Are the data still available?
For a long time there was disagreement about whether the data can still be found on the internet. The National Center for Cybersecurity (NCSC) was able to give the all-clear over the weekend. The NCSC said the stolen federal data had disappeared from the affected dark website.
However, this report was later denied: According to two IT security experts familiar with the matter, the data was available again in the evening, they told Keystone-SDA news agency after testing. IT security expert Marc Ruef also wrote on Twitter Monday morning that the data was difficult to access, but accessible nonetheless. This is also evident from research by Watson.
Media claim that the website is of ransomware gang #Play unreachable and leaked data from #Xplain can no longer be downloaded. Sites used to be slow and unreliable, but they’re still up and running. pic.twitter.com/xcFiCsapKM
— Marc Ruef 𖢥 (@mruef) July 3, 2023
Apparently, as CH Media writes, there were problems because too many people wanted to download the data. The many requests then caused the server to crash.
According to an observer, the servers were down again on Monday morning. It remains unclear whether the federal government itself succeeds in pressurizing the hackers’ server through requests to such an extent that it collapses.
What data was stolen?
When the Federal Council commented on the data theft, it said “several million files” had been stolen. Over the weekend, media reports gave more detailed information about the case: as the “NZZ am Sonntag” and the “Sonntagsblick” write, highly sensitive documents from the federal police Fedpol were also stolen. Specifically, these are Federal Security Service documents classified as “confidential”.
Among the stolen documents is a document from 2018, which dealt with security measures for foreign diplomats and embassies, as well as persons and objects protected by the federal government. It contains not only the addresses of federal councilors, but also the private homes of individual top officials who are under the protection of Swiss security authorities. So-called Red Notices from Interpol also leaked, containing arrest and extradition attempts as well as wanted messages, which probably concern serious criminals.
In addition, federal office credentials could have been published, it said. However, so far there is no evidence that anyone would have used the information to access a federal IT system, the NCSC writes. In addition, several security measures were taken in the federal administration immediately after the ransomware attack, including changing all access data and logins.
Other documents include security arrangements of high-profile diplomatic visits and cell phone numbers of Fedpol employees. All this information is older, but according to the “NZZ am Sonntag” it is enough to get a concrete picture of the security measures of the Swiss Federal Police.
What does Fedpol say about the incident?
On Sunday, the federal police did not want to confirm the publication of individual documents, nor their topicality or context “so as not to anticipate the various ongoing and announced investigations”.
Fedpol now wants to clarify the circumstances under which the operational data reached the private servers. That is why it has also filed a report against unknown persons.
How are the reactions in politics?
The data breach also caused a stir in politics. There were many critical words. “There’s just still no general concept in the federal government,” SVP National Councilor Alfred Heer, chairman of the National Council’s Audit Committee, told SRF. The federal government is actually still in its infancy when it comes to cybersecurity, he says. That is why he calls on the Federal Council to take action: “We must finally implement a strategy that applies to all departments. We notice that the administrative units – to put it bluntly – each do something for themselves.”
FDP National Councilor and security politician Maja Riniker was also concerned about SRF. The data is sensitive, even if it’s older, she says. “This circumstance should not and should not happen,” criticizes Riniker, demanding that the first step should be to find out exactly how the data theft could have happened in the first place.
Gerhard Andrey, Green National Councilor and security politician, is now demanding more money for cybersecurity as a result of the attack. Army resources should rather be invested in cyber defense than in heavy war material, the Freiburger demands. Because Switzerland, as a country with many solvent companies, is a particularly attractive target for such cyber attacks. “But Switzerland is also more exposed than others as the seat of UN agencies.”
What had happened before?
Hackers from the “Play” group attacked a vulnerability on the servers of the IT service provider Xplain with ransomware and stole data from the federal government. Not receiving a ransom, they published the first data from Fedpol and the Federal Office of Customs and Border Protection (BAMF) on the dark web on June 3. Then, about two weeks ago, they posted further operational data from the federal administration on the dark web. The federal prosecutor’s office has started proceedings.
The Federal Council on Wednesday approved the mandate for a crisis team called “data outflow”. This is to coordinate the work after the hacker attack. “It must be ensured that this outflow of data does not continue and that something like this is no longer possible in the future,” said Federal Councilor Karin Keller-Sutter on Wednesday. She described the data outflow as “disturbing”.
Finally, the federal government evaluated and analyzed the incident and the affected data package. The Federal Council assumed that this could take several weeks to months.
(dab, with footage from Keystone-sda)
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
