Sensitive Danish business information fell into the hands of state-sponsored hackers in 2012, newly-obtained documents reveal.
Through a freedom of information act, DR obtained reports that detailed previously-secret hacks against the Business and Growth Ministry, the Danish Maritime Authority (Søfartsstyrelsen) and Statens IT, which provides IT services to a number of government authorities.
At least four Danish companies, including Novozymes, were also targeted, DR reports.
The hacks were carried out in April 2012, and according to the newly-obtained report from the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste – FE), the attacks were “state-sponsored”. They were also incredibly sophisticated.
“I have worked with IT for 20 years, and I have never seen anything like it before,” Søren Vulff, a Statens IT spokesman, told DR.
According to the FE report, the hacks targeted sensitive information on Danish shipping companies and the merchant navy.
The Danish authorities only became aware of a security breach after a tip-off from an American IT expert who discovered files from the Maritime Authority on a US server that was known to be controlled by hackers.
After the tip-off, the compromised files were traced to a Maritime Authority employee’s computer that had been infiltrated via an email attachment containing a virus. When the employee opened the infected PDF file, hackers were given back-door access to the contents of his computer and the rest of the Maritime Authority’s network. From there, they were able to access the Business Ministry’s IT system.
The Danish authorities eventually stopped the infiltration by shutting down the entire system for several days before re-opening it with new anti-virus programmes.
While FE’s Center for Cyber Security classified the attack as “state-sponsored”, it wouldn’t go on record with specific allegations.
“We are very careful with saying exactly who we think is behind it. We of course have our opinions, and those opinions have been shared with the relative authorities and with the government, our primary customer,” Thomas Lund-Sørensen of the Center for Cyber Security told DR.
DR reports that China is seen as the likely culprit, but the Chinese Embassy in Copenhagen denied that Chinese authorities had any knowledge of the hack.
“It is very hard to prove who is behind these attacks,” Fu Wenyan of the embassy wrote to DR.
Conservative spokesman Tom Behnke told DR that Denmark needs to react strongly.
“We should send a clear and unambiguous signal to China that we expect them to work with us to get this stopped immediately,” he said.