State secrets Germany is just fine with the NotPetya cyberattack but its allies aren't

The US shared details incriminating Russia in last year's disastrous ransomware strike, Handelsblatt has learned. America, Britain, Australia – even Denmark – are publicly outraged. Only Germany is oddly silent.
It's oh so quiet.

The German government has perturbed lawmakers and foreign allies by not condemning Russia for the devastating "NotPetya" cyberattack last year.

The United States joined Britain last week in condemning Russian military for unleashing a virus that crippled parts of Ukraine’s infrastructure and damaged computers in countries around the world. Australia and Denmark have also spoken out against Moscow.

Now Handelsblatt has learned that White House authorities shared confidential insights into the attack's origins with German intelligence. Despite that, and even though big German companies including Deutsche Post, rail operator Deutsche Bahn and cosmetics giant Beiersdorf were among the victims, the silence from Berlin is deafening.

A German government spokesman said the administration confined its statements on intelligence matters to the “responsible secret bodies of the German Bundestag,” referring to the lower house of parliament.

The attack launched in June 2017 “spread worldwide, causing billions of dollars in damage across Europe, Asia and the Americas,” White House Press Secretary Sarah Huckabee Sanders said in a statement last week.

“It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict,” she said, promising "international consequences."

It was the first time the US government blamed Russia for what is considered one of the worst cyberattacks on record.

22 p09 Companies affected by NotPetya-01

“Germany likes to talk about codes of conduct for the Internet. But when it comes to criticizing infringements and thereby establishing norms – and in a key area, the most important attack in decades – the Germans aren't joining in,” said Thomas Rid, a professor at the School of Advanced International Studies in Washington, one of the world’s leading cybersecurity experts.

Opposition lawmakers also voiced criticism. “It’s the uppermost task of the government to show vigilance,” said Omid Nouripour, a foreign affairs spokesman for the Greens party. “In the case of cyberattacks, that means speaking loudly and clearly about it. It doesn’t mean burying your head in the sand.”

It’s unclear why Chancellor Angela Merkel's government has been so quiet. Mr. Nouripour said there were two explanations: a lack of coordination between agencies and ministries, meaning the message got lost somewhere, or that Germany didn’t want to damage its close ties with Russia. “That would be a big mistake,” he said.

Germany’s allies are already suspicious about its policy towards the Kremlin. Many European countries are deeply critical of the Nord Stream 2 gas pipeline between Russia and Germany deepening their energy cooperation. Acting Foreign Minister Sigmar Gabriel also recently raised eyebrows with his calls to ease Russian sanctions sooner rather than later.

NotPetya's impact was global. For days, it brought factories and shipyards to a standstill. A.P. Møller-Maersk, the world’s largest container shipping company, lost $300 million because it had to replace tens of thousands of computers and servers. NotPetya cost German skin care company Beiersdorf at least €35 million ($43 million). The White House said it caused several billion dollars damage in the US too.

Meanwhile, the Kremlin denies the accusation that it carried out a covert war in eastern Ukraine. “It’s nothing but the continuation of an unfounded Russophobe campaign waged without proof,” said a Kremlin spokesman.

Moritz Koch is a political editor for Handelsblatt in Berlin. To contact the author: [email protected]