Norway Army Faced Cyber Attack After Libya Bombing

By Author: Apple Tan
Total Articles: 68
Comment this article

Norwegian military personnel were the targets of what’s being described as a “massive” cyber attack this spring, one day after Norway started bombing Libya with other UN and NATO-backed forces. Newspaper VG reported Thursday that they fended off the attack, which was considered the most serious ever experienced.
It came in the form of an e-mail written in what was said to be “good Norwegian” that looked like it had been sent by another Norwegian government agency. It contained an attachment, however, that when opened unleashed a computer virus that could have opened up military PCs to the attackers.
“Between 200 and 300 computers were targeted in which “carefully selected” staff received a fake email. The email had a PDF attachment purporting to be a yearly report on social media and their role in spreading radical Islam, and managed to trick one employee into clicking it. Hackers were then able to gain access to that person’s computer, although the virus was quickly detected and warnings were issued,” Norwegian daily VG reported.
“Some ...
... data was stolen. It is still unknown how much, and what, information that has been stolen,” says Major Ivar Kjaerem at the Military Center for Protection of Critical Information, according the newspaper VG.
According to the military spokespersons, the computer where the infected file was activated did not contain any classified information. The attack was discovered and stopped before any sensitive or confidential information was stolen. “The attackers didn’t succeed with further infiltration”, claimed Major General Roar Sundseth.
“The defense systems are attacked daily, but it’s not often we see such a comprehensive attempt at infiltration as this was,” Sundseth told newspaper VG. “The trend is increasing, though, and the attackers are more goal-oriented.”
Defense officials claimed that they don’t know who or what was behind the attack, nor whether it was directly related to the Libyan military intervention in which Norway has been taking part.
“It happened just a short time after the decision was made to send Norwegian forces to the operation in Libya,” confirmed Major Ivar Kjærem of the military’s center for protection of critical information, FSKI. “We haven’t seen such an attack so close to conflicts Norway has been involved in earlier, but we can’t say there’s a connection.”
The Norwegian Police Security Service (PST) has opened an investigation to determine who launched the attack, but authorities state it is too soon to say whether there was a link to the Libya bombings. Norway has six F-16s stationed on the Greek island of Crete as part of the NATO campaign against leader Moammar Gaddafi’s forces, authorized by U.N. Security Council Resolution 1973 to protect the Libyan population. The Scandinavian country, however, has said it plans to curb its military role in Libya if the campaign lasts longer than June 24.
Roger Ingebrigtsen, state secretary in the defense ministry from the Labour Party, told Norwegian Broadcasting (NRK) that he thinks the country is well-prepared to handle major cyber attacks but that all state employees need to be cautious about opening e-mail attachments.
The Military’s ability to detect and defend their network system against cyber attacks is be crucial to defence and national security, so important in fact that it was elevated to a critical threat alongside issues such as terrorism and international military crises. They need to implement robust information security initiatives, including having a proficiently skilled IT security workforce in the military, in order to avoid cyber attacks and security breaches.  Those IT security professionals should constantly increase their information security knowledge and skills by embarking on advanced and highly technical training programs.
EC-Council has launched the Center of Advanced Security Training (CAST) to address the deficiency of technically proficient information security professionals. CAST will provide advanced technical security training covering topics such as advanced penetration testing training, Digital Mobile Forensics, Cryptography, Advanced Network Defense, and advanced application security training, among others. These highly sought after and lab-intensive Information Security training courses will be offered at all EC-Council-hosted conferences and events, and through specially selected authorized training centres.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced security training for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing training, malware analysis, advanced social engineering, cryptography, digital forensics deep dive, and web application security training, among others.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).