IT-Seal Logo Social Engineering Analysis LabsIT-Seal Logo Social Engineering Analysis Labs

The super-election year 2017:
Year of the Superhacks?

Die Zukunft der Informationssicherheit
liegt nun in ihren Händen. Endlich.

Author: David Kelm, 10. March 2017
Reading time: 4 minutes
In recent years we have seen many politically motivated cyber attacks. One of the earlier known hacks was the Stuxnet attack, in which Israeli and American secret services were probably involved. More recently, we have seen IT security incidents that overshadowed last year's US election, as we have already mentioned in a previous blog post about the Clinton hack.

Now the question arises: Will the election in Germany be affected by cyber attacks as well? In this article, we will look at the current developments of the super-election year 2017: The elections in the Netherlands, France and Germany are important fundamental decisions for European democracy. As European citizens we are concerned about the persistent reports of cyber-security incidents. Here's a short overview of past cyber attacks of a political nature:

Summer 2015: The Bundestag hack

A far-reaching attack on the infrastructure of the German Bundestag network was discovered and ended after months. A phishing e-mail on behalf of the UN, which was clicked on by a member of parliament or an assistant, was identified as the gateway to the phishing attempt. The attack was not aimed specifically at the Bundestag, but at various political institutions and is now publicly attributed to Russian hacker groups (including APT28).

September 2016: Cyber attacks on German top politicians

Several targeted attacks on top German politicians have been carried out, which are connected with the upcoming Bundestag elections according to government experts. The attacks are officially attributed to the same hacker groups and have once again been carried out by phishing e-mails. This time the fake e-mails came on behalf of NATO – so far it has not been possible to make any statements about the extent of the damage.

But it is not only the German political apparatus that is a frequent target of hackers. The international community has to cope with many attacks. Here are a few examples that are known to the public:

December 2016: Cyber attacks on the OSCE

A recent cyber attack on the Organisation for Security and Cooperation in Europe (OSCE) has caused a stir. It is assumed that hackers have successfully stolen highly confidential data. Here, too, the German Federal Office for the Protection of the Constitution suspects Russian actors.

December 2016: Cyber attacks on the Polish foreign ministry

A professional attack on the foreign ministry in Warsaw was not stopped until December 2016. Several employees had received phishing e-mails on behalf of NATO.

January 2017: Cyber Attacks on the Czech foreign ministry

The Czech foreign ministry was less fortunate than its Polish counterpart. In January, it was discovered that hackers have been reading the foreign ministry's e-mail communication for weeks or even months.

January 2017: Cyber attacks on NATO

At the end of January, NATO reported an increase of 60% in the number of threatening cyber attacks. It was evident that these were collectives of hackers who were receiving state support. Even the NATO article 5 alliance case is now being considered for cyber attacks of a certain magnitude. 

The recent revelations of WikiLeaks also raise concerns about how even the US will deal with its offensive cyber units in the future –  after all, they have been active in Europe several times in the past.

An alarming picture.

It seems almost impossible that German politicians will be spared. In light of the international incidents and massive political intervention on the basis of cyber-attacks, one wonders: Were German politicians, at federal, state and local levels not yet hacked because they are so secure, or have the attacks just not been discovered? Are comprehensive measures already being taken in politics and business to protect against social engineering, social hacking and phishing? And is our political and economic system prepared for the present and future of organised cybercrime?

We can probably assume that this year will be very interesting not only at the political level, but also at the cyber level. Like the BSI President, we are left with just one plea to the parties: Take IT security seriously!

However, some current news reports cast serious doubts as to whether this awareness of the seriousness of the situation has really reached day-to-day political affairs. It is certain that administrations and parties, as well as NGOs and companies, should definitely invest in IT security in order to survive in today's digital world. As far as tomorrow is concerned, I'd rather not even think about it.

Was zeichnet uns aus:

Umfassende & standardisierte Analyse
Identifizierung & Quantifizierung 
der Sicherheitsprobleme
Made in Security Valley Darmstadt
Wissenschaftlich validiertes Konzept

Keep in touch:
Subscribe to our social media channels