German military carried out first foreign cyber-attack in Afghan hostage op – report

German armed forces Bundeswehr soldiers work at the Bundeswehr Territorial Tasks Command in Berlin, Germany. © Stefanie Loos
A special cyber security unit of the German Armed Forces (Bundeswehr) conducted its first offensive cyber operation abroad when it broke into an internal network of an Afghan mobile operator while assisting in a hostage release operation, it has emerged.

Personnel from the Bundeswehr’s Computer Network Operations Unit (CNO) hacked the network of the Afghan mobile operation to pinpoint the location of kidnappers after a German development assistance expert was abducted in Kabul, Der Spiegel daily reported, citing its sources.

The German military’s cyber operation took place in autumn last year, after the expert, identified only as Kaethe B., who worked in the Kabul office of the German Association for International Cooperation (GIZ), was kidnapped on August 17, 2015.

German authorities started to negotiate the hostage’s release with the kidnappers. The CNO was tasked by the German crisis staff with monitoring the kidnappers’ phone conversations and pinpointing their location to ensure that they intended to comply with the negotiated deal.

The cyber unit was also tasked with providing data to the German Special Forces Commando (KSK), which would have launched a hostage extraction operation if the negotiations had failed. The CNO managed to hack into a local internet provider’s network and establish a real-time surveillance over the kidnappers.

The hostage was successfully released via the negotiations two months later, after Germany paid a ransom. However, the involvement of the Bunderswehr’s cyber unit in the operation officially remains confidential. The German Defense Ministry refused to comment on the issue at Der Spiegel’s request, even one year after the operation, the media outlet reports.

The ministry’s spokesman also refused to confirm the operation, citing “operative security concerns,” adding that the ministry informed all “relevant committees” of the Bundestag (the lower house of the German parliament) about the issue, n24.de reports.

In the meantime, experts did not regard the 2015 operation as a cyber-attack as it “did no damage” to the Afghan network targeted. They instead called it “offensive penetration,” Der Spiegel reports.

The media outlet adds that the German government generally considers the use of cyber-attacks in Afghanistan to be justified as its Afghan mandate envisages the right to use “any military force” to protect German citizens in the country.

At the same time, some experts raised objections to such moves. Aggressive actions are not only banned under international law, but could also set a dangerous precedent that could be used by other states willing to take similar action, security expert Alexander Neu told n24.de.

The German Defense Ministry has consistently stressed that the CNO is exclusively a research unit that only stages simulated cyber-attacks under lab conditions to develop relevant countermeasures and enhance the Bundeswehr’s defensive capabilities against cyber security threats.

The CNO consists of about 80 IT-specialists, and has been operating for more than 10 years. In April, German Defense Minister Ursula von der Leyen announced the establishment of another unit for the ‘Cyber and Information Field’ that would include around 13,500 experts and would be fully “combat ready” by 2021, n24.de reports.

In 2015, the Defense Ministry also issued a new strategy paper that reportedly envisaged tasks for cyber security units that go beyond providing protection for the German military infrastructure and involve offensive operations.