Cyber Risk

Moscow likely behind hack on German govt, spy chief says

FILE PHOTO - Hans-Georg Maassen, head of the German Federal Office for the Protection of the Constitution (Bundesamt fuer Verfassungsschutz) addresses a news conference to introduce the agency's 2016 report on militant threats to the constitution in Berlin, Germany, July 4, 2017. REUTERS/Axel Schmidt

BERLIN (Reuters) - Germany’s head of domestic intelligence said on Wednesday there was a “high likelihood” that the Russian government was behind a cyber attack on German computer networks, although he conceded it was difficult to be 100-percent certain.

Hans-Georg Maassen told reporters that German authorities carefully monitored the attack after it was discovered in December, and it had not caused any damage.

He said there was no evidence to link it to APT28, the Russian hacking group blamed for a May 2015 attack on the German lower house of parliament and the U.S. Democratic National Committee ahead of the 2016 U.S. election.

However, Maassen said the attack was considered an “advanced persistent threat (APT)”, a phrase used by experts to describe a cyber attack so sophisticated and complex that it can only be carried out by a government entity.

“We perceived it as a cyber attack with a Russian origin,” Maassen said. “A 100-percent attribution ... that the perpetrator is in Moscow and that it’s a government agency is not possible, but we can talk about a high likelihood.”

He said a so-called “false flag” operation, aimed at intentionally misleading authorities about which country was to blame, could not be completely excluded, but he added: “We assume it had a Russian origin.”

Germany’s federal prosecutor’s office is also investigating the incident as a possible case of espionage. Sources briefed on the incident said it was first detected in December but may have begun as much as a year earlier.

The Russian government has dismissed the suggestion that Russian hackers were behind the cyber attack.

A German Interior Ministry spokesman last month said the affected IVBB computer network was used to exchange documents labeled “for government use only,” but did not carry highly classified documents.

Reporting by Andrea Shalal; Editing by Paul Carrel and Richard Balmforth