Russia was behind the cyber attacks on the Storting

The government is now making a historic reaction to Russia. The Russian state has been identified as responsible for the great cyber attack on the Storting.

The emails, account numbers, social security numbers, banking information and other personal information of Storting employees and politicians were stolen in a comprehensive cyber attack.

On August 24, the Storting announced that elected representatives had been the target of a major cyber attack.

The government is now determining who it believes was behind the data breach at Norway’s most important democratic institution: Russia.

This afternoon, the Minister of Foreign Affairs, Ine Eriksen Søreide, and the Minister of Defense, Frank Bakke-Jensen, went to the Storting and reported on the matter.

At the same time, the Russian embassy was called on the carpet.

– Russia is behind this activity

– This is a serious incident affecting our most important democratic institution, says Chancellor Ine Eriksen Søreide in a press release.

Behind Norway’s decision to point to the Russian state as the “thief” is a general and unequivocal assessment of the Intelligence Service, the Police Security Service (PST), Kripos and the National Security Authority (NSM). Through the Joint Cyber ​​Coordination Center, the agencies have been investigating the incident since the data attack was discovered.

– The security and intelligence services work closely together in the national handling of the incident. Based on the information base held by the government, our assessment is that Russia is behind this activity, says Søreide.

The government does not point to specific Russian agencies and does not say what evidence they have.

The reason is that it will reveal Norway’s data defense and facilitate the commission of further thefts in the future.

Historical espionage case

The decision to designate Russia as responsible, although the investigation is still ongoing, is what is called “attribution” in diplomatic parlance.

This means that the government believes that there is such reliable evidence that Russia was behind it, that there is no need to wait.

The Norwegian authorities believe they know with a high degree of certainty who is behind it.

At the same time, the government wants to show that the case is so serious that Norway has to react. The idea is that if Norway does not react, it will move the limits of what Russia is allowed to do to its neighboring country.

Formally, the Ministry of Foreign Affairs has made the decision. But as far as Aftenposten knows, the decision is well rooted in the government.

The German government and Angela Merkel reacted in the same way after a data breach in the Bundestag in 2015. However, it took five years before the German police issued charges against appointed Russian officials. This spring, the German police asked a GRU agent to lead the cyber attack.

The Dutch authorities chose the same form of reaction when Russian spies were caught red-handed in The Hague. The British authorities followed suit after the poison attack in Salisbury on KGB defector Sergei Skripal.

Access to lost data

The cyber attack caused, among other things, that several Storting politicians were unable to log into their computers.

One of them was the Storting representative Liv Signe Navarsete (SP) on the Storting Defense and Foreign Affairs Committee.

– This is very serious, Navarsete told Aftenposten. She stressed that several members of the Storting, including herself, have sensitive information that should not be misplaced.

Russian espionage against Norway

Aftenposten revealed in May that diplomats at the Russian embassy were affiliated with Russian intelligence. Using Russian databases, it was documented that diplomats were living at the headquarters of the Russian military electronic service GRU before traveling to Norway.

News came in August that the PST had taken up the most serious espionage charge in Norway since the spy case against Arne Treholt in the 1980s.

A project manager at DNV GL was charged under article 124 of the Penal Code for having sold secrets to Russia. On Monday, the Oslo District Court extended custody of the man, who claims to be innocent, for four weeks. Letters, visits and means of communication have been prohibited for the entire period.

The DNV GL employee accused of espionage was in a restaurant in Oslo with a Russian diplomat when he was arrested. According to the indictment, the diplomat had paid “significant” sums to the accused spy. The diplomat was declared undesirable in Norway.

Now the relationship between Norway and Russia is affected by another scandal.

Noted Russian military electronic service

German Chancellor Angela Merkel said in May that she had evidence that Russian authorities were behind the cyber attack on the German parliament in 2015.

A total of 16 gigabytes of data was stolen.

According to the German police, the Russian military intelligence service GRU was behind this. The hacking attack was carried out by the well-known APT28 hacker group, also known as Fancy Bear, financed and led by GRU.

GRU has been identified as responsible for a number of serious cyber attacks, including hacking into the computer servers of Democrats in the United States prior to the 2016 US presidential election.

It is unclear how much was stolen from the Storting. But in a non-compliance report to the Norwegian Data Protection Authority, the Storting made it clear that it was personal information and data of various Storting employees and representatives.

Germany has called for sanctions against Russian state-owned hackers.

He is not a private Russian actor, but a state actor.

The evidence behind the government’s decision to hold Russia responsible for the hacking attack on the Storting will not be presented until further notice.

But as far as Aftenposten knows, there is little doubt that this was a state-owned Russian gamer and not Russian hackers.

During previous hacks, GRU’s full-time hackers in Moscow have left little traces. This made it possible to trace the attacks directly to the GRU addresses in the Russian capital.

“The data leak shows the importance of good security measures,” writes the Foreign Ministry. The government announces that it will propose further measures to strengthen Norway’s digital security.

“Digital security breaches can only be avoided if both companies and individuals contribute to preventive security work,” the Foreign Ministry writes in the press release. They also recommend that individuals and institutions improve the use of passwords.