Are the data still available?
There was temporary confusion as to whether the data can still be found on the internet. Over the weekend, the National Center for Cyber Security (NCSC) wanted to give it all-clear. The federal agency announced that the stolen federal data had disappeared from the affected dark website. However, this contradicted Watson’s research.
The NCSC report was subsequently denied: According to two IT security experts familiar with the matter, the data was available again in the evening, they told Keystone-SDA news agency after testing. IT security expert Marc Ruef also wrote on Twitter on Monday morning that the data was difficult to access, but was online.
Media claim that the website is of ransomware gang #Play unreachable and leaked data from #Xplain can no longer be downloaded. Sites used to be slow and unreliable, but they’re still up and running. pic.twitter.com/xcFiCsapKM
— Marc Ruef 𖢥 (@mruef) July 3, 2023
As CH Media writes, there were probably technical problems because too many people wanted to download the data at the same time. The many requests then most likely temporarily brought the server to its knees.
According to an observer, the servers were “down” again on Monday morning. It remains unclear whether the federal government itself will succeed in pressuring the hackers’ server through requests to such an extent that it will collapse.
What data was stolen?
When the Federal Council commented on the data theft, it said “several million files” had been stolen. Over the weekend, media reports gave more detailed information about the case: as the “NZZ am Sonntag” and the “Sonntagsblick” among others reported, highly sensitive documents from the federal police Fedpol were stolen. Specifically, these are Federal Security Service documents classified as “confidential”.
Among the stolen documents is a document from 2018, which deals with security measures for foreign diplomats and embassies, as well as persons and objects protected by the federal government.
It contains not only the addresses of federal councilors, but also the private homes of individual top executives of the Swiss security authorities who are under protection.
So-called “Red Notices” from Interpol have also been leaked, which include attempted arrests and extradition, as well as wanted messages, which are believed to be about serious criminals.
In addition, federal office credentials could have been published, it said. However, so far there is no evidence that anyone would have used the information to access a federal IT system, the NCSC writes. In addition, several security measures were taken in the federal administration immediately after the ransomware attack, including changing all access data and logins.
Other documents include security arrangements of high-profile diplomatic visits and cell phone numbers of Fedpol employees. All this information is older, but according to the “NZZ am Sonntag” it is enough to get a concrete picture of the security measures of the Swiss Federal Police.
What does Fedpol say about the incident?
The federal police did not want to confirm on Sunday the publication of individual documents, nor their topicality or context “so as not to anticipate the various ongoing and announced investigations”.
Fedpol now wants to clarify the circumstances under which the operational data reached the private servers. That is why it has also filed a report against unknown persons.
How are the reactions in politics?
The data breach also caused a stir in politics. There were many critical words. “There’s just still no general concept in the federal government,” SVP National Councilor Alfred Heer, chairman of the National Council’s Audit Committee, told SRF. The federal government is actually still in its infancy when it comes to cybersecurity, he says. That is why he calls on the Bundesrat to take action: “We must finally implement a strategy that applies to all departments. We notice that the administrative units – to put it bluntly – each tinker a bit for themselves.”
FDP National Councilor and security politician Maja Riniker was also concerned about SRF. The data is sensitive, even if it’s older, she says. “This circumstance should not and should not happen,” criticizes Riniker, demanding that the first step should be to find out exactly how the data theft could have happened in the first place.
Gerhard Andrey, Green National Councilor and security politician, is now demanding more money for cybersecurity as a result of the attack. Army resources should rather be invested in cyber defense than in heavy war material, the Freiburger demands. Because Switzerland, as a country with many solvent companies, is a particularly attractive target for such cyber attacks. “But Switzerland is also more exposed than others as the seat of UN agencies.”
What has happened so far?
At an unknown time, hackers exploited a vulnerability in Swiss IT services provider Xplain and stole data stored on the company’s servers, including data from the federal government and various police authorities. Then, cyber criminals launched an encryption malware (ransomware).
On June 28, the Federal Council approved the mandate for a crisis team called “Data Outflow”. This is to coordinate the work after the hacker attack. “It must be ensured that this outflow of data does not continue and that something like this is no longer possible in the future,” said Federal Councilor Karin Keller-Sutter on Wednesday. She described the data outflow as “disturbing”.
Numerous experts are still evaluating and analyzing the incident and the affected data package. According to the Federal Council, it is assumed that this could take several months.
(dab, with footage from Keystone-sda)
The ransomware attack and its consequences
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
