Who is responsible for the latest cyber-attacks on Norway?

Photo: Nahel Abdul Hadi / Unsplash

Elections the world over, it seems, have now become a common target for cyber attacks. Within the space of the last six months, two major cyber attacks have targeted the Norwegian parliament (Storting). The latest attack has all the hallmarks of state sponsorship according to many in Norwegian political and security circles. The question of who exactly is behind these attacks is not as clear-cut as it seems. With parliamentary elections later in the year, will this become a new feature of elections? Or can those in power learn from other countries and fight back against the hackers?

Two cyber-attacks in six months

The home of Norwegian democracy, the Storting, has been at the center of two cyber-attacks within the last six months. The first, which was reported to the police on September 1 last year, saw data theft through the hacking of emails of a small number of parliamentary staff. Calls were then made to tighten up both software security, liaise better with the Norwegian Police Security Service (Politiets sikkerhetstjeneste – PST), and ensure new security protocols for all those who work at the Storting.

These new security measures, and increased awareness, however, did not stop the second attack which occurred on March 10. This attack, like the first, was seen as capable due to the exploitation of vulnerabilities in the Microsoft Exchange system that the Storting uses. Here a massive amount of data theft occurred with a broad spectrum of politicians (from the Labor Party (AP), Conservative Party (H), and Center Party (SP)) affected.

Storting President, Tone W. Trøen said, in a press conference, she felt that this second attack was on a larger and more serious scale than the first one, “This I.T attack had the potential to disrupt the Storting’s parliamentary processes.” With an election only months away, Trøen felt that this second attack had more sinister motives than just simple data theft. It was, she felt, “…an attack on our democracy.”

What happens during a cyber-attack?

That a Norwegian institution has undergone a cyber-attack should be of no major surprise. They have become a feature of modern life, business, and geopolitics. However, what exactly is a cyber-attack? Essentially, it is a malicious attack, by a criminal or gang of criminals, using one or more computers, to target a computer, multiple computers, or an entire network in order to gain illegal access to data.

The recent cyberattack on the Storting follows a three-step pattern as identified by Microsoft. Firstly, it gains access to a network system by disguising itself, through, for example, stolen emails and passwords, as someone who has access to that system. It then creates a “web shell” which can access this network remotely. Then it would use this “web shell” to steal, change, alter, etc. any data wanted.

What is done when this data has been illegally retrieved depends on the aim of the hackers. Cyber attacks can be used to steal financial information, for corporate espionage, as a form of government espionage, to conduct cyber warfare, to target attacks on specific organizations, or as a method of “Hacktivism.” The PST, in an article in Dagens Nægensliv (DN), said that at present both attacks had managed to extract an unspecified amount of information.

Photo: Jefferson Santos / Unsplash

Recent cyber-attacks probably had state support

The complexity and timing of the two recent cyber-attacks suggest some form of state sponsorship. Cyber attacks are just the latest technological weapon in any modern government’s arsenal.

For many countries which cannot compete in a traditional military sense with many Western countries and organizations (like NATO), cyber warfare is an increasingly important tool to sow disruption and chaos. Heavy investment in cyber capabilities is seen as a cost-effective and covert way of achieving strategic aims with little perceived economic, diplomatic, or human cost.

These countries are often ideologically opposed to everything that Norway stands for (an open free democratic society with a mixed market economy) range from near (Russia) to further afield (Iran, China, and North Korea). Such countries have ongoing strategic issues with either Norway itself (like the resource-rich Arctic region that straddles the border between Norway and Russia) or with the organizations that Norway is a part of (think NATO).

Most of this increase in cyber attacks lately have been made by so-called “Nation-State Actors.” They are hackers who are either part of a “cyber army” or mercenaries, which work for various governments or regimes in order to disrupt or compromise specific targets (often antagonistic governments). A spate of cyber attacks on customers worldwide (of which the Storting was but one) has led Microsoft to name the Chinese “Nation-State Actor” of Hafnium as being responsible.

Hafnium and Solar Winds

There is a hope, in Norway, that the recent attacks on the Storting are not part of a broader ongoing cyber campaign. The Chinese-backed “Hafnium” and the Russian-backed “Solar Winds” cyber campaigns really shook the foundations of many countries’ security agencies (including Norway) to what can be accomplished by this form of malicious state-backed cyber warfare.

Hafnium” is just the latest example of this state sponsored cyber warfare. Based in China, Hafnium is a “state-sponsored” actor which operates from “leased virtual private servers” in the United States. Here it can target the extraction of information from a number of industry sectors ranging from healthcare to defence to even higher education institutions. According to TV2 this latest Hafnium attack has affected some 100.000 servers worldwide.

Differing slightly to Hafnium was the “Solar Winds” attack which is believed to have had Russian state support. Only discovered by US intelligence services last December, it transpired that Russian hackers hijacked American made software. They then were able to extract a plethora of classified information from the US Treasury and Commerce Departments.

Cyber-attacks on democracies rising

The culprit behind this latest attack has yet to be identified (publically) but there is a feeling it could well be state-supported. If indeed the attack on the Storting was an authoritarian-led country, this would not be the first time such an attack on a Western democracy has occurred.

Perhaps the most famous of cyber-meddling involved the 2016 U.S Presidential election. Russian hackers managed to leak emails from the Democratic nominee, Hillary Clinton, as part of a smear campaign. They then used social media to further spread lies, disinformation, and propaganda. This boosted the prospects of Mr. Trump (who had a less antagonistic attitude towards Russian President Vladimir Putin) who then went on to win the election and became the 45th US President.

Norway is also not the only European country whose parliament has been actively hacked. Last January, the German Bundestag security was breached and key personal and policy-related information was published online. This included the personal details of German Chancellor Angela Merkel according to the BBC.

With a Japanese general election, Norwegian Storing elections, a Dutch general election, and a German Federal election all due to take place this year, there are multiple possibilities for any form of “nation-state actors” to interfere with the democratic processes of these countries. It should also be noted that all these countries are strongly aligned with the United States, NATO, or other organizations or pacts that rival many authoritarian regimes.

Tough test ahead for Storting vote

The safety of Norway’s electoral process is both guarded by the PST and the Norwegian National Security Authority (Nasjonal sikkerhetsmyndighet – NSM). Within the NSM, which is a cross-sectoral authority, lies the National Cyber Security Center (Nasjonalt cybersikkerhetssenter – NSCS). The NSCS is a hub for both domestic and international cooperation for the recognition, monitoring, investigation, and guidance related to digital attacks.

Both the PST and the government, through Minister of Foreign Affairs Ine Eriksen Søreide, felt that the Russian state was to blame for the previous attacks on the Stortinget. This latest attack comes at a time of increased strategic tensions for Norway, especially with Russia. Ongoing strategic tension has arisen in the Arctic region due to a number of military and economic reasons.

In its threat assessment for 2021, the PST has already signaled that other countries, aside from Russia, may use cyber-attacks against Norway. Weakening democracy, reducing the legitimacy of local authorities, and influencing political decisions are all possible with the click of a mouse.

The PST feels that, in 2021, “State-led espionage in the digital space represents a persistent and serious threat to Norway… network operations will constitute the largest part of Russian and Chinese intelligence activity. The aim of the Government is to ensure that this cyber interference is minimal whilst campaigning for another term.”

To report any form of cybercrime, contact the police.

The opinions expressed are those of the author and are not held by Norway Today unless specifically stated.

Source: #Norway Today / #NorwayTodayNews

Do you have a news tip for Norway Today? We want to hear it. Get in touch at info@norwaytoday.no


Be the first to comment on "Who is responsible for the latest cyber-attacks on Norway?"

Leave a comment

Your email address will not be published.