Since the hacker attack on the parliamentary network in the summer of 2015 the Bundestag has retrofitted. However, there are still several security gaps in the IT infrastructure, the Süddeutsche Zeitung and the NDR report . The tablets and smartphones of the deputies are responsible for this.
This can be seen in a report classified as secret, which the Bundestagsverwaltung commissioned with the IT security company Secunet. The 101-page analysis was completed in February.
Programs on smartphones, tablets and local computers are not checked
One problem is therefore the high number of smartphones and tablets that members and their staff use. The report therefore mentions ” uncontrolled use of terminals “, since these are not managed centrally. Likewise, it does not check which apps the deputies install, which could ultimately be a gateway for attackers.
The same applies to local computers, which also do not control which programs are running. On top of that, MEPs sometimes use the computers privately. A laptop could then infect an attacker via a USB stick, for example, to gain access to the Bundestag network. In any case, the use of USB ports in the Bundestag would not be restricted at the moment, as is the fact that there are openly accessible network connections in the Parliament building that could misuse attackers.
Completely lock is however with the Bundestag net however difficult. According to Bundestag administration, if there are journalists, lobbyists and craftsmen, a total of around 15,000 people are admitted to Parliament’s buildings.
Bundestag approves new firewall for 470,000 euros
At some points the Bundestagsverwaltung wants to retrofit. This applies, for example, to an internal firewall, for which the Council of Elders has already approved 470,000 euros. This should separate the internal networks. Thus, if attackers have penetrated the systems of a faction, they can no longer easily access the network that the Bundestag administration operates.
Thus, the attackers were supposed to have been in the summer of 2015: First computers were infected with some factions of the Bundestag, from there they worked then, until they had access to the complete Bundestag net. In the end, the attackers were able to capture around 16 GB of data.
Between security and usability
Secunet and the Bundestag administration did not want to comment on the report at the request of the Süddeutsche Zeitung . According to Linus Neumann, spokesman of the Chaos Computer Club (CCC), dealing with the detected weak points is not so easy. He has little understanding, for example, that the Bundestag administration does not check which software runs on the computers in the deputies’ offices. That would be ” negligent ” just after the hacker attack in the summer of 2015. Anyone who has ” burned their fingers ” must implement adequate safety measures.
On other points, however, he is more lenient. ” If one assumes that people have to work here too, they are rather minor defects, ” Neumann told the Süddeutsche Zeitung . If it were exaggerated with the security measures, it would also be more complicated for MEPs and employees – which ultimately could lead to the use of private computers and e-mail services.
Fear of political leaks
The report can be seen as a sign of the Bundestag election in 2017, because MEPs fear political leaks. Attackers gain access to parties ‘and authorities’ systems to capture sensitive data, which will then be published in the course of the election campaign. The presidential election campaign in the USA serves as a warning example.