the victory of Russian values in the battle against the West,” he wrote in the group’s latest magazine.
The Kremlin representative called the accusations “a bald-faced lie”.
One of Europe’s leading cyber-warfare experts recently warned that nuclear weapons around the world are insufficiently defended from the risk of a cyber attack which could increase the risk of nuclear war.