Probable Russian spyware discovered in Latvia's Interior Ministry system

The IT systems of Latvia's Interior Ministry have been affected by spyware, probably of Russian origin, reported LTV's De facto investigative news show November 25.

A month ago, the Constitution Protection Bureau (SAB) told the press that Latvia's cyber space has been attacked by the same Russian state hacker group that involved in the infamous cases of alleged Russian attacks against the international chemical weapons watchdog and the World Anti-Doping Agency.

Even though the virus in Interior Ministry systems was discovered three years ago, officials are slow to confirm Latvia's systems are safe now. Nevertheless it is thought that systems with access to important state data were unaffected.

The breach was discovered in 2015 after Interior Ministry systems were merged under a single watchdog.

"I can confirm that CERT.lv [the national cyber security agency] discovered the breach and acted accordingly. As the supervisory institution, we have informed SAB and asked the bureau to include this matter on the agenda of the National Security Council," said Jānis Garisons, the State Secretary of the Defense Ministry.

CERT.lv have confirmed that the spyware's signature is consistent with programs made by Russian security services.

"It is not a figment of our imagination, but instead technical artifacts that have been discovered and announced publicly...this is nothing unique to Latvia," said CERT.lv vice head Varis Teivāns. 

The Interior Ministry meanwhile does not reveal the extent of the breach and what data could have been accessed remotely.

"One of the primary matters on which the experts are working is whether this 2015 virus still exists in the system," said Dimitrijs Trofimovs, an official at the Interior Ministry.

"But, as concerns, all of the cases that were discovered in 2015... the computers have been removed from service," he said.

It is thought that the virus had affected the interior system for several years.

"Malware of this type is not really your classical computer virus, as it's something that's designed to be very difficult to discover...the attacker can do anything a regular user can on a compromised system," said Teivāns.

While the Interior Ministry systems have data on the entire population of Latvia, as well as data on criminal cases and other information, according to Trofimovs these systems weren't hacked and the systems did not have access to state secrets.

"We stress that the IT infection was discovered in public infrastructure and is not related to such information systems that are used to process classified information (state secrets) electronically," said SAB official Iveta Maura. 

Even though the spyware was discovered three years ago, the ministry has trouble solving the problem. The ministry has been granted extra funding to solve the security risks, and an audit is expected at the joint Interior Ministry system.

"The problem lies not in swapping one computer for another, but, evidently, in the IT management itself, which oversees and controls people with access. This may be the weak link which has to be changed more radically," outgoing PM Māris Kučinskis told LTV.

CERT.lv point out that currently officials are becoming more aware about the meaning of cyber safety. The Defense Ministry has lead seminars in which high-ranking officials were educated over cyber security issues, as, Garisons says, educating the IT personnel is not always enough.

The SAB meanwhile stresses that potential cyber attackers have large resources at their disposal. There are no completely safe IT systems but the main challenge is setting them up in a way that allows quickly discovering any breaches.

One of the main risks for large institutions is, however, the catastrophic lack of IT security specialists.

0 comments
Comment
Comment using your social media profile
Defense
Society