Foreign Minister: ‘It Is Our Assessment That Russia Is Behind This Activity’
The Norwegian parliament, known as the Storting, is located in Oslo. (Photo: ZeroOne via Flickr/CC)
Norway this week accused Russia of hacking the email system of the country’s parliament, known as the Storting, in September.
In a statement released Tuesday, Norway’s Foreign Minister, Ine Eriksen Søreide, alleges that Russia orchestrated the hacking, but she does not provide any evidence or technical details.
“This is a serious incident that affects our most important democratic institution,” Søreide says. “The security and intelligence services work closely together on the national handling of the incident. Based on the information base the government possesses, it is our assessment that Russia is behind this activity.”
Parliament and the Norwegian Police Security Service, the country’s national security service that oversees counterintelligence operations and cybercrime, are continuing to investigate the incident.
In September, government officials said the hackers were able to access a “small number” of email accounts of members of Parliament and government employees and remove data, although the initial investigation did not determine what information might have been taken (see: Norway’s Parliament Investigates Email Hacks).
In a statement, officials at the Russian embassy in Norway said: “We consider such accusations of our country unacceptable. We regard the incident as a serious deliberate provocation, disastrous for bilateral relations.”
Other European countries have also accused Russia of attempting to hack various organizations and institutions.
For example, in 2015, Germany’s lower house of parliament, known as the Bundestag, found that its PCs and servers had been hacked using malware, and attackers gained administrative-level rights for the entire network and infrastructure (see: German Parliament Battles Active Hack). In May, the newspaper Suddeutsche Zeitung reported that German prosecutors believe a Russian hacker, apparently a member of an elite military unit, was responsible for the 2015 hacking incident, which included the theft of thousands of emails.
Daniel Norman, a senior solutions analyst with the Information Security Forum based in London, says Russian hacking activity is designed to further the nation’s strategic goals and give it an advantage when it comes to issues such as trade negotiations.
“In Russia’s case with the Norwegian government, knowing precisely what the government is planning, their future policies, who they are working with, trading partners, new bilateral agreements, the key individuals involved, timelines for development and potential investments are all key pieces of information that can be targeted, stolen or repurposed,” Norman tells Information Security Media Group.
The hackers who targeted Norway likely conducted reconnaissance for months, if not years, before attempting to exfiltrate data in September, Norman says.
“When government agencies report that they have been hit by a ‘sophisticated attack,’ specifically for data breaches, they don’t typically mean high-end technical disruptive attacks like distributed denial-of-service; they typically mean a nation-state has played the long game with significant investment and people power to perform reconnaissance and then perform espionage or steal state secrets,” Norman says. “The attacking state will build user profiles, understand patterns of behavior and then they will target the most influential individuals or ones most likely to slip up.”
U.S. agencies have also issued warnings about Russia and its cyber capacities, especially in the run-up to the Nov. 3 election.
Earlier this month, the Department of Homeland Security published a report that found Russia poses the most serious nation-state disruption threat to U.S. elections (see: DHS: Russia Poses Greatest Threat to Election).
Brandon Hoffman, CISO at security firm Netenrich, notes that hacking groups associated with Russia, such as Fancy Bear or Cozy Bear, can create confusion about why any particular organization is being attacked at any one time.
“Considering the vast array of cyber units, it’s hard to describe a unique tactic, technique or procedure that can be attributed to Russia,” Hoffman says. “Rather, all available targets are opportunities. It wouldn’t be surprising to find out that some units are tasked specifically with finding targets, classifying the difficulty and value and passing the target onto a different unit.”