First track leads to Russia
Greens hacked on behalf of the Kremlin?
06/17/2022, 9:07 p.m
The cyber attack on the Greens is larger than previously known. Not only the party leadership, but also Minister Baerbock and Minister Habeck were systematically spied on. According to a media report, the investigators suspect a Russian background.
The cyber attacks on the communication of the Greens were more extensive than initially assumed. According to a report by “Spiegel”, the attackers managed to access a two-digit number of Green Party e-mail addresses and read incoming e-mails live with the help of a redirect. So not only the accounts of the two Green bosses Omid Nouripour and Ricarda Lang were affected. A spokeswoman for the Greens confirmed to the magazine that the party email addresses of former chairmen Annalena Baerbock and Robert Habeck were also spied on.
The investigators of the cyber attack first traced their way to Russia: Both the targeted approach of the attackers and technical details led the security authorities to assess that the hackers could have a Russian background, reported Der Spiegel. According to security circles, Moscow may have tried to obtain internal information from the party.
The Berlin public prosecutor’s office has now initiated an investigation. In addition to the State Criminal Police Office, the Federal Criminal Police Office is also involved in the investigation. After the research, the attackers proceeded in a planned and professional manner. They therefore targeted the Greens from several sides. Among other things, they directed their activities against the internal IT department, which also operates the party’s mail system.
Admin set up forwarding
There they apparently managed to gain access to an administrator account. Using this account and its access rights, the hackers could then activate forwarding for incoming emails and enter a destination address that they controlled. According to the report, copies of the emails were then sent to a server in Moldova. Because of the significant Russian influence in parts of the country, security authorities see this as an indication of a possible operation on behalf of Moscow.
The fact that the unauthorized forwarding was even noticed at the end of May is therefore due to an error by the attackers. The server they used was apparently temporarily unavailable – so the forwarded emails ended up back in the mailboxes of the Greens concerned, along with an error message. The strange returns were the starting point for the criminal complaint that the Greens filed in Berlin on May 30th.
Later publication not excluded
According to a spokeswoman for the Greens, there were at least 14 active redirects at that time. According to the current status, all incoming emails to the affected Green politicians in the period from May 16th to 30th were automatically sent to unauthorized persons.
“We take the process very seriously and work it out intensively with the participation of the Federal Office for Information Security (BSI) and external IT forensic experts,” says an e-mail from the Greens federal office to those affected, who are quoted by the magazine. “We are not yet aware that the e-mail communication obtained was published. Unfortunately, we cannot rule this out with a view to the future.”