Research

Cyber-Attacks hit German Governmental Network

Written by Reflare Research Team | Mar 2, 2018 1:57:00 PM

German officials have confirmed a major security breach at a government network, but they are not revealing any additional information or the nature of the attack, even though different media agencies are reporting wildly different versions of what happened.

First Published 2nd March 2018

Government communications between Berlin and Bonn were compromised. 

3 min read  |  Reflare Research Team

According to Deutsche Welle (Germany’s public international broadcaster), German officials were informed of an apparent breach of a major governmental network by unnamed foreign colleagues on December 19th 2017. Since little information was provided, it allegedly took specialists working for the German government until the middle of January 2018 to confirm the attack.

The infiltrated network appears to be the Informationsverbund Berlin-Bonn; a high-security isolated network used to facilitate communications between offices in Berlin (the current German capital city) and Bonn (the former capital city). The entry point attackers used to access the network is reportedly a computer used by the German Federal University of Applied Administrative Sciences. The total amount of stolen data is reported as minimal by German authorities.

Blame and differing reporting

During our research for this briefing, the gap between what was reported in German sources (e.g. DW [German]) and US sources (e.g. NPR) was significant. US sources reported that the hack had been carried out by APT-28 (“Fancybear”) - the group that allegedly hacked Democratic National Convention servers during the 2016 US election. German sources instead reported that the hack was performed by a different group - usually codenamed “Snake” about which much less is known.

Furthermore, US sources tended to hype the extent of the hack while German sources tended to downplay it.

What leads to such differences?

For one, the reporting habits of German and US news organizations, and the news consumption habits of citizens in the two countries, vary widely. German consumers by and large tend to react negatively to the hype, while US consumers react negatively to real or perceived issues being downplayed. Some would say these preferences are mirrored in reporting habits.

More importantly however, the uncertain nature of cyber attacks leaves them open to interpretation. Without lying, very different narratives can easily be created from the limited available information. As such, both countries’ media outlets appear to be interpreting the story based on different assumptions. It could be asserted that the media narrative is being altered to align with particular interests - with German outlets downplaying the attack to prevent a panic and US outlets hyping it to put the known attacks against the US in perspective.

What is important to acknowledge is that neither side is spreading outright disinformation. Both have found legitimate experts who have come to reasonable conclusions based on the very limited data available. The bias appears to merely lie in which experts are quoted.