Breach Notification , Incident & Breach Response , Managed Detection & Response (MDR)

Norway's Parliament Investigates Email Hacks

Hackers Accessed Accounts of Elected Officials, Government Employees
Norway's Parliament Investigates Email Hacks
The Norwegian parliament, known as Storting, is located in Oslo.

The Norwegian parliament, known as the Storting, is investigating the hacking of email accounts of some elected officials and government employees.

See Also: A Better Way to Cover the Bases for Breach Protection

While it appears that the hackers were able to access a "small number" of accounts and remove data, the initial investigation did not determine what information might have been taken, says Marianne Andreassen, the Storting’s nonelected chief administrator.

"We take the case very seriously, and we have full attention to analyzing the situation to get an overall picture of the incident and the potential extent of damage," Andreassen notes.

She says her office is notifying those affected and that additional security measures have been put in place to help prevent further hacking.

"We must constantly work with IT security against a demanding threat picture," Andreassen says. "New measures are being considered on an ongoing basis to strengthen security in the Storting."

On Wednesday, the Norwegian Police Security Service, the country's national security service that oversees counterintelligence operations and cybercrime, announced on Twitter that it would investigate the incident to determine if a nation-state threat actor was involved.

Other Hacking Incidents

Other European parliaments have been hacked in recent years.

For example, in 2015, Germany's lower house of parliament, known as the Bundestag, found that its PCs and servers had been hacked using malware, and attackers gained administrative-level rights for the entire network and infrastructure (see: German Parliament Battles Active Hack).

In May, the newspaper Sueddeutsche Zeitung reported that German prosecutors believed a Russian hacker, apparently a member of an elite military unit, was responsible for the 2015 hacking incident, which included the theft of thousands of emails.

The report indicated that Dmitriy Sergeyevich Badin, a 29-year-old Russian national was the main suspect in the case and that the German attorney general's office had then obtained an international arrest warrant for him (see: Russian a Suspect in German Parliament Hack: Report).

In September 2019, Reuters reported that Australian intelligence determined that Chinese hackers with connections to the government were responsible for hacking that country's parliament, as well as several political parties, ahead of a general election in May of that year.

And in June, Australian Prime Minister Scott Morrison warned that hacking groups were attempting to attack various government agencies and critical infrastructure in that country, according to CNBC.

Vulnerable Communications

Elected officials worldwide need to be aware that their email accounts and other means of communication are prime targets for hacking groups, says Tom Pendergast, chief learning officer at MediaPro, which provides security and privacy training.

"With every incident like this, it is best that politicians recall - indeed that all of us recall - that anything we communicate via electronic means is potentially vulnerable to attack and thus to public disclosure," Pendergast tells Information Security Media Group. "There are few true secrets when data is exchanged digitally, except when exceptional security precautions are in place."

Pendergast noted the hack of the Democratic National Committee by Russian-linked hackers in 2016 should have been a wake-up call about what could happen when email accounts are hacked. But governments continue to make mistakes when it comes to securing their infrastructures.

"If the lessons of the Hillary Clinton campaign emails of 2016 have been learned, then politicians will be well aware of the need to keep official and confidential correspondence within the most secure channels," Pendergast noted. "What we'll soon find out is how secure Norway’s email system actually was."

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.