Germany calls for EU sanctions against Russia
Angela Merkel is well-known for her sober-minded and
rational style of government. But in a debate in the German parliament, the
Bundestag, on May 13 this year the chancellor was unexpectedly emotional in her
response to a question that had come from opposition ranks. What, she was
asked, did the government know about the 2015 cyberattack on the Bundestag,
during which data was stolen from Merkel's own parliamentary office?
Merkel said there was "hard evidence” that Russian
intelligence was behind the hacker attack, in which an estimated 16 gigabytes
of data, documents, and emails were siphoned off from the Bundestag's IT
network – including thousands of emails from Merkel's Bundestag office. The
chancellor clearly believes the cyberattack is linked with what she sees as
Russia's "strategy of hybrid warfare including cyber disorientation and
fact manipulation."
"I can honestly say, it pains me," said the
chancellor, clearly referring to her efforts to bring about better bilateral
relations with the Russians.
The chancellor's forthright comments marked a turning point
in the public perception of the threat posed by Russian cyberattacks. A turning
point that first became apparent a few days earlier when German Attorney
General Peter Frank issued an arrest warrant against Dimitry Badin.
Investigators are convinced that the 29-year-old Russian is behind the
spectacular attack on the Bundestag in the spring of 2015. The attacker's
malware had lodged itself so deeply in the network that it had to be completely
shut down and rebuilt.
The arrest warrant was followed by political measures. At
the end of May, Russian Ambassador Sergei Nechayev was summoned to the German
Foreign Ministry,where he was told that Berlin would: "press for action in
Brussels for implementation of the EU cyber sanctions regime against those
responsible for the hacking attack on the Bundestag, including Dimitry
Badin."
Thecyber sanctions mechanism was adopted by the European
Council on May 17, 2019.
It was agreed that if threatened with cyberattacks that
would possibly have a "significant impact" the EU could respond with
sanctions against individuals and institutions responsible for the aggression.
In concrete terms, the measures included an entry ban into the EU plus the
freezing of assets.
The potential sanctions were above all-important, says Julia
Schütze, Project Manager at the Transatlantic Cyber Forum, because of the
"political-strategic symbolism."
From July, Germany will be taking over the rotating
presidency of the EU council and the foreign ministry has told DW that Berlin
has, "put forward proposals for a list of sanctions" linked with the
hack attacks and is cooperating closely with its EU partners." It is,
though, a long process that begins at a European Council working group in
Brussels: the "Horizontal Working Party on Cyber Issues."
But German diplomats insist that a list of proposed
sanctions will be put forward in Brussels on 3 June.
The FBI has also been building a case against Dimitry Badin.
He is believed to be among intelligence operatives involved in hacking into and
stealing documents from the computers of Hillary Clinton and the Democratic
Party— among others — during the 2016 presidential election campaign in the
USA. The aim: to secure victory in the election for Donald Trump.
A report published by the investigative research platform
Bellingcat also suggests that there are close ties between Badin and Russia's
GRU military intelligence agency. Badin's address, for instance, is identical
with the official address of the GRU unit 26165.
This unit operates under a number of other shady and
controversial names, above all as Fancy Bear, but also Sofacy Group, Pawn
Storm, and Sednit. Many IT experts and Germany's Office for the Protection of
the Constitution prefer to use the technical term APT28, whereby APT stands for
"advanced persistent threat."
And the threat really is persistent. Cybersecurity specialists
FireEye, who have been monitoring the threat posed by Russian state-backed
hackers since 2007, see a link between the Bundestag attacks, efforts to
manipulate the outcome of the US election, and a long list of other attacks,
such as those on the World Anti-Doping Agency (WADA), the Organization for
Security and Co-operation in Europe (OSCE) or the North Atlantic Treaty
Organization (NATO).
Help from the Netherlands
But investigations are not easy. Not least because of the
problem of attribution: proving who did what and when. This is above all
because in the often-murky world of virtual reality it is easy to set up false
trails that put investigators on the wrong track. Just as easy: wiping away
traces of one's own nefarious activities. There are enough technical and
investigative sources that pick up on apparently criminal activity. But the
information they gather is rarely concrete and watertight enough to stand up in
a court of law.
All the more important, therefore, was support that German
investigators got from colleagues in the Netherlands. In the spring of 2018, a
Dutch counterintelligence team had thwarted aplanned attack on the headquarters
of the Organization for the Prohibition of Chemical Weapons (OPCW).The Dutch
probe came into the possession of a wide range of technical equipment. And it
was this that, according to Julia Schütze at the Transatlantic Cyber Forum,
made it possible to provide the attorney general with a clear trail leading to
leading to Badin and GRU.
However, even a short visit to the attorney general's
website clearly illustrates the huge diversity of the cyberthreat: "Among
the best-known cases," the site claims, "is the attempt made by US
intelligence services to spy on Chancellor Angela Merkel's mobile telephone."
But: "The allegations could not be fully substantiated and taken to court.
The case was closed in 2015."
It will be interesting to see whether Germany can, beginning
in July, use its position as President of the European Council to make sure
that the hack attack on the Bundestag does not go unpunished.
Comments
Post a Comment