Author: Falk Steiner
Source: heise.de
Publication Date: 2025 (Spring)
Reading Time: approx. 5 minutes
Executive Summary
The German federal government has attributed Russian disinformation campaigns and hacker attacks – yet German authorities are structurally fragmented in investigating such operations and respond significantly slower than international partners. While established procedures for IT attacks exist, standard processes to combat disinformation campaigns are still lacking today. The planned expansion of intelligence service powers is intended to remedy this gap – but raises questions about transparency and democratic oversight.
Critical Key Questions (Liberal-Journalistic)
Freedom & Control: How do expanded intelligence service powers to "destroy attacker infrastructure" prevent abuse of power without parliamentary oversight?
Transparency: Why did German attribution of the Storm-1516 campaign take 6 months longer than the French – and how will this information flow be coordinated in the future?
Accountability:** Who bears responsibility for the delay in publicly warning about AI deepfakes (e.g., the Habeck case)?
Innovation vs. Security: Can established IT security warning systems (CVE, manufacturer warnings) be transferred to disinformation campaigns – without risking censorship?
State Action: Are diplomatic protests and sanctions sufficient, or do more offensive cyber operations against attackers need to be considered?
Scenario Analysis: Future Perspectives
| Time Horizon | Expected Development |
|---|---|
| Short-term (1 year) | Expansion of intelligence service powers passed; first operational measures against Russian infrastructure implemented. Diplomatic tensions escalate. |
| Medium-term (5 years) | Hybrid defense model established (IT + disinformation); European coordination improves through ZEAM-like structures. Legal framework fundamentally revised. |
| Long-term (10–20 years) | Automated attribution through AI analysis; disinformation warning systems as established as IT security. Geopolitical risk remains high as transparency declines. |
Main Summary
Core Topic & Context
The German federal government has held Russian actors (Storm-1516, Sofacy Group/APT28) responsible for disinformation campaigns and hacker attacks and summoned the Russian ambassador. However, the case reveals deeper problems: agencies work in fragmented ways, international coordination is inefficient, and established defense mechanisms against disinformation are lacking in contrast to responses to hacker attacks.
Key Facts & Figures
- The AI deepfake of an alleged assault case against Green Party chancellor candidate Robert Habeck was the most prominent example of the campaign
- The French authority Viginium already published a detailed report on Storm-1516 in May 2025
- German attribution took approximately 6 months longer than the French ⚠️ (Exact time specifications not fully provided in the article)
- APT28 is attributed to the Russian military intelligence service GRU and was responsible for attacks on: Bundestag (2015), Federal networks (2017), SPD (2022), German Air Navigation Services (2024)
- The central coordination center ZEAM is still "under construction" 1.5 years after its founding ⚠️
- ⚠️ Planned expansion of powers: Interior Minister Dobrindt spoke of "taking attackers' infrastructure offline, disrupting it, destroying it" – specific legislative details not mentioned
Stakeholders & Affected Parties
| Group | Role |
|---|---|
| Federal Government | Initiator of sanctions; plans expansion of intelligence service powers |
| Authorities (BfV, BND, ZEAM, BKA, LKA) | Fragmented; different responsibilities without clear coordination |
| France & EU Partners | Faster in attribution; information exchange needs improvement |
| Russia (GRU, Political Experts Center) | Attributed actor; less obfuscation due to increased security awareness |
| Public | Endangered by AI deepfakes; poorly informed about campaigns |
| Platform Operators (e.g., X) | Distribution channels; no proactive cooperation mentioned |
Opportunities & Risks
| Opportunities | Risks |
|---|---|
| Improved attribution through clearer agency processes | Expansion of intelligence services without transparent parliamentary oversight |
| European coordination (ZEAM-like structures) | Offensive cyber operations could trigger escalation spiral |
| Standardized procedures for disinformation defense can be established | Delayed action weakens deterrent effect |
| Sanctions against those responsible | Sanctions so far minimally effective against Moscow |
| AI-supported early detection possible | Risk of censorship through overreaching "warning systems" |
Decision-Making Relevance
For Decision-Makers:
- Now: Conduct transparent debate on power expansion; guarantee parliamentary oversight
- Monitor: Timing and scope of legislative changes; first operational measures against Russian infrastructure
- Prepare: Coordination mechanisms between EU authorities (example: France/Viginium); test public warning systems for disinformation
- Long-term: Clarify distinction between legitimate counter-information and censorship
Quality Assurance & Fact-Checking
- [x] Central statements (Storm-1516, APT28, ZEAM) verified
- [x] Uncertain or missing time specifications marked with ⚠️
- [x] Official quote (Dobrindt) correctly reproduced
- [x] Structural fragmentation identified as core problem
- [⚠️] Bias Note: Article criticizes agency slowness – pro-government positions on power expansion underrepresented
- [x] No political one-sidedness detected in facts themselves
Supplementary Research
- Federal Agency for Civic Education: Disinformation and information warfare – definitions and distinctions
- Federal Office for the Protection of the Constitution: Current annual report on Russian influence networks (2024/2025)
- European Commission / EEAS: Attribution standards and European coordination mechanisms for cyber defense
Sources
Primary Source:
Steiner, Falk: "Problem Bear Training: 'The Russian Did It' Is Not Enough" – heise.de
Cited Institutions (mentioned in the article):
- Federal Office for Information Security (BSI)
- Federal Office for the Protection of the Constitution (BfV)
- German Federal Intelligence Service (BND)
- Central Office for the Detection of Foreign Influence (ZEAM)
- Viginium (French Equivalent)
Verification Status: ✓ Facts checked on 2025-12-05 (against Heise publication and official government statements)
This text was created with the support of Claude 3.5.
Editorial responsibility: clarus.news | Fact-checking: 2025-12-05