German security officials allowed hackers “controlled” access to government networks in order to track possible culprits and their methods, a top interior ministry official said Thursday, as outraged lawmakers complained about being kept in the dark.
Deputy Interior Minister Ole Schroeder told the RND newspaper group security officials were able to “isolate and bring under control” the attack, while tracking the hackers to learn more about how the attack was executed.
Economy Minister Brigitte Zypries pushed back against initial media reports blaming the attack on Russian hacking group APT28, which experts say has clear links to Moscow.
Zypries told reporters it would be “problematic” if Moscow were found to have launched the attack, as German media have reported. But she added: “At this moment there is no discussion of that. We cannot say anything at this point.”
Germany on Wednesday said security officials were investigating an isolated attack on its government computer networks, but the incident had been brought under control. It did not confirm media reports that the foreign and defence ministries were affected by the attack.
Schroeder said security measures were still being implemented, but declined to provide further details.
Security officials said they learned of the breach some time ago. Media reports said it was detected in December but may have been under way for up to a year.
Government officials briefed the parliamentary committee that oversees intelligence agencies about the incident for the first time around midday on Thursday, as opposition lawmakers questioned why they had not been informed earlier.
Government officials were also due to meet with the lower-level parliamentary committee on digital issues.
Patrick Sensburg, a conservative and member of the oversight committee, told broadcaster ZDF the attack involved more complex malicious software and targeted more sensitive data than a 2015 breach of the German parliament, that government officials later said was carried out by the Russian hacking group.
Sensburg said there had been rumours about a possible breach of government networks, but his high-level committee had not been informed about the attack by government officials.
He said it remained unclear whether any data was stolen as a result of the breach, and if so, what sort of data.
Sensburg said this attack was clearly focused on more sensitive data than the earlier hack.
Bild newspaper said security officials were struck by the sophistication of the attack, which exceeded levels previously seen, and therefore assumed it was not carried out by the same group that carried out the 2015 hack.
Benjamin Read, head of cyber espionage analysis at FireEye, a U.S.-based cyber security firm, said the German incident could be part of a series of attacks carried out by APT28 against U.S. and European government-related entities in 2016 and 2017.
Konstantin von Notz of the Greens, an oversight committee member, said it was “very frustrating” that the government had not informed the panel before the story broke in the media.
Andre Hahn, a member of the far-left Left party, said the failure to inform the oversight committee was a clear violation of law, especially since it had met several times in December.
The incident also revived debate about a push by top German intelligence officials for more legal authority to “hack back” in the event of cyber attacks from foreign powers.
Conservative lawmaker Roderich Kiesewetter told Die Welt the attack showed that state agencies needed more funds and staff.
But von Notz said there were critical legal questions to clear up about such actions, adding, “In the end those would be acts of war, if we attacked someone else’s servers,” he said.
Western governments and security experts have linked APT28 to a Russian spy agency, and have blamed it for an attack on the Democratic National Committee ahead of the 2016 U.S. elections.
Moscow has previously denied in any way having been involved in cyber attacks on the German political establishment.