What has Ukraine’s war got to do with cybercrime?

Even the Federal Bureau of Forensics, BKA, has been the target of cyber attacks. In early May, hackers released a series of queries to the servers of some of the German authorities and ministries. The DDos (Distributed Denial of Service) attack was intended to overwhelm German institutions so that they were no longer accessible. The attack was claimed by Telegram, a group of Russian hackers who call themselves “Killnet”.

They did not have much success with BKA. What they achieved was only to extend the opening time of the website, BKA Vice President Martina Link told Deutsche Wellen. As part of the BKA’s coverage of the “Cybercrime Situation”, Link said the attack was more of a “low-level” attack.

But this not-so-harmful DDos attack was the latest signal of the existence of a new and dangerous development: Link points to the solidarity of cyber groups and hacker groups with Russia or Ukraine. So they make appropriate attacks, as Killnet did. During these attacks “there is a risk that they will affect the impartial parties, even if they do not want to do so”, explains the vice president of BKA.

Martina Link

What is certain is that: The war in Ukraine it also develops in the digital space – and from there it reaches digital Germany. That is why Arne Schönbohm, president of the German Federal Office for Information Technology Security (BSI), told Deutsche Welle: “Given the Russian attacks on Ukraine, the BSI continues to see an increasing risk for Germany.” Schönbohm calls on enterprises, organizations and institutions to control security measures in information technology, and to adapt to the concrete state of risk. “Since the beginning of the Russian attack on Ukraine, there have been an increase in specific incidents in information technology security in Germany, but they have been partially influential,” said the BSI chief.

The first cyber disaster

But many cyber attacks have greater consequences, which are felt by every citizen. An example given by Martina Link relates to the district of Anhalt-Bitterfeld. In early July, hackers attacked the local administration with so-called Ransomware. This malicious software encrypts certain data and programs. The server and hardware had to be turned off. Thus social assistance could no longer be granted, as could vehicle registration permits. Local authorities said attempts had been made to put digital pressure through a cyber disaster. This had never happened in Germany.

Another attack last November affected a software firm whose programs are used by a quarter of doctors’ offices in Germany. The server and network structure were encrypted and were no longer able to work.

Arne Schönbohm

Cybercrime is booming: The BKA sees a 12 percent increase in attacks, recording 150,000 cases. Experts think the actual number of cases is much higher than the number of registered cases: When the digital association, Bitkom, asked last year more than 1,000 firms from all sectors, nine out of ten firms admitted to being victims of attacks cybernetic. The damage from theft, espionage and sabotage to the German economy is estimated at a total of 223 billion euros. A figure that Ms. Link of the BKA repeated when she spoke about the “State of cybercrime.” Not forgetting to mention, that the amount of damages will double within two years.

Corona also incited cybercrime

For, as the report says, “significant increase in the number of cases”, Martina Link gives several reasons: With the momentum of digitalization, driven by the Corona pandemic, many new opportunities for action have been created, which are also put to use. In addition, the economy of digital illegality has further developed: The situation report speaks of professional criminals and those who share jobs. It also talks about service economics capable of committing crimes, services provided in illegal bargains and hiring criminals. They offer everything that can be bought for Bitcoin, from credit card data networks to malware. And because the perpetrators distribute the work and work in different places, the police find it difficult to track them down. The detection rate is 30 percent, being below the average forensic police statistics (SCP).

Given the international crossroads of wrongdoers, Martina Link seeks cross-border cooperation. “This has developed positively in recent years,” she told Deutsche Wellen. And it shows the example of “Emotet” from last year. The police authorities of several countries had destroyed in a joint action the infrastructure of this malicious software system.

Boundary melting

The concern of the criminalist is that she sees an ever-increasing blurring of boundaries between criminal hackers and state-run hackers. Which would bring us back to the aftermath of the war in Ukraine. At the end of February, in Germany 3,000 wind power plants could not be connected to make progress. It is done with the internet and the plants connect to the network through a satellite operator. This one was attacked by hackers, exactly on the morning of February 24, the day the war started. Probably because the same operator is used by the Ukrainian authorities and the Ukrainian army.

In the latest annual report for the summer of 2021, the Office for the Protection of the Constitution in Germany writes: “Russian intelligence services make extensive use of cyber attacks, which are carried out in the geopolitical interests of Russia.” And it gives a list of hacker groups that are thought to be secret services. Among them is “Fancy Bear”, which has been active since at least 2004. But also “Snake”, a “striker with very clandestine behavior, with great technical experience and international goals.”

Haya Shulman is Professor of Informatics at Goethe University Frankfurt and Head of Department at the Fraunhofer Institute. She, as a cybernetics expert, is certain that no cyber-attacks related to the Ukraine war have been registered in Germany, which does not mean that they do not exist. “Successful cyber attacks are not detected,” Shulman told Deutsche Wellen. She mentions the attack on the German parliament, Bundestag in 2015. Or the attack on the Federation’s data network, in 2016. The attacked network, served for communication between the chancellor’s office, ministries and security authorities. Most of it is now disconnected from the internet, and is considered safe.DW

top channel