The hackers may still be inside the government’s systems – news Norway – Overview of news from various parts of the country

On Monday morning, it became known that 12 ministries have been exposed to a computer attack. It is unclear who is behind it, and what is possibly going astray. It is also possible that unauthorized persons still have access to the authorities’ computer systems. – Has the threat actor been completely thrown out? – We do everything we can to limit the damage and throw out the threat factor. – We are continuously working on measures to strengthen security around this, but we are still in an early phase. So here we will be working for a long time, with a view to further measures, says director of the National Security Authority (NSM), Sofie Nystrøm, to news. No e-mail on mobile An emergency team was set up on 12 July, when a security hole was discovered in the ministries. The ministries’ security and service organization (DSS) uncovered a data attack on the ICT platform of 12 ministries, and sounded the alarm. Key people were called back from holiday, and have worked on the case together with external data experts and Kripos. One of the short-term measures is that employees in the ministries do not have access to e-mail on their mobile phones. The platform that has been attacked is used by all ministries except the Prime Minister’s office, the Ministry of Defence, the Ministry of Justice and Emergency Preparedness and the Ministry of Foreign Affairs. Sofie Nystrøm, director of NSM, says it is professional players who are behind it. Here she is with Justice Minister Emilie Enger Mehl and Defense Minister Bjørn Arild Gram after a press conference before the summer. Photo: Fredrik Varfjell / NTB – Not boys’ room The authorities do not want to speculate on who could be behind the attack. – It is early in the analysis, but this is obviously an actor with strong resources. It is not about boys’ room hacking, says Nystrøm in NSM. She describes the attack as follows: – There is an actor who has tried to get inside. First through a main entrance door, and then tried to map where the archives are. Where is something interesting? They map values, and then try to gain access to new spaces. – After a burglary, you often make a list of what has been stolen, what has been stolen here? – In the phase we are in now, which is very early, we are working to get a full overview. We know a little about what the threat actor has been up to, but we are not yet releasing a full overview publicly. They have managed to gain a foothold, and it is serious. They have arrived on the inside of the ministries’ platform. Torgeir Waterhouse is not surprised by the attack. Photo: Hans Kristian Thorbjoernsen / Otte Four possible motives Technology and security expert Torgeir Waterhouse is not surprised that this has happened, and says that attempts are made all the time. – When we know how complex our systems are and how advanced the attacks are, it is often a matter of time before someone succeeds in the attacks, he says to news. – Who can be behind it? – Normally, it is either activists, criminals or states. It is not entirely unlikely that a state actor is behind it, given the geopolitical situation and who is being attacked. He highlights four possible motives for the attack: Insight into Norwegian politics. A desire to stress Norway. Get information that can be used as a pressure tool. Or info that has a commercial value. Worked in secret for 12 days – It will be a disadvantage or damage for Norway anyway if information is going astray, says Waterhouse. He does not think the government has been naive, and says he is more concerned about the general population’s attitude to data security. NSM is now working closely with the supplier of the software that was attacked, and an international alarm has been raised about the security hole. They have been working on the case in secret for 12 days, waiting to inform the public. – We wanted to give those who own the software the opportunity to plug the holes, before we went public with what actually happened, says Nystrøm.



ttn-69