German Intelligence blames Russia for Parliament hack

Germany's domestic intelligence agency has pointed the official finger at the Russian state for the 2015 attacks on the Bundestag, the German Parliament

German Bundestag: Open accusations are rare when dealing with APT groups
German Bundestag: Open accusations are rare when dealing with APT groups

Germany's chief internal intelligence agency has blamed the Russian state for an attack on the German parliament.

The Bundesamt für Verfassungsschutz (BfV), which oversees domestic security, has pointed the finger of blame at PawnStorm, an infamous APT group believed to work directly for the Russian state.

The accusations were laid out by Hans Georg Massen, director of the BfV who said that PawnStorm is directed by the Russian state. The 2015 hacks on the German parliament and other German institutions, added Massen, were carried out in order to gather intelligence. 

However, he also told the press agency AFP that "Russian secret services have also shown a readiness to carry out sabotage."

The group's six month assault on the German parliament is one of its most famous. Revealed in May last year, PawnStorm attempted to deploy malware on government servers that would have given the attackers a permanent backdoor into the parliament. All 20,000 accounts that resided on the system were believed to be compromised, including those of Germany's foremost lawmakers.

PawnStorm has been engaged in attacks against a variety of German institutions including critical infrastructure and, as was revealed earlier this month, the ruling Christian Democratic Union party.

Open accusations are rare when it comes to cyber-security, even more so when it comes to espionage and intelligence. This rare moment of candour may confirm the suspicions of many in the cyber-security and intelligence community who believe that Russia uses powerful hacker proxies to further its geopolitical objectives.

Cyber-security company Bitdefender made similar sounds late last year. The company released a report which all but labelled the Russian government the sponsors of PawnStorm.

The prolific APT group is known by many names. In other instances it's been called Sofacy, Fancy Bear or APT 28. PawnStorm, one of its more popular monikers, comes from the chess strategy wherein pawns are rapidly deployed against an opponent.

Believed to be formed in 2004, the group's fingerprints have been seen in the electronic crime scenes of plenty of high-level attacks. Late last year, the group attacked NATO and the White House while pretending to be the privacy advocacy group the Electronic Frontier Foundation.

False flag tactics seem to be a favourite for this group, perhaps because Pawn Storm is so widely believed to be a proxy of the Russian state, attacking the enemies of Putin such as the embattled Syrian opposition.

Much like the historical relationship Britain has had with pirates or privateers, the Russian state may want to strike at its enemies, but without the repercussions of an open operation said Ewan Lawson, a fellow at the Royal United Services Institute and expert in cyber-warfare.

Germany's response, Lawson told SCMagazineUK.com, shows “the Germans are clearly losing patience”. 

However, added Lawson, “Arguably the whole point of this approach is proving the link between ATP 28 and the Russian state and even further with Putin's inner circle. As such, I think the Russians will smile knowingly but it won't lead to any escalation at this stage. The bigger significance is the growing public conversation about the state/non-state nexus.”

Relations between Germany and Russia have been far from warm over the past few years. Of particular consternation is the ongoing conflict in Ukraine. While Germany is considered to be the leader of the EU and driver of Ukrainian Europeanisation, Russia is strictly against any such move, all but claiming Ukraine as part of Russian sovereign territory. The conflict has played out nearly as much along diplomatic channels as it has along military ones.

A noted feature of this conflict has been the role of non-state ‘proxy' hacker groups like the Cyber Ukrainian Army, CyberBerkut, Null Sector and Anonymous Ukraine. 

Some “have acted by their own, some likely in the guidance of government. The war in Ukraine includes a range of proxy actors and proxy activity. While criminal groups have not been active players in the Ukraine conflict, the most prominent proxy actors have been hacktivist groups,” said Jarno Limnéll, expert in cyber-warfare and professor of cyber-security at Aalto University in Finland.

He told SC that Russia's foray into the cyber-world is as much about brinksmanship as anything else: “In strategic context I say that Russia is really testing the boundaries of cyber-battlefield where the political risk (for response) seems to be very low." 

Limnell added that cyber-operations are useful to states in that they offer not only plausible deniability and low political risk, but there is little articulate legal recourse with which to respond.