The New York Times continues its anti-Russia campaign with a report about an old cyberattack on German parliament which also targeted the parliament office of Chancellor Angela Merkel.
Merkel Is ‘Outraged’ by Russian Hack but Struggling to Respond
Patience with President Vladimir Putin is running thin in Berlin. But Germany needs Russia’s help on several geopolitical fronts from Syria to Ukraine.
NYT Berlin correspondent Katrin Bennhold writes:
Chancellor Angela Merkel used strong words on Wednesday condemning an “outrageous” cyberattack by Russia’s foreign intelligence service on the German Parliament, her personal email account included. Russia, she said, was pursuing “a strategy of hybrid warfare.”But asked how Berlin intended to deal with recent revelations implicating the Russians, Ms. Merkel was less forthcoming.
“We always reserve the right to take measures,” she said in Parliament, then immediately added, “Nevertheless, I will continue to strive for a good relationship with Russia, because I believe that there is every reason to always continue these diplomatic efforts.”
That alleged attack happened in 2015. The attribution to Russia is as shoddy as all attributions of cyberattacks are.
Intelligence officials had long suspected Russian operatives were behind the attack, but they took five years to collect the evidence, which was presented in a report given to Ms. Merkel’s office just last week.Officials say the report traced the attack to the same Russian hacker group that targeted the Democratic Party during the U.S. presidential election campaign in 2016.
This is really funny because we recently learned that the company which investigated the alleged DNC intrusion, CrowdStrike, had found no evidence, as in zero, that a Russian hacker group had targeted the DNC or that DNC emails were exfiltrated over the Internet:
CrowdStrike, the private cyber-security firm that first accused Russia of hacking Democratic Party emails and served as a critical source for U.S. intelligence officials in the years-long Trump-Russia probe, acknowledged to Congress more than two years ago that it had no concrete evidence that Russian hackers stole emails from the Democratic National Committee’s server.
...
[CrowdStrike President Shawn] Henry personally led the remediation and forensics analysis of the DNC server after being warned of a breach in late April 2016; his work was paid for by the DNC, which refused to turn over its server to the FBI. Asked for the date when alleged Russian hackers stole data from the DNC server, Henry testified that CrowdStrike did not in fact know if such a theft occurred at all: "We did not have concrete evidence that the data was exfiltrated [moved electronically] from the DNC, but we have indicators that it was exfiltrated," Henry said.
The DNC emails were most likely stolen by its local network administrator, Seth Rich, who provided them to Wikileaks before he was killed in a suspicious 'robbery' during which nothing was taken.
The whole attribution of case of the stolen DNC emails to Russia is based on exactly nothing but intelligence rumors and CrowdStrike claims for which it had no evidence. As there is no evidence at all that the DNC was attacked by a Russian cybergroup what does that mean for the attribution of the attack on the German Bundestag to the very same group?
While the NYT also mentions that NSA actually snooped on Merkel's private phonecalls it tries to keep the spotlight on Russia:
As such, Germany’s democracy has been a target of very different kinds of Russian intelligence operations, officials say. In December 2016, 900,000 Germans lost access to internet and telephone services following a cyberattack traced to Russia.
Ahem. No!
That mass attack on internet home routers, which by the way happened in November 2016 not in December, was done with the Mirai worm:
More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT’s cleanup and restoration efforts.
...
This new variant of Mirai builds on malware source code released at the end of September. That leak came a little more a week after a botnet based on Mirai was used in a record-sized attack that caused KrebsOnSecurity to go offline for several days. Since then, dozens of new Mirai botnets have emerged, all competing for a finite pool of vulnerable IoT systems that can be infected.
The attack has not been attributed to Russia but to a British man who offered attacks as a service. He was arrested in February 2017:
A 29-year-old man has been arrested at Luton airport by the UK’s National Crime Agency (NCA) in connection with a massive internet attack that disrupted telephone, television and internet services in Germany last November. As regular readers of We Live Security will recall, over 900,000 Deutsche Telekom broadband customers were knocked offline last November as an alleged attempt was made to hijack their routers into a destructive botnet.
...
The NCA arrested the British man under a European Arrest Warrant issued by Germany’s Federal Criminal Police Office (BKA) who have described the attack as a threat to Germany’s national communication infrastructure.According to German prosecutors, the British man allegedly offered to sell access to the botnet on the computer underground. Agencies are planning to extradite the man to Germany, where – if convicted – he could face up to ten years imprisonment.
The British man, one Daniel Kaye, plead guilty in court and was sentenced to 18 month imprisonment:
During the trial, Daniel admitted that he never intended for the routers to cease functioning. He only wanted to silently control them so he can use them as part of a DDoS botnet to increase his botnet firepower. As discussed earlier he also confessed being paid by competitors to takedown Lonestar.
In Aug 2017 Daniel was extradited back to the UK to face extortion charges after attempting to blackmail Lloyds and Barclays banks. According to press reports, he asked the Lloyds to pay about £75,000 in bitcoins for the attack to be called off.
The Mirai attack is widely known to have been attributed to Kaye. It has been discussed at length. It was never 'traced to Russia' or attributed it to anyone else but Daniel Kaye.
The New York Times just made that up from absolutely nothing!
It seems that for the Times anything can be blamed on Russia completely independent of what the actually facts says.
