Russia denies hacking Danish Defence computers

Russia has denied involvement in accessing email accounts in 2015 and 2016

Niet, Niet, Niet! It wasn’t us.

Dmitry Peskov, the press secretary for Russian president Vladimir Putin, has denied any Russian involvement in hacking of the Danish Defence over the past two years.

“Russia is not a state which carries out hacking attacks,” Peskov said, according to DR Nyheder.

A recently published report from the Center for Cyber Safety, however, claims otherwise. It is alleged that Russian hackers have accessed Danish defence emails The report says, among other things, that it is “very likely” that the APT28 group, also known as Fancy Bear, is behind the attacks.

READ ALSO: Denmark: Russia has been hacking us for two years

Matilde Kimer, DR’s correspondent in Russia, says that “it is important to remember that not a single piece of evidence has been produced to indicate that it is this group. It may be that for security reasons, it has not been made public.”

Defence minister, Claus Hjort Frederiksen, told Berlingske newspaper that he had not expected Russia to admit any involvement. He also pointed out how difficult it is to prevent hacking attacks.

On pretty thin ice
Peter Kruse, an IT security expert from CSIS Security Group feels that the evidence produced so far is pretty thin, or at least, what has been released in the report.

“I wouldn’t point the finger at Russia based on the report,” he told DR Nyheder. He also added that the Danish authorities might have more information which, for security reasons, they could not include in the report.

According to Kruse, there ought to be more concrete evidence before it would be possible to say definitively that Russia was to blame. “The parties involved are clever enough to create smoke-screens to mislead investigators.”

He also points out that it appears to have been low-grade phishing attacks on a webmail system, which is more insecure than gmail and relatively easy to hack.

“The military is a high-profile target, so I would perhaps not have chosen to make webmail available. Stealing employee user information is low-hanging fruit,” Kruse said.