NATO cyberwarfare experts suspect that Chinese and Russian intelligence services are behind a recent uptick in cyberattacks against the Western alliance. SPIEGEL ONLINE has learned that NATO's cyberwarfare unit registers up to 30 such attacks each day. Employees have been warned to be on their guard.
The number of cyberattacks perpetrated against NATO is on the rise, say experts at alliance operational headquarters, with most of them apparently originating with intelligence services in Russia and China. "Each day, we are seeing up to 30 significant attacks on our digital networks or on individual computers, mostly by way of emails infected by spyware and sent to individual NATO employees," Lieutenant General Kurt Herrmann told SPIEGEL ONLINE on the sidelines of an informational seminar at the Supreme Headquarters Allied Powers Europe (SHAPE) located in Mons, Belgium.
Herrmann heads up a unit of 120 NATO computer experts whose task is protecting sensitive data belonging to the alliance from cyberattacks. The unit, called the NATO Communication and Information Systems Services Agency, or NCSA for short, collects details on all attacks that target NATO information systems. It was founded in 2004, has been operational since 2005 and is to be further expanded next year. Two years ago, the NATO alliance officially identified the danger of cyberattack against member states as a strategic threat.
Herrmann is concerned about recent developments. His experts, he says, have noted "a quantitative, but also a qualitative, increase" in the virtual attacks targeting the alliance. In many cases, emails carrying the hidden spyware are a mixture of classic intelligence service work and hacker software. In many cases, attackers have made the effort to find out personal details about the target so as to make their mails more convincing. When the recipient opens the attachments, a piece of software known as a Trojan installs itself on the computer and begins transferring data to an overseas server.
The 'Human Factor'
When it comes to the origins of the hacker attacks, Herrmann declined comment. But SPIEGEL ONLINE has learned from other sources that some of the malware used in cyberattacks on NATO resemble programs that are known to have been used by Chinese and Russian intelligence service organizations. Alliance experts thus believe that the two countries may be behind the attacks. Just how successful the attacks may have been in pilfering sensitive documents from the alliance is unknown. NATO says that, so far, they only know of the attacks that have been discovered and prevented.
It is clear in SHAPE headquarters just how seriously the dangers of cyberattacks are being taken. At the entrance to the security zone hangs a sign with the current level of conventional danger. Above that is a blinking LED display warning against the opening of attachments on work computers. There are additional signs posted throughout the building. Indeed, the so-called "human factor" is generally considered to be the weakest link when it comes to defending digital networks from cyberattacks. Spyware such as that targeting NATO has repeatedly found success in the past, even in attacks against such agencies as the US Department of Defense.
NATO believes that foreign agencies are hoping their cyberattacks will produce as much classified data as possible, from diplomatic cables to details from countries like Afghanistan where the alliance is active. Officials, however, have also noted a rise in political attacks as well. Early in the air campaign over Libya in the spring of 2011, for example, a NATO website was hacked and the alliance was branded as murderers. The attack, however, was discovered quickly and remedied.