Understanding geopolitics is key to understanding the perpetrators and victims of cyber espionage. This is one of the key messages from the German federal domestic intelligence service (BfV) 2016 annual report (summary PDF).
“Germany,” it notes, “is of interest in its role as a geopolitical player, as a member of NATO and the EU and on account of its economic strength and innovative businesses.” For slightly different reasons, this makes Germany a nation of interest to the three primary cyber adversaries, Russia, China, and Iran.
Its relatively open attitude to immigration adds to the list of adversaries. “Oppositional groups in Germany from foreign intelligence services’ home countries are another target of espionage activities,” it adds.
Russia, suggests the BfV, advocates a multipolar world — but is suffering economically from the EU’s economic sanctions imposed over the Crimea/Ukraine crisis. A key driver in Russian foreign policy is to induce the West to lift these sanctions. “Obtaining advance information about the positions of the Federal Government and opposition parties increases Russia’s leverage in negotiations and creates opportunities for counter-measures.”
This has led the Russian intelligence services to focus in Europe on the strained relationship between the EU and Turkey, the EU post-Brexit, and the European policy on security and defense — as well as keeping a close eye on Europe’s position over Russia’s military intervention in Iraq.
For example, the Russia-linked Sandworm malware has actively targeted government sites, the NATO military alliance, utilities and telecommunications firms in recent years.
Propaganda and disinformation are also key methods used by Russia. “Tools,” says the BfV, “include social networks, the microblogging service Twitter, government-funded and private institutes and Russian state media. TV, radio and online channels worldwide are used for propaganda and disinformation campaigns.” Internet trolls are used extensively to influence public opinion and push pro-Russian views.
APT 28 (Fancy Bear) has continued its activity against German political parties, and the BfV assumes that Russian state agencies are trying to influence parties, politicians and public opinion, with a particular eye to the 2017 parliamentary election.
Chinese activities, suggests the BfV, are guided by three key policies: territorial integrity and protecting the communist party’s hegemony; expanding China’s geopolitical and military power; and modernizing the economy. “For this reason,” it says, “the intelligence services’ activities abroad are primarily focused on gathering intelligence about political decision-making processes, on obtaining technological know-how and on the opposition to the system.”
The importance of the Chinese intelligence services has grown since Xi Jinping came to power in 2013, and has shifted towards political espionage. “They are now trying to obtain more information about supranational entities such as the EU and about international conferences such as the G20 Summit. Moreover, the country is very interested in policy positions on China, e.g. recognition as a market economy or territorial disputes in the region of the South China Sea.”
In Germany, the focus of attention is on industry, research, technology and modern weapons technology. China also monitors attitudes of and towards what it calls the ‘Five Poisons’; comprising the ethnic minorities of the Uyghurs and Tibetans seeking autonomy, the anti-regime Falun Gong movement, the democracy movement, and proponents of sovereignty for the island of Taiwan.
China, warns, the BfV, uses LinkedIn and Facebook “to recruit informants on a large scale. Their approach is almost always the same: Ostensible researchers, recruiters and headhunters contact persons with promising profiles and try to lure them with attractive opportunities. Finally, they invite these persons to China where they are approached by the intelligence services.”
The primary motivation for the Iranian intelligence services is to spy on and suppress opposition movements at home and abroad. In Germany, there is a focus on (pro-) Jewish and Israeli targets. Interestingly, however, the BfV has found less evidence of Iranian attempts to acquire proliferation-sensitive material for its nuclear program since the Joint Comprehensive Plan of Action was agreed. At the same time, attempts to obtain material for its missile program (not covered by the nuclear agreement) has remained constant.
In all of these activities, the importance of cyber as opposed to physical espionage has grown. “However, cyber-attacks may be used not only for espionage but also for sabotage purposes. This is a threat in particular with regard to critical infrastructures.”
The BfV also warns that cyber activity hasn’t completely replaced physical espionage. “Instead, both forms of espionage complement each other, thus producing an increased threat potential. The potential targets of espionage activities therefore need to safeguard their protected property both against attempted attacks from outside and against disloyal employees in their own organizations (‘insider attacks’) who are recruited, blackmailed or even specifically infiltrated into the organization by foreign intelligence services.”
Protecting the private sector from economic espionage and sabotage is, says the BfV, the joint responsibility of government and industry. On 26 April 2016, the BfV and other authorities and industry associations, launched the Economic Security Initiative (Initiative Wirtschaftsschutz). Coordinated by the Federal Ministry of the Interior, stakeholders can jointly develop and implement measures to improve economic security.”
