[ad_1]
The Storting has been hit by a cyber attack that is larger and more advanced than when it was last attacked.
Data has been extracted, but it is not known how much or what.
– This IT attack had the potential to disrupt the Storting’s parliamentary processes. So I would say this is an attack on our democracy, said Tone W. Trøen on Wednesday afternoon.
The hackers behind the attack have taken advantage of a security hole in Microsoft’s Exchange program, which has features like email, calendar, contacts, and to-do lists.
Microsoft Exchange operates these services in many hundreds of thousands of organizations around the world, including the Storting.
Storting President Tone Wilhelmsen Trøen says the cyber attack is an attack on our democracy. Photograph: Stian Lysberg Solum / NTB
May have taken everything
The Norwegian National Assembly has been hit by a so-called “zero-day vulnerability”, which is a flaw in a computer system for which a fix has not yet been made.
This means that the software vendor has not yet managed to eliminate the vulnerability, so systems can be easily attacked, explains Professor Audun Jøsang, head of the Digital Security Research Group at the University of Oslo.
He says the Microsoft Exchange vulnerability could potentially be very serious.
– All Storting emails, calendars and address lists may have been recovered via this vulnerability, says Jøsang.
Goldmine
GOLD MINE: The hackers who discovered the security hole may have had access to a gold mine, says Professor Audun Jøsang. Photo: Ine Eriksen / UiO
Many data servers have had the Microsoft Exchange vulnerability.
Jøsang believes that hackers have been overwhelmed by the sheer number of potential attack targets and likely had to make a priority list of who they want to spend time attacking.
– The Storting was probably high on that list and was therefore attacked before the vulnerability was removed, says Jøsang:
– If I were China or Russia and could get all the emails that have been sent in recent years, it is a gold mine, he says.
They couldn’t protect themselves
The Storting says they were unable to protect themselves against the cyber attack. Professor Jøsang says that it is completely correct.
Like many other companies, the Storting buys services from external providers, which in this case is Microsoft Exchange.
– It is too much to expect the Storting to protect itself against the vulnerabilities of the tools from which they buy services. The Storting has been hit by so-called supply chain vulnerability, says Jøsang.
He says this happens because the IT infrastructure in the world is based on supply chains, as very few build an IT system themselves. This means that one company purchases services from another company and the other company buys services from another company again.
– It’s a huge security challenge these days that one has been aware of in recent years, but difficult to tackle, he says.
Jøsang says that security environments around the world are working to establish a new “best practice” for risk management that takes into account vulnerabilities in the supply chain. This is being investigated at the University of Oslo in various projects.
Some may have slept for an hour.
However, Gisle Hannemyr, associate professor emeritus at the University of Oslo and an expert on data security, is not so clear that the Storting cannot protect itself.
– Microsoft released a fix for this vulnerability earlier this month. If the hole was not closed immediately after this, the people in charge of the Storting’s computer system would have slept for hours, he tells TV 2.
COMPUTER SECURITY: Gisle Hannemyr is Associate Professor Emeritus at the University of Oslo and an expert in computer security. Photo: Private
Microsoft warned of the vulnerabilities on March 2, and security updates were available on March 3.
– This is pretty serious. Email is highly sensitive and hackers can gain access to sensitive information, says the data security expert.
However, he says it is difficult to comment on this attack as it is still under investigation and much is still unknown.
– Are these attacks something that may become more common?
– Yes, I think it is relatively common for computer systems connected to the Internet to be attacked. This means you probably can’t prevent them, but should have guidelines for using communication channels, Hannemyr says.
– dramatically
Torgeir Waterhouse, an IT expert and partner at consulting firm Otte, says the attack on data is serious on many levels.
It says that systems will always have flaws and that it will be possible to exploit them.
– This is a big mistake in a system that is all over the world and is used by many, and as long as no one had a solution in advance, of course, there was great potential to abuse it, Waterhouse tells TV 2.
The IT expert says that Storting itself is not necessarily the goal.
– Many may have been the target here. It may be that one has discovered this error, and then take as many as you can. They may have chosen the most interesting, retrieved as much data as possible, and analyzed it later. There may be many explanatory models behind this, Waterhouse says.
Warned last week
Department director Bente Hoff of the National Center for Cyber Security says Microsoft came out a week ago and spoke about the security hole and with a code to close the hole.
After this, the National Security Authority (NSM) came out and asked Norwegian companies to update the systems, but also to check if the security hole had already been exploited.
– It is important that companies that use the same software update it, but it is also verified that it has not yet been used, we are very concerned that all companies take it seriously, Hoff told TV 2.
She says they are seeing more and more hacks. Hoff says they know there are recipes on the internet for how to exploit this security hole.
