Difference between revisions of "Bundestag Hack (2015)"

From International cyber law: interactive toolkit
Jump to navigation Jump to search
(editing real world scenarios)
 
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{| class="wikitable"
 
{| class="wikitable"
|'''Date'''
+
! scope="row"|Date
 
|Detected in May 2015
 
|Detected in May 2015
 
|-
 
|-
|'''Suspected actor'''
+
! scope="row"|Suspected actor
|The investigations of the German Authorities indicate that the Russian hacking group 'APT 28' is responsible for the attack. The British Cyber defense agency has alleged that this group is linked to the Russian military secret service 'GRU' which is also accused for meddling with the US Presidential elections in 2016.
+
|The investigations of the German Authorities indicate that the Russian hacking group 'APT 28' is responsible for the attack. <ref> BBC, [https://www.bbc.com/news/technology-36284447 "Russia 'was behind German parliament hack"], (13 May 2016), BBC News. </ref> The British Cyber defense agency has alleged that this group is linked to the Russian military secret service 'GRU' which is also accused for meddling with the US Presidential elections in 2016. <ref> UK National Cyber Security Centre, [https://www.ncsc.gov.uk/news/reckless-campaign-cyber-attacks-russian-military-intelligence-service-exposed "Reckless campaign of cyber attacks by Russian military intelligence service exposed"], (3 October 2018), NCSC News. </ref>
 
|-
 
|-
|'''Target'''
+
! scope="row"|Target
 
|The network of the German Federal Parliament used by all MPs as well as the German chancellor
 
|The network of the German Federal Parliament used by all MPs as well as the German chancellor
 
|-
 
|-
|'''Method'''
+
! scope="row"|Method  
|At the beginning of 2015, MPs received an email from the address  'UN.org' which was designed like a UN News Bulletin. The link contained in the email then lead to the installation of the malware on the computer. The malware was then able to spread and eventually infiltrated the networks of the Parliament.
+
|At the beginning of 2015, MPs received an email from the address  'UN.org' which was designed like a UN News Bulletin. The link contained in the email then lead to the installation of the malware on the computer. The malware was then able to spread and eventually infiltrated the networks of the Parliament. <ref> J Delcker, [https://www.politico.eu/article/hacked-information-bomb-under-germanys-election/ "Germany fears Russia stole information to disrupt election"], (20 March 2017, last updated 28 January 2018), Politico. </ref>
 
|-
 
|-
|'''Purpose'''
+
! scope="row"|Purpose
 
|The hackers were able to access internal confidential communication data (such as confidential emails of MPs), their schedules, meeting details as well as other sensitive data.
 
|The hackers were able to access internal confidential communication data (such as confidential emails of MPs), their schedules, meeting details as well as other sensitive data.
 
|-
 
|-
|'''Result'''
+
! scope="row"|Result
|The group was able to maintain unauthorized access for several months until the attack was detected in May 2015 and even managed to access a computer in the parliamentary office of the chancellor. Approximately over 20 GB of data was stolen.
+
|The group was able to maintain unauthorized access for several months until the attack was detected in May 2015 and even managed to access a computer in the parliamentary office of the chancellor. <ref> A Biselli, [https://netzpolitik.org/2016/wir-veroeffentlichen-dokumente-zum-bundestagshack-wie-man-die-abgeordneten-im-unklaren-liess/ "Wir veröffentlichen Dokumente zum Bundestagshack: Wie man die Abgeordneten im Unklaren ließ"], (7 March 2016), Netzpolitik. </ref> Approximately over 16 GB of data was stolen. <ref> M Baumgartner, P Beuth, J Diehl, C Esch et al, [https://www.spiegel.de/international/germany/cyber-espionage-likely-from-russia-targets-german-government-a-1196520.html "The Breach from the East"], (18 March 2018), Der Spiegel. </ref>
 
|-
 
|-
|'''Aftermath'''
+
! scope="row"|Aftermath
|The German parliament's computer system was shut down for four days for maintenance works and additional safety mechanisms were installed. Investigations initiated by the German intelligence service then lead to the conclusion that the attack was launched by a 'foreign intelligence service'.
+
|The German parliament's computer system was shut down for four days for maintenance works and additional safety mechanisms were installed. <ref> AFP, [https://www.dw.com/en/bundestag-it-system-shut-down-after-hacker-attack/a-18659654 "Bundestag IT system shut down after hacker attack"], (20 August 2015), Deutsche Welle </ref>  Investigations initiated by the German intelligence service then lead to the conclusion that the attack was launched by a 'foreign intelligence service'. According to Die Zeit, the Chancellery staff considered responding to the malicious activity since they were convinced that the intruders have been acting on behalf of Russia. <ref> P Beuth, K Biermann, M Klingst, H Stark, [https://www.zeit.de/digital/2017-05/cyberattack-bundestag-angela-merkel-fancy-bear-hacker-russia "Merkel and the Fancy Bear"], (12 May 2017), Die Zeit. </ref>
 
|-
 
|-
|'''Analysed in'''
+
! scope="row"|Analysed in
|[[Scenario 2]]
+
|[[Scenario 02: Cyber espionage against government departments]]
 
|}
 
|}
real world incident
+
 
 +
[[Category:Example]]
 +
[[Category:2015]]

Latest revision as of 07:44, 17 May 2019

Date Detected in May 2015
Suspected actor The investigations of the German Authorities indicate that the Russian hacking group 'APT 28' is responsible for the attack. [1] The British Cyber defense agency has alleged that this group is linked to the Russian military secret service 'GRU' which is also accused for meddling with the US Presidential elections in 2016. [2]
Target The network of the German Federal Parliament used by all MPs as well as the German chancellor
Method At the beginning of 2015, MPs received an email from the address 'UN.org' which was designed like a UN News Bulletin. The link contained in the email then lead to the installation of the malware on the computer. The malware was then able to spread and eventually infiltrated the networks of the Parliament. [3]
Purpose The hackers were able to access internal confidential communication data (such as confidential emails of MPs), their schedules, meeting details as well as other sensitive data.
Result The group was able to maintain unauthorized access for several months until the attack was detected in May 2015 and even managed to access a computer in the parliamentary office of the chancellor. [4] Approximately over 16 GB of data was stolen. [5]
Aftermath The German parliament's computer system was shut down for four days for maintenance works and additional safety mechanisms were installed. [6] Investigations initiated by the German intelligence service then lead to the conclusion that the attack was launched by a 'foreign intelligence service'. According to Die Zeit, the Chancellery staff considered responding to the malicious activity since they were convinced that the intruders have been acting on behalf of Russia. [7]
Analysed in Scenario 02: Cyber espionage against government departments
  1. BBC, "Russia 'was behind German parliament hack", (13 May 2016), BBC News.
  2. UK National Cyber Security Centre, "Reckless campaign of cyber attacks by Russian military intelligence service exposed", (3 October 2018), NCSC News.
  3. J Delcker, "Germany fears Russia stole information to disrupt election", (20 March 2017, last updated 28 January 2018), Politico.
  4. A Biselli, "Wir veröffentlichen Dokumente zum Bundestagshack: Wie man die Abgeordneten im Unklaren ließ", (7 March 2016), Netzpolitik.
  5. M Baumgartner, P Beuth, J Diehl, C Esch et al, "The Breach from the East", (18 March 2018), Der Spiegel.
  6. AFP, "Bundestag IT system shut down after hacker attack", (20 August 2015), Deutsche Welle
  7. P Beuth, K Biermann, M Klingst, H Stark, "Merkel and the Fancy Bear", (12 May 2017), Die Zeit.