Russian Hackers in Bundestage: Angela Merkel’s Heartache

The Chancellor of Germany Angela Merkel has heartache. ‘On one hand, every day I am trying to improve relations with Russia, on the other hand – we have serious evidence that Russian forces are related to these action and thi…

The Chancellor of Germany Angela Merkel has heartache. ‘On one hand, every day I am trying to improve relations with Russia, on the other hand – we have serious evidence that Russian forces are related to these action and this arises tension’, leader of the most powerful state of the European Union told. These words were the reaction of A. Merkel to the news that in 2015 Russian hackers attacked the Bundestage server in Germany and stole a lot of documents of its deputies and documents of the Executive Office of the Chancellor, mostly e-mail correspondence.
In reply to questions of Budestage deputies, A. Merkel told that she got an impression that hackers ‘chaotically grabbed everything what they could’. On the other hand, the Chancellor welcomed that ‘the federal public prosecutor announced about a search for a particular person’. Previously German media announced that the prosecutor’s office made a warrant for arresting the main suspect in a cyber attack, during which hackers of the group APT28 broke into the access to inboxes of Budestage deputies and A. Merkel Executive Office.     
German media announced about this five-year old incident at the beginning of May. The official reaction of Moscow was usual: after a proper pause Sergey Lavrov, Minister of Foreign Affairs of Russia stated that Berlin had not produced any evidence that his country had contributed to the mentioned cyber attack. Russia has always followed this tactics of denial, let’s say, even after breaking into servers of the Democratic Party of the United States that lead to a big fuss, when they tried to make impact on 2016 United States presidential election.   
However, we will talk about this a little bit later. Meanwhile, let’s go back to the details of the German story that were published by Der Spiegel. According to the newspaper, on 8 May 2015 – right when 90 anniversary of the end of World War II was celebrated, hackers took over the access to computers at the Executive Office of A. Merkel. Acts of evildoers paralyzed all information technology system of the Parliament. According to the news of the newspaper, hackers managed to download about 16 GB data, among which there were thousands of letters sent from the Chancellor’s Executive Office in 2012-2015.    
Meanwhile, according to information of the independent investigators portal Bellingcat that is known for its professionalism, the attack started in April 2015. Then deputies of Bundestage and employees of A. Merkel Executive Office received a letter sent from the head office of the United Nations. Both the sender’s e-mail (un.org) and the header of the letter ‘The Conflict between Russia and Ukraine Turns the Economy into a Wreck’ should have not raised any doubts in regards to the origin of a document. Hardly anyone could suspect that a code was lying behind it, which enabled installation of a malicious software in the computer of the target. This software stole passwords and took over all IT infrastructure of Bundestage in a few weeks time.
‘A particular suspect’ mentioned by A. Merkel in this story was a person, who not only participated in attacks against other state institutions, but who also is indisputably related to Military Intelligence of Russia GRU. This is being evidenced by both acts of the USA and German law enforcement authorities and also details collected by independent investigators and published in public that leave no place to usual S. Lavrov lies that Moscow had nothing to do with these attacks. The suspect is thirty year old citizen of Russia Aleksandr Badin, who was officially charged by the Department of Justice of the United States in 2018 with breaking into. The same was done to another eleven persons who belong to the mentioned group of hackers APT28. By this American law enforcement authorities just confirmed details that were published by investigators from an independent portal The Insider one year ago, who produced obvious evidence that this group was made of GRU agents. With regards to D. Badin, both the prosecutor’s office of Germany and Federal Investigation Agency (FIA) named him as an employee of the military unit 26165. This unit is also known as centre 85 of GRU, which specializes in cryptography. Independent investigators also confirm such details in their investigations.
The U.S. Department of Justice charges all twelve GRU agents with breaking into severs of the Democratic National Committee, Democratic Congressional Campaign Committee, the candidate to the president Hillary Clinton and after the information received from hackers was published. The operation started in 2016 when intelligence officers of Russia broke into computers of volunteers in H.Clinton election headquarters. This is how GRU agents received user names and passwords of most employees from the headquarters and through them – access to their e-mail accounts.   
Then the hackers broke into the internal computer network of the Democratic National Committee and their election to the Congressional Committee. Russian intelligence also found its way to trace computers of tens of employees and read letters and documents contained in them in a remote way. As the investigation demonstrated, GRU agents purposefully in the correspondence were looking for documents containing key words such as Hillary, Cruz (in this way they kept in mind the Republican Ted Cruz, who participated in the initial stage of election), Trump, etc.   
After Russian intelligence officers took over confidential information, they started publicizing it. A special domain was registered for that purpose, in which GRU agents, pretending to be a group of American hacker activists, posted stolen documents. The mentioned resource was popularized in social networks such as and by using a lot of fake profiles. Later, when Russian authorities were charged with intervention into the USA presidential election campaign, a fictitious character Guccifier 2.0 appeared on the Internet. From the texts of this blogger, who was posting the same stolen information, we can make an impression about its Romanian origin – according to the    investigation of the Department of Justice, in this way they tried to hide ears of Moscow that were sticking up in this scandalous story.   
GRU agents did not limit themselves to stealing and publicizing of confidential information. After breaking into servers of the Election Committees of the United States, Secretaries of the State, American companies that were supplying hardware required for election, they got a chance to take over personal details of electors.   
In order not to fall into a trap Russian spies were using falsified personal documents, used to introduce themselves as citizens of various countries of the world, including the USA. In order not to leave a financial trace and raise questions about the origin of money, they used to pay in crypto-currency for various computer services, including the mentioned registration and support of .   
Up to now the law enforcement authorities of the USA have made 11 charges against GRU agents, among which are charges with criminal conspiracy, the goal of which was to make influence on 2016 Presidential election.    
Thus, from what has been published by German media we see that breaking into computers of Bundestage and Executive Office of the Chancellor of Germany was not this kind of operation to D. Badin. Actually, even 5 years after this attack it is still not clear or at least it has not been published neither how many hackers were involved nor what particular information they managed to take over. However, we can presume that more details of this event will come into light – not by accident the investigation of the incident took so long and experts of the Federal Criminal Police Agency (BKA) and Federal Information Security Board (BSI) that were investigating this incident had applied to 21 state for assistance and were looking for traces of the crime in three hundred taken servers.   
Of course, nobody knows how many operations of similar type have been executed or are still in the process of execution by GRU hackers. In publicly available sources we can find some information that their next targets were servers of the U.S White House, Ministries of Foreign Affairs of Czech Republic, Poland, Germany, Italy, Latvia, Estonia, Ukraine, Norway and Netherlands, Ministries of Defence of Denmark, Italy and Germany and NATO, editorial offices of foreign publications and oppositionists of  Russia and blogs of journalists.    
Among the recent cyber attacks media now mentioned about attacks against some hospitals in Czechia, the Ministry of Health of Czechia and Vaclav Havel international airport. Are Russian hackers hiding behind them too and are they also related to special services of this country? Up to now there are no   official results of the incident investigation or charges brought against somebody, however Czech media has no doubts whose work it is. ‘Cyber attacks against hospitals of Czechia or air ports? ‘A foreign super-state must have organized the bombardment, all traces lead to Russia’, the news portal wrote.    
Two more things raise no doubts about the origin of cyber ‘snipers’. Firstly, Czech experts analyzing details of the attackers have already told media that both their used IP addresses and the type of software that have been used for breaking into a critical infrastructure, show a Russian trace.
Secondly, these cyber attacks have started right after the monument to Ivan Konev, Marshal of the Soviet Union, was dismantled. Let’s remember that right after that, activists of a radical organization Drugaja Rossija attacked the Embassy of Czechia in Moscow. After some days the official representative of the Russian Investigation Committee announced that a criminal action was brought against officers of Prague town hall for ‘public violation of symbols of military glory of Russia’, thus government of Czechia had to organize bodyguards to them. In this context cyber attacks against vitally important establishments of Czechia – hospitals and the airport – seem as parts of the same chain of events.    
Going back to A. Merkel’s heartache as a result of the revealed hackers’ attack against her own office ‘does not make the situation better’, the Chancellor of Germany, however again repeated that there were reasons to improve relations with Russia. It seems that indulgence to Moscow of some influential leaders of Europe still has no limits.
Aras Lukšas

Voras Online
Žiūrėti visus straipsnius
Palikite komentarą

Autorius: Voras Online