Norway’s foreign ministry is battling a powerful computer virus that has infected its systems for months and is viewed as serious, reported newspaper Dagbladet on Wednesday. Alarms rang in late August when the virus hadn’t been contained, and Dagbladet wrote that officials still don’t have it under control.
The virus is described as “completely new and advanced,” with its so-called “trojans” lying dormant for lengthy periods, only to suddenly flare up again and infect files. Dagbladet reported that the virus first infiltrated the ministry’s systems last spring and authorities thought it had been contained before the summer holidays. It wasn’t, and now there are fears that “sensitive information will go astray.”
Sources both within the ministry (Utenriksdepartementet, UD), at police intelligence agency PST (Politiets sikkerhetstjeneste) and at the Norwegian National Security Authority NSM (Nasjonal Sikkerhetsmyndighet) have confirmed the attack to Dagbladet, but officials at all three are otherwise refusing comment or trying to downplay it. A ministry spokesperson claimed that UD’s systems “are operating and functioning as normal” and declined to offer further details.
The refusals to comment come despite NSM’s own claims on its website that openness around cyber attacks can improve security. “Sharing information about cyber attacks is extremely important, to be able to better prevent them,” NSM director Kjetil Nilsen is quoted as saying. He added that when “something happens,” the target of the attack should alert other operations and authorities and “share information as quickly as possible, to contribute to the best possible operative handling.”
In this case, Dagbladet and news bureau NTB reported they’re staying mum. Dagbladet wrote that the attack is so serious, however, that the government has been oriented. There also are fears that a “foreign power” has gained access to state secrets, and may now sit with information that could damage Norwegian interests.
Norway’s military intelligence service known as E-tjenesten was also reported to be directly involved in the investigation into which nation may be behind the cyber attack. It’s been stressed, though, that Norwegian authorities can’t be certain it is another nation or whether a criminal organization is involved.
“Along with other state and private players, UD is steadily facing more or less advanced attempts at computer intrusion,” Hilde Steinfeld of UD’s communications division told Dagbladet. She said she had no information, though, that ministry employees’ information had been compromised after a cyber attack. She claimed that all of UD’s network traffic is monitored constantly, but wouldn’t comment on Dagbladet’s information in detail or on what if any measures had been taken, for security reasons. PST’s communications chief Trond Hugubakken wouldn’t comment either.
Email ‘the way in’
Hans Christian Pretorius, director of operations at NSM, wouldn’t comment on any specific attacks but did say that NSM had seen a trend in trojan attacks on Norwegian authorities. “The attacks we have seen against several Norwegian targets, and Norwegian infrastructure, are becoming more and more complicated,” Pretorius told Dagbladet. “They have become more difficult to detect and more difficult to get rid of.”
Pretorius added that “in 100 percent of the attacks I have worked with during the past year, e-mail has been the way in” to targets’ systems. Most often, he said, the attacks begin when an unsuspecting recipient of email that appears genuine opens an attachment.
He said foreign nations are “primarily” behind the attacks. Norway’s military intelligence agency has earlier, in its Focus 2015 report, identified Russia and China as “the most active players behind network-based intelligence operations directed at Norway. Both nations have high competence and show a high degree of determination in their attempts to reach Norwegian targets.”