An interesting news story broke this weekend in Germany. According to reports in Der Spiegel, the BND – Germany’s foreign intelligence service – used spyware to monitor the Ministry of Commerce and Industry in Afghanistan.
Confidential documents, passwords and email communications are said to have been compromised by German spies, and sent to the BND’s headquarters in Pullach, Germany.
The news follows revelations last week that the BND had intercepted emails between Spiegel journalist Susanne Koelbl and Afghanistan’s Commerce Minister Amin Farhang.
Understandably, a diplomatic row has erupted between the two countries as a result of these revelations.
Of course, there have been rumours and accusations of different countries spying on each other using malware in the past.
For instance, in September 2007, the Financial Times reported that the Chinese military were being blamed for a cyberattack which targeted a Pentagon computer system serving the office of US defense secretary Robert Gates. The newspaper reported that the People’s Liberation Army (PLA) were being blamed for perpetrating the attempted hack. Media reports in The Guardian claimed that the British and German governments have also been subject to similar probes by hackers working for the PLA.
The fact is that spying has been going on between countries for thousands of years – whether it be for commerical or military advantage. It would be dumb to think that nations would not take advantage of computers and the internet to assist them in their espionage activities, so we shouldn’t be too surprised to read these reports coming from Germany and Kabul.
Sophos’s position is that we detect all the spyware that we know about – regardless of who its author may be. So, if this German-built spyware really does exist and it arrives in SophosLabs we will add detection of it regardless of whether it may be state-sponsored. Indeed, perhaps with our proactive detection we may already be detecting it.
The advice for companies, organizations and governments alike is to keep their malware defenses up-to-date and ensure that proper security is in place to prevent intruders (be they cybercriminals or foreign government spies) from stealing information.