(DW)– German authorities allowed hackers “controlled” access to a government network in an attempt to track the culprits. But politicians are upset they find out about the intrusion from the media.
German lawmakers on Thursday demanded answers over why they were not informed earlier about a cyberattack on a government network, after security officials had uncovered it last year.
The German parliamentary committee that oversees the country’s intelligence agencies was briefed on the incident for the first time on Thursday.
Armin Schuster, a member of Chancellor Angela Merkel’s Christian Democrats and the chairman of the intelligence oversight committee, called it a “veritable attack” on the government network.
“It’s an ongoing attack and therefore public discussions about details would simply be a warning to the attacker which we don’t want to give,” he said after an emergency meeting of the committee. “The spilling of secrets caused considerable damage, but the government, as of today, is trying to limit the damage.”
Watching the hackers
German news agency dpa reported on Wednesday that the notorious Kremlin-linked hacking group APT28 had infiltrated computer networks inside the Foreign and Defense ministries in Berlin.
The Interior Ministry admitted experts had uncovered the malware attack. However, instead of wiping the malware, officials instead allowed the hackers to maintain “controlled” access to the government networks in order to track the perpetrators and their methods, the Interior Ministry said.
German Interior Minister Thomas de Maiziere called the hack sophisticated and professional.
“The highly professional attacker was monitored by the security authorities in order to gain further insight into the attacker’s attack mode and objective and to initiate case-appropriate security measures…These measures are still ongoing,” the minister said in a statement.
Following the briefing, opposition lawmakers warned that the hack may have caused “considerable damage” and questioned why Merkel’s government had not briefed them on the incident sooner.
It still remained unclear whether any sensitive data was stolen.
Following Thursday’s parliamentary committee briefing on the incident, lawmakers voiced their frustration of learning of the hack through the media.
“As a committee member (for Germany’s intelligence agencies), I am most angered to have learned of the attack through the press,” SPD lawmaker Burkhard Lischka told DW. “The Chancellery is obliged to inform the parliamentary group about such incidents. That’s not what happened here, and I believe that it is against the law.”
Fellow oversight committee member and Green party lawmaker Konstantin von Notz also said it was “very frustrating” that the government had kept the hack secret before the story broke in the media.
“While there may be good arguments about why some of the information was kept tight during the past weeks, it is completely unacceptable that yesterday afternoon we were informed by dpa,” von Notz told reporters.
Green party leader Katrin Göring-Eckardt said the government only had itself to blame for having failed to keep its network secure. “The federal government is as much a victim as it is culpable for the attack,” she said. Those who fail to protect their digital infrastructure and do not address “the clutter of digital and political competences” are part of the problem, she added.
A lawmaker with Merkel’s conservative bloc justified the government’s decision to withhold details of the hack. Stephan Mayer of the Christian Social Union, the chancellor’s Bavarian sister-party, said “a complete and thorough investigation” was required, albeit “not in the public marketplace.”
“It wouldn’t contribute to a serious investigation if we got involved in speculation,” Mayer told broadcaster SWR.
Complexity of hack on unprecedented
Conservative oversight committee member Patrick Sensburg told German broadcaster ZDF that the latest attack involved a significantly more malicious piece of malware than that seen during the 2015 network breach of the German parliament.
German daily Bild also reported that security officials were taken aback by the sophistication of the attack, which had exceeded levels of complexity previously seen.
However, the incident also raised questions about the German government’s network security. Lischka said she doubted whether Germany’s security architecture was sufficiently robust to prevent future attacks, while Green party politician Annalena Baerbock told DW that two attacks in three years showed that “cybersecurity in the country is lagging behind.”
Sven Herpig, a fellow at German technology think tank “Neue Verantwortung” (New Responsibility) and former cybersecurity specialist for the German army, told DW that the federal government boasted a robust security offering, although “it was not good enough to fend off the attackers in this case.”
“But you can never have 100 per cent security,” Herpig added. “After all, we are talking about espionage here. Espionage is centuries old and has always been conducted. Now it’s been moved together with a digitalization into the cyber domain.”
The group suspected to be behind the attack, APT28, has been linked to Russian military intelligence.
Also going by the name “Fancy Bear,” the group has previously been identified as the likely source of the 2015 attack on the German parliament, as well as on NATO and eastern European governments.
It has also been blamed for hacking the Democratic National Campaign during the US election campaign.