Media: German military hacked into the network of the Afghan mobile operator to find out the whereabouts of the hostage

According to media reports, the German military for the first time carried out an “attacking cyber operation”, within the framework of which the network of one of the mobile operators from Afghanistan was hacked. It is assumed that the attack was undertaken in the hope of obtaining information on the whereabouts of an employee of a charitable organization stolen by the militants.

According to the data presented in the media, the attack was carried out in 2015 and has not yet been officially confirmed. In late September, the Spiegel edition, citing unnamed sources, reported that the operation was prepared and carried out by the Bundeswehr department called the Computer Network Operations Unit (CNO).
')
Allegedly, the kidnapping of the employee of the German Association for International Cooperation (GIZ) Keith B (Kaethe B) took place on August 17, 2015. As the media learned, the CNO officers were supposed to provide special forces (Special Forces Commando, KSK) to the “special operation” »For carrying out a military operation in the event that the extradition negotiations fail.

However, the representatives of CNO managed to hack the network of one of the Afghan telecom operators and detect the geographical position of the abductors, thus establishing real-time surveillance. Nevertheless, the military operation was avoided - the hostage was released after two months of captivity in October 2015. According to Spiegel, a ransom was paid for it.

The German Ministry of Defense has not officially confirmed the information about the attack of the Afghan mobile operator, however, experts interviewed by journalists stated that the operation was an “attacking penetration”, and not a full-scale hacker attack, because the company under attack did not suffer “any damage”.

Earlier, the Ministry of Defense described the CNO as an exclusively “research department”, whose main task is to increase the defense capability of the German troops and repel cyber attacks. At the same time, CNO experts, allegedly, only simulate attacks inside test laboratories.

According to the data presented in the media, in the division that has existed for more than ten years, about 80 IT specialists are currently working. In 2015, the German government developed a new strategy in which, according to various data, the tasks for the CNO were described separately - and they went beyond the support and protection of the country's military.

We have repeatedly talked about all sorts of vulnerabilities in SS7 networks that allow such attacks against mobile operators and subscribers (for example, here and here ). Time does not stand still, and the incredible demand for high-speed data transfer forces operators to put into operation LTE solutions, in which the signaling role of the SS7 has shifted to more modern protocols, such as Diameter.

You can learn more about the vulnerabilities of the Diameter protocol, the heavy legacy of SS7, and the protection of mobile Diameter networks on October 20 at 14:00 at the free webinar of Sergey Mashukov, programmer of the telecommunications security department.

Register for the webinar here: www.ptsecurity.com/ru-ru/research/webinar/116137/ .