Germany challenges Russia over alleged cyber attacks

The head of Germany's domestic intelligence agency has accused Russian rivals of gathering large amounts of political data in cyber attacks..

Moscow denies it has in any way been involved in cyber attacks on the German political establishment.

Hans-Georg Maassen, president of the BfV agency, said "large amounts of data" were seized during a May 2015 cyber attack on the Bundestag, or lower house of parliament, which has previously been blamed on APT28, a Russian hacking group.

Maassen repeated his warning from last December in which he said Russia was increasing cyber attacks, propaganda, and other efforts to destabilise German society.

Some cyber experts have drawn clear links between APT28 and the GRU Russian military intelligence organisation.

Maassen said there had been subsequent attacks after the 2015 Bundestag hack that were directed at lawmakers, the Christian Democratic Union (CDU) of Chancellor Angela Merkel, and other party-affiliated institutions, but it was unclear if they had resulted in the loss of data.

Germany's top cyber official last week confirmed attacks on two foundations affiliated with Germany's ruling coalition parties that were first identified by security firm Trend Micro.

"We recognise this as a campaign being directed from Russia. Our counterpart is trying to generate information that can be used for disinformation or for influencing operations," he said. "Whether they do it or not is a political decision ... that I assume will be made in the Kremlin."

Maassen said it appeared that Moscow had acted in a similar manner in the United States, making a "political decision" to use information gathered through cyber attacks to try to influence the US presidential election.

He said Germany was working hard to strengthen its cyber defences, but also needed the legal framework for offensive operations.

Berlin was studying what legal changes were needed to allow authorities to purge stolen data from third-party servers, and to potentially destroy servers used to carry out cyber attacks.

"We believe it is necessary that we are in a position to be able to wipe out these servers if the providers and the owners of the servers are not ready to ensure that they are not used to carry out attacks," Maassen said.

He said intelligence agencies knew which servers were used by various hacker groups, including APT10, APT28, and APT29.

The German government also remained deeply concerned about the possibility that German voters could be manipulated by fake news items, like the bogus January 2016 story about the rape of a 13-year Russian-German girl by migrants that sparked demonstrations by over 12,000 members of that community.

He said another attempt was made in January shortly after the Social Democrats named former European parliament president Martin Schulz as their chancellor candidate, with a Russian website carrying a blatantly false story about Schulz's father having run a Nazi concentration camp.

However that story did not receive as much attention.

Officials also remained concerned that real information seized during cyber attacks could be used to discredit politicians or affect the election, he said.