Tag Archives: Warfare and Conflict

EU To Create New Cyber Defence Unit

Senior EU official

The attack in March – just a few days ahead of an EU summit on military strikes in Libya and on the euro zone debt crisis – saw commission systems attacked “in a very well-organised and targeted way, focusing on three or four keywords on external relations and monetary issues,” according to a senior EU official.

“It was probably espionage, but this is very difficult to prove. We don’t expect to ever know if it was the case or not,” the source added.

The contact did not reveal if any data was actually stolen.

The commission has not launched a criminal investigation at this stage and is still assessing the level of damage.

It has in the past three months beefed-up its email security, the EUobserver writes.

Up until the attacks email accounts could be accessed remotely by typing in a password. But now users have a special “security token” – a small device which generates a secondary password required to log on.

Brussels is also setting up a new Computer Emergency Response Team (CERT) to stave off future attacks.

The unit will pull together existing IT security departments from the commission, the EU parliament and the EU Council to handle cyber attacks on all EU institutions and to share intelligence in real-time with CERTs in EU member states.

The new body is to run tests in June and to be fully operational by 1 October.

Otmar Lendl – the head of the Austrian CERT – says the new measure will not make EU systems impregnable.

“Prevention is very difficult. It’s like fire – even if you have a good fire brigade which sets up the best firewalls, you will still have fires. But CERTs certainly will help you deal with anything that happens and get a clearer response, as well as putting sensors in place and tools to monitor networks, so that you detect an attack early on.”

Detecting the fact that an attack is taking place is in itself not an easy thing.

The next step is to find out how the hacker got into the system, what documents have been accessed or changed and if any “time bombs” or “back doors” have been left behind to allow future access.

“At EU level, there are a lot of own little kingdoms, it’s not centralised like in a company – so it will be a difficult task,” Lendl explain.

National CERTs dealing with governments (GovCERTs) “also have to deal with various ministries, cities, local administrations and other stakeholders. So it’s not unusual,” he adds.

Related by the Econotwist’s:

1 Comment

Filed under Laws and Regulations, National Economic Politics, Technology

Cyber Attack Against Norwegian Military, Massive and Targeted

On March 25 this year a massive and targeted cyber attack was launched against the Norwegian Military Forces – Forsvaret – according several Norwegian news sources. It is being described as one of the most serious so far. Local experts fear more attacks, capable of paralyzing the entire Norwegian economy.

It is likely that important computer systems are infected, and that information has been lost.

National Security Authority

On March 25, hundreds of emails was sent to high-ranking officers in the Norwegian military – Forsvaret. The message was disguised as a regular message from the public directorate, written in perfect Norwegian, with an innocent looking file attached. One person opened the file – and the fight was on.

According to the military spokespersons, the computer where the infected file was activated did not contain any classified information. The attack was discovered and stopped before any sensitive or confidetial information was stolen.

But some data was stolen. It is still unknown how much, and what, information that has been stolen, says Major Ivar Kjaerem at the Military Center for Protection of Critical Information, according the newspaper VG.

And I presume its gonna stay that way…

Cyber attack against Norway have become more like an online game, specially  after last years Peace Prize award.
The Norwegian oil installations in the North Sea was also among the first to detect infections by the Stuxnet worm.

But this one is almost as special as the Stuxnet.

First of all: It seems to have been very well planned, organized and executed. Almost with a military precision.

Secondly: The attackers did already posess detailed information about the Norwegian military as they were able to target between 200 and 300 high-ranking and influential officers.

And third: I happens the day after Norwegian Air Forces has their first raid over Libya.

When it comes to the last point, no one can say for sure if there is any  connection or not.

However, the incident has surely scared the Norwegian military who characterize it as one of the most serious cyber attacks so far.

And the military spokesman seem to suddenly have realized that we ain’t seen nothing, yet.

I belive it is some kind of recognition mission, an attempt to map our systems and possible vulnerabilities, Major Kjaerem says, indicating the expectation of new attacks.

And, of course, the military spokesman underline that they managed to stop this one, and the possibility of anyone penetration the Norwegian military’s security system is very low.

Here’s come the part when I have trouble not laughing…

So, they managed to stop the attack? Our brave soliders? Well, this is what really happened:

The email was received on a Friday afternoon. But some hyperactive warlord decided to pop by the office on Saturday, just to check if we’ve had hit Gaddafi and check the mail and stuff, You know.

What happens next is described by the newspaper VG as follows:

The sender, who was named in the email, did not exist, and it was the aware  receiver who raised the alarm because it was something else attached to the email than the annual report from the Directorate. The attachment behaved strangely, and the person became suspicions.

Well done! boys and girls.

Quite frankly, I’m speechless…

Anyway – last year the Norwegian National Security Authority warned against the threats from cyberspace in their recent 2010 report.

The report states:

It is likely that important computer systems are infected, and that information has been lost.

We we regard it as a very serious matter when the Norwegian military gets attacked like this, says spokesman Kjetil Veire with the National Security Authority.

Adding: When it comes to infected computers, we fear there is a large dark zone. What we have seen here might just be the tip of an iceberg.

No kidding!

But finally security expert at the company Steria, Stein Moellerstad, put the closet in the right corner:

The number of attacks against the Norwegian military will increase. And they can cause more serious damage because the flow of information through the internet has become so huge that both the military and the rest of the public administration has partly lost control.

According to the National Security Authority 2010 report, are cyber attacks capable of paralyzing the entire Norwegian economy in a worst case scenario.

So, now the speculations about who might be behind this are running totally wild.

Local experts say that only about 10 nations in world is capable of launching an attack as this.

That’s bullshit.

Anyone with above average computer skills with a coup;e of buddies to help with the actual launch could do this.

The suspects are millions.

In my mind the most interesting question is: Why Norway?

I mean, we haven’t got much oil left, we’ve sold it all. The same goes for the technology. In other words – not much to spy on.

I assume the NATO material is under a special NATO security facility.

And our famous Oil Fund? Well, we impulsively bought Greek debt for about one billion USD. Perhaps we shouldn’t, but that Greek prime minister look so nice.

The rest is probably gone in a few years anyway as the government will have to pay for all its promises, specially within the health care sector.

It means we don’t have that much money, either.

In fact, I can only see one logical reason to Norway being targeted in this scale:

It’s just too damn easy!

Related by the Econotwist’s:


Filed under International Econnomic Politics, Laws and Regulations, National Economic Politics, Technology

UK Treasury Under Constant Cyber Attacks

The UK chancellor, George Osborne, says that the British Treasury’s computer systems face cyber attacks from hostile agencies every day. Most of the attacks appere to be coming from foreign government agencies.

“During the last year, we have seen hostile intelligence agencies make hundreds of serious and pre-planned attempts to break into the Treasury’s computer system. In fact, it averaged out as more than one attempt per day.”

George Osborne

This illustrate the security risks as the government strives to make more public service data available online, the Financial Times writes. Speaking at the Google Zeitgeist event in Hertfordshire, Mr. Osbourne said  the government in general and the Treasury in particular faced a constant barrage of online attacks, many of them appearing to come from foreign government agencies.

“In any given month there are over 20,000 malicious e-mails sent to government networks,” he says.

In fact, it averaged out as more than one attempt per day.”

“During the last year, we have seen hostile intelligence agencies make hundreds of serious and pre-planned attempts to break into the Treasury’s computer system. In fact, it averaged out as more than one attempt per day.”

According to the British chancellor, the recent attacks on Sony has  demonstrated the risk of putting more personal and financial information online.

Millions of Sony customers’ personal data including credit card details were put at risk last month when hackers broke into its PlayStation Network.

This illustrates the “challenges alongside opportunities” of digitizing public services, Mr. Osborne points out, and set out an ambition to post online more of the “most valuable data sets still locked up in government services” over  the next 12 months.

“This is the raw data that will enable you, for the first time, to analyse the performance of public services, and of competing providers within those public services,” he says.

“A year from now, websites and services will use this data to help the public find the answers to important questions” such as how well hospitals are performing, local teaching quality and progress of criminal investigations, he explain.

The Internet of Things

Mr. Osborne also speak enthusiastic about the “internet of things”, as cars, electricity meters and other devices become connected to the global network.

The government is publishing regulation from a variety of sectors to encourage suggestions for simplification from businesses and members of the public, a scheme called the “Red Tape Challenge”.

All new reforms will be “digital by default”, with ministers forced to explain why new services should be delivered in offline channels, Mr. Osborne says.

“The internet is forcing us to rethink government from the bottom up.

“If we think about how internet banking has gone from a standing start to the mainstream in just over a decade, there’s no reason why public services can’t be the same.”

Full story at Financial Times.

Related by the Econotwist’s:


Filed under Laws and Regulations, Technology