Office of the Auditor General of Norway

This week the Norwegian government have been under a severe hacker attack. The National Security authorities have raised the threat level to 3 – the highest since the Stuxnet attack against Norwegian oil installations and other crucial systems in June this year.

“The police are aware of vulnerabilities in PDF readers that’s been exploited for hacking.”

Espen Strai

Norwegian Security Authorities

The Norwegian governments building in Oslo have this week been hit by the most serious hacker attack so far this year, Norwegian newspaper Aftenposten reports. This attack has been possible because the ministers and their staff still hasn’t updated their PDF software.

According to the norwegian newspaper Aftenposten, National Security Authorities discovered a flow of infected PDF files coming in through the governments email system, passing the firewall without any trouble.

The serious attack was kept a secret until the newspaper got hold of an internal note to the security personnel at the government building, warning against the hole in their security systems.

The National Security authorities (NSM) are still working on the case, trying to patch the holes and see if they can trace the perpetrators.

The attacks this week have led the NSM to raise the national threat level to level 3 – the highest since the Norwegian oil companies, utilities and other vital social structures were attacked by the dangerous Stuxnet worm earlier this summer.

NSM and the Norwegian government has kept this last attack a secret from the public. The reason is that they’re still working to resolve the problem, and investigate who is behind, whether they are hackers, computer criminals or foreign intelligence, aftenposten.no writes.

Hackers and computer criminals have discovered that the ministers and their staff have done a classic amateur mistake – they have failed to update the computer program Adobe Reader, which is used to read PDF files.

That makes the government buildings an easy and tempting target.

Using a computer virus, a so-called “Trojan,” which uses known vulnerabilities in Adobe, the hackers tried to install software that would give them full access to the computers.

Every day more than 5 million emails passes through the governments firewalls that’s supposed to protect highly sensitive data, government notes and classified information, which can cause both individuals and Norwegian security concerns very much damage.

The Office of the Auditor General of Norway has previously criticized prime minister Jens Stoltenberg and his government for the very poor data security and, among other things, using old software.

Ministry of Government Administration and Church Secretary Rigmor Aasrud says that the government has implemented several measures.

“We can not comment on the different security ratings by NSM. However, we’re continuously assessing the measures that are necessary. We expect people to be vigilant and careful with what you do,” says communications manager Frode Jacobsen Minister of Government Administration and Reform.

“The police are aware of vulnerabilities in PDF readers have been exploited for hacking. We follow the situation around this carefully,” says communications director Espen Strai at the National Police Computing and Material Service.

Norwegian police have now taken steps to update the governments applications so that most attacks are stopped, aftenposten.no is told.

Related by The Swapper: