The hacker group behind the attack on the Democrats in the USA, in recent years, gained access to e-mail employees of the Danish Ministry of defence. Information could be used to blackmail employees in order to make them agents, believes the intelligence service of Denmark. Defense Minister Claus Frederiksen yort (Claus Hjort Frederiksen) said that “we are faced with a critical situation.”
State-controlled Russian group of hackers throughout 2015 and 2016 hacked system the Danish Ministry of defence and had access to the e-mail of a number of carefully selected employees, which hackers use to get information.
For hacks is a group of ATP 28, which is also called Fancy Bear, according to several intelligence services, it has direct links with the government of President Putin is one of the two leading hacking group that last year got illegal access to the mail accounts of the Democrats in the United States.
The information contained in the hacked emails of the employees of the defence, refers to the so-called unclassified information, but the recently completed report on the hacking attack, which Berlingske had the opportunity to see the Centre of cyber security intelligence services, writes that the attack still represents a serious threat to the security of Denmark — including the fact that Russia can use this information to recruit agents in the Ministry.
“Data can be used for recruitment activities, pressure and for planning the future of espionage,” the report says.
In addition, hackers can use infected mail accounts for mail distribution to expand the zone and hacking to give hackers access to more sensitive information, says the report.
The cyber security centre gave the report to the defence Minister Claus Frederiksen Tortu, shocked by the attack, which, he said, was planned by the Russian government.
“What happened, was very well planned. This is not some small hacker groups, who are doing everything for the sake of entertainment. This is due to the intelligence or to the Central elements of the Russian government, and we have all the time is an endless struggle to keep them at a distance,” says Klaus yort Frederiksen.
We are faced with the critical situation
He did not want to disclose the names of victims of the attack, as this information confidential.
Yort underlines something that is also evident in the report, namely: we are not talking about access to information of a top secret nature, for instance, about weapons systems, so as to this information to get via the Internet is impossible.
The data that the hacker was obtained by about the Democrats in the US — for what, as it turned out, was Russia, later got into the press during the election campaign, and they concern confidential information about Hillary Clinton. After that then acting President Barack Obama expelled from the US, 35 Russian diplomats.
It is still unclear whether take place the same dissemination of information obtained as a result of hacking of hacking of Danish defence, says Klaus yort Frederiksen.
“None of us can know how hackers use these data. But in a system of unclassified data is referenced, and mention of certain facts and circumstances, information of which can be extended. They attack in many different ways, and this happens on a very sophisticated level. This means that we are faced with a critical situation,” he says.
Report: the foreign Ministry is also under attack
The attack occurred as follows: hackers in several waves send hundreds of electronic messages private the carefully selected staff of defense in so-called phishing emails. For example, employees received a letter that looked as if it was sent by an internal sender, but the message about the need to update the system.
After that, the employee was required to log in with your password and start updating, but instead fell to the fraudulent login page that looked almost identical to this.
After entering the secret code the hackers accessed the password, and could take any information from any email account.
Several times hackers tried to send to the Ministry of defence and foreign Affairs to attack of a different type, trying to take control of computers and servers. In particular, they used a complex program that collected thousands of potential passwords.
But they failed, the report said.
Report: lack of protection of the Ministry of defence
The report States that the attack was made possible because were not timely implemented new security measures against hackers trying to get to the unclassified emails. This was not done, despite the fact that the security situation has changed and the use of electronic communication has increased, the report said.
“We are talking about the postal system, which is used for unclassified correspondence. So it applies lower security standards than for other systems of the Ministry of defence, and, accordingly, this is where criminals easier to penetrate the system. This system is older and tests have shown that safety performance could be better,” says Klaus yort Frederiksen.
Berlingske: But we’re talking about security of the Ministry of defence. Is it acceptable that there is such a lack of control?
Yort Claus Frederiksen: We have taken appropriate measures, and protection of this system has been greatly improved. But it is also necessary to indicate that threats are of such a nature and complexity that it is extremely hard to guarantee for sure.
— Whether the incident had any consequences for someone in the defense?
— No.
And in the manual too?
— No, security has been strengthened, and established new procedures.
The threat level “very high”
In January, the defense Minister in an interview with Berlingske called a threat to Denmark coming from state-controlled Russian hacker groups “frightening”.
Intelligence service shortly thereafter published its threats report for the year 2016, according to which the threat in the field of cyber-espionage and cybercrime from foreign powers received the highest rating — “very high”.
In addition, some other Western intelligence service has warned that hacker attacks from Russia constitute a growing threat and can affect the parliamentary elections in 2017 in France, Norway and Germany.
The attack on the Ministry of defence — proof of massive and serious cyber threats, said Thomas Lund-sørensen (Thomas Lund-Sørensen), head of the Center for cyber security.
“Here’s a very specific example that is not just theory and speculation, when we talk about big and serious threat of espionage against Denmark, he says, and adds, — It was not a classified system, it does not deal with weapons or something like that. Therefore, the Ministry of defence did not protect more than others, but even information that is not directly relevant for the defense, may contain data that can be used. For example, to prepare a directed hacker attack against people, which is a more important goal.”
Berlingske: the report says that the data can be used for pressure and recruitment of employees. With any employee associated with such goals?
Thomas Lund-sørensen: I can’t comment.
The risk of more serious attacks in the coming years
He also believes that the attack on the defence Ministry was a warning that hackers could take even more threatening to our security. At the same time, the Center of cybersecurity will not include potential attacks on key infrastructure elements such as electric, oil and gas supply system, the main threats.
But Intel admits that things could change in the coming years, says a worried Klaus yort Frederiksen.
“The risk that the cyber threat continues to increase, more than the possibility of a real war. But it is no less dangerous, because if someone manages to hack the infrastructure, it will undermine confidence in our control of the situation in the future. What if someone hacks into the system of payment of pensions and destroy it? Or system for recording and storing information in hospitals? Or paralyze electricity and gas? In fact, start a panic,” — said the Minister of defence.
Berlingske: That you have taken against Russia in connection with this attack?
Claus Frederiksen yort: We absolutely did nothing. They do not recognize that they did, and never acknowledged, so it would be naive.
— But you have a report which shows that the Danish defence was hacked by a group controlled by the Russian state, whether you demand an explanation from the Russian authorities, at least from the Ambassador, and say that we are not going to put up with it?
— I don’t even want to be, because I already know what the answer is. Yes, it is a daily struggle against these hackers.
He will discuss recent data with stakeholders in the autumn negotiations on a new defence agreement for the period from 2018 to 2022, in addition, he noted that the government has initiated safety checks of the ministries and departments.
“To date, I have been a Minister of defence is not very long, but I have to say that I was impressed, very, very big impression real scale of these attacks. And how often every day we are exposed to them. This gives grounds for serious concern”, says Claus yort Frederiksen.
