The Foreign Ministry has been the victim of two serious cyber espionage attacks which may have had a detrimental effect on national interests, the secret services, Supo, announced on Wednesday.
At a press conference Supo said they believed ”state actors” were behind both attacks. However, the full identity of who was responsible is not yet known, Supo director Antti Pelttari told Yle.
Supo became aware of the first serious data breach in early 2013, and on investigating the incident discovered a second attack had taken place, which was described as ”very advanced and difficult to detect.”
Announcing the results of a preliminary investigation into the data thefts, a Supo spokesperson refused to comment on speculation that either the USA, China or Russia were behind the attacks, and said that they will not currently disclose which country or countries are believed to be responsible.
The Ministry of Foreign Affairs had previously stated that the target of the breaches was the ministry’s internal communications network, over which emails are sent.
Lower-level information
The Foreign Ministry’s Secretary of State, Peter Stenlund, told the press conference that the data breach involved so-called lower-level information. Both breaches involved spyware software sending information from within the ministry’s network to foreign servers and finally on to a user. In the second, more serious, attack, which is being investigated as aggravated espionage, Supo say the spyware software was linked to a website hosted by a foreign state authority.
The data breaches are being investigated as suspected espionage or aggravated espionage. Supo say that large amounts of material were taken from the Foreign Ministry, though did not comment further on the nature of the stolen information.
Outside tip-off
Initial suspicions of espionage were first made public last autumn, when Foreign Minister Erkki Tuomioja announced that a suspected cyber attack had taken place in early 2013. Tuomioja described the data breach as troubling both for the ministry and for Finland. He said a tip-off about the attack came from ”outside”, but did not specify from where or from whom. He said that the attackers had not managed to access the ministry’s most sensitive information.
On Wednesday the secret services said the espionage had been continuing for years, and said investigations were underway to establish further technical details of the attacks. They said that there is no official body in Finland which can be said to be immune from ”abnormal” network traffic.
Potentially damaging
Supo today presented the results of their initial investigation to parliament’s Security and Foreign Affairs Committee.
At a press conference the Foreign Ministry’s Secretary of State, Peter Stenlund, said that the data leaks had potentially damaged Finland’s national interests during negotiation situations.
Stenlund said that many other European countries have also fallen victim to similar data security breaches to those discovered to have taken place within the foreign ministry. He said that Belgium was one of those other countries, but refused to name any more.
Repeated attempts
Since the two breaches, a number of other espionage attempts have been detected, but the ministry’s protection systems have managed to deflect them, Stenlund said.
”Further information leaks have been prevented, insofar as they have been identified,” he said.
Responding to the question of whether a mole inside the ministry could be responsible for the security breach, Supo director Antti Pelttari said that the preliminary investigation had given no indication that internal staff were involved.