Several cases of spies working for key Swedish agencies have been investigated in the past year, the Swedish Security Service SÄPO revealed in its 2016 annual report. People employed by the Swedish authorities had reportedly been “of assistance” to “foreign powers,” by which Swedish officials usually mean Russia.
Fredrik Agemark, the head of the SÄPO department in charge of security protection, stated at a press conference, where the annual report was presented, that these cases included spying within agencies considered crucial to Sweden’s democracy and security interests and involved the attempts of foreign powers to recruit operatives.
IT attacks carried out by foreign powers are increasing and becoming more advanced, according to a new report from Sweden’s National Defence Radio Establishment (FRA).
FRA is the Swedish national authority for signals intelligence and its 2016 annual report notes that all forms of attacks are increasing, but particularly those based on advanced and harmful coding, news agency TT reports.
There are roughly tens of thousands of activities each month based on harmful code that can be traced back to the state actors that FRA systematically tracks, the report states.
While activities are not the same as attacks, they also indicate how extensive the IT operations are, FRA director-general Dag Hartelius told news agency TT. He said:
“You have to be aware that this is going on in the here and now.”
As opposed to more simple forms of attacks, such as denial-of-service attacks, harmful code is used by states or state-supported actors who go out of their way to avoid being discovered. The aim is usually to get hold of sensitive information.
Among the common targets in Sweden in 2016 are research and development institutions, the defence industry, political bodies, and institutions and authorities that carry out vital societal functions.
FRA is tasked by the government to, through signals intelligence, track attacks and activities from a certain number of advanced state actors from across the globe. While Hartelius did not want to single out any countries, the Swedish military’s intelligence service has previously pointed out Russia as one of the most prominent actors.
According to FRA, another worrying trend is that of placing advanced harmful code in hardware, for instance in a server, a computer or a mobile phone; a method that makes it incredibly difficult to detect attacks.
Further, FRA claims that foreign states and state-supported actors have become more skilled in so-called social engineering, which involves attaining good knowledge of a target person’s social life and circle of friends and colleagues and in that way increasing the likelihood of the person for instance opening an email that contains harmful code because they believe the email comes from someone they know.
Beyond information-gathering, the aim of some cyber attacks is also to harm critical infrastructure such as the electricity supply. Hartelius said FRA tries to help make such vital operations more secure but he also believes the growing attention given to IT attacks has helped raise awareness. When FRA officials visit authorities and companies, they usually discover some vulnerability at those institutions, but then also notice that once awareness is raised, efforts are made to raise security.
The annual report also states that FRA has increased signals intelligence around military activities in Sweden’s surrounding regions and that FRA has received several missions from the Swedish Security Service (Säpo) to track international terrorism.
“Intelligence gathering goes on in our country, we keep seeing people being approached, we’re seeing electronic attacks, with all available means being used,” SÄPO chief Anders Thornberg said, as quoted by the Swedish news outlet The Local.
He added that his agency intervenes before anyone becomes a full-fledged foreign spy.
SÄPO’s most recent report also revealed considerable weaknesses in several agencies, including its own safety network.
This prompted its chief Anders Thornberg to write an opinion piece in the Swedish Daily Dagens Nyheter, which advocates combined efforts by Swedish bodies to plug the “widening gap between threats and protection.”
“We have investigated several cases of state-sponsored electronic attacks against agencies and businesses important for national defense.
It shows that there are real and serious threats to Sweden’s security,” Anders Thornberg said, as quoted by Swedish Radio.
Thornberg acknowledged several cyberattacks carried out by foreign powers with the intention of accessing information or simply disrupting Sweden’s activity, but neglected to mention what state or states were behind the attempts, or to report their number.
“We can see from the extent and the level of the attacks that skilled actors are behind them, and this ability is found in state actors,” Fredrik Agemark told Swedish Radio.
According to Agemark, building and maintaining a functioning security system is the best way to ward off threats.
Last year, SÄPO recruited 200 analysts, technicians and programmers and is poised to recruit employ another 100 in the next few years.
Earlier in March, SÄPO sounded the alarm about foreign powers systematically attacking the Swedish telecom sector.
According to SÄPO, it was due to hacking attacks on security systems and the attempted recruiting of key people in the industry, which may prove fatal in times of crisis, Swedish national broadcaster SVT reported.
Whereas SÄPO again would not specify what countries were behind the disruptive efforts, for intelligence expert Johan Wiktorin there were but few alternatives, which reflected Swedes’ frame of mind, where Russia is constantly viewed as the biggest threat.
“If you look at the countries that might reasonably have both the intention and the capacity, it’s about Russia and China. The former for defense reasons, and the latter, rather for, economic reasons,” Johan Wiktorin told SVT.
So far, however, none of the revelations have led to trial or prosecution.
