interview
Report from the Federal Criminal Police Office
More and more cyber attacks: Expert explains what that means in concrete terms
The number of cyber attacks from abroad is growing. According to the industry association Bitcom, attacks from Russia and China have even doubled.
© Nicolas Armer / DPA
There were significantly more cyber attacks in 2023 than in the previous year. A large proportion came from abroad – especially from China or Russia. Expert Sven Herpig explains what consequences this has for consumers and where the line between crime and war lies.
Mr. Herpig, according to the BKA’s current report, there were 28 percent more cyber attacks from abroad in 2023 than in the previous year. Who exactly is attacking whom or what?
The Federal Criminal Police Office counts activities with a criminal background. These are organized criminals whose victims are primarily companies. Because the criminals want to make money with their activities.
How does an attack like this work?
There isn’t just one scheme, but it’s often like this: an email is sent to a company. This email is intended to persuade the recipient to click on an attachment or a link. By clicking on the link, the criminals gain access to the company’s network. They spread there. Usually they roll out something called ransomware. This is a program that first copies data from the network and then encrypts it. They then say to the company: Either you pay or you won’t get your data back. If the company refuses to pay, for example because it already has a backup, the criminals threaten to publish the data.
© Sebastian Heise
To person
Sven Herpig, 38, is head of cybersecurity policy and resilience at the think tank “New Responsibility Foundation”. Previously, he worked for federal authorities for several years, first as an employee of the IT security staff at the Federal Foreign Office, then as deputy head of the cyber security department at the Federal Office for Information Security.
That sounds rather harmless for individuals.
It can be very unpleasant to find your data published on the Internet. If you then imagine that it is sensitive data, even more so – for example information that comes from a hospital system. Above all, the stolen information can be used against the people in a further step: for example, to direct better phishing activities against them – i.e. to write them the type of email that gets them to click on a link to click. For example, let’s say Person A is affected by an intrusion into a hospital system. This gives criminals information that Person A regularly receives laboratory reports. The criminals then write person A an email with a link to an alleged laboratory report. This will of course increase the criminals’ success, especially if they can refer to real laboratory values.
Phishing emails personalized in this way sound like a lot of effort. Does that happen so often?
How often this happens is unclear. The secondary use of such stolen information has not been analyzed enough to date. But of course it has to be said that cybercriminals want to make as much money as possible with little effort. They don’t necessarily achieve this by buying up data sets and writing to individual people. That’s why, as I said, companies are the more popular targets.
Are there other ways in which an individual can be affected by such corporate hacks?
Yes, but indirectly. When criminals break into company systems, their products are often unavailable, at least for a short period of time. In the long term, companies may have to pass on the damage to customers in the form of price increases.
Now not only companies but also authorities are being hacked.
Yes, a famous example is the Anhalt-Bitterfeld district, which was paralyzed by cyber criminals in 2022. This definitely affected the local people, because it was not possible to issue vehicle license plates or, for example, to pay out social assistance.
Cyber attacks: Authorities are also popular targets
This is a special kind of threat, especially given that the number of attacks from Russia and China have doubled, according to industry association Bitcom. Can we still distinguish between criminal gangs that just want to make money and attacks on the state?
No, that is not clear. In some cases, especially in Russia, but also in China, cybercrime takes place at the state nexus. Criminals then pass on their information to intelligence services, for example. There have already been cases in which Russian criminals have targeted NATO-related documents. They then passed them on to the Russian security authorities. Such cases are a gray area between these two areas. But that still cannot be considered an activity in the sense of war.
And when would one speak of a war?
In Europe you notice that so-called “pre-positioning” is happening more and more frequently. In this case, an attempt is made to gain access to the critical infrastructure. So on electricity, water, transport or telecommunications in order to be able to switch them off at a certain point in time. Another example: There are currently debates about what will happen if there is a heated conflict between the United States and China over the Taiwan dispute. It is currently assumed that Chinese cyber operations would primarily target the United States’ control structures, i.e. communications and logistics centers, in order to slow down the armed forces. This means that China could win the conflict militarily before the USA could effectively intervene.
How is Germany’s security structured here?
It is very important to differentiate here: Are cybercriminals attacking to make money? Or are intelligence services attacking with political interests? Germany has worked a lot on the former in recent years and improved safety standards. Of course, much more needs to be done in this area. And when it comes to intrusion by intelligence services, one has to say: If China, Russia or the USA want access to our critical infrastructure, then they will get it. This is a question of resources, motivation and time.