Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Standards, Regulations & Compliance
Germany Rules Out Russian Hack in Military Data Leak
Defense Minister Pistorius Says Leak Caused by Webex 'Application Error'On Friday, a 38-minute-long audio recording of German military officers discussing the transfer of German Swedish Taurus air missiles to Ukraine was published by Russian state broadcaster RT. The audio reportedly originated from a call placed by a German official in a hotel room in Singapore using the Cisco-owned Webex web conferencing app. The German government on Saturday verified that the leaked data was legitimate.
See Also: How a Global Pandemic Changed the Fraud Landscape
"The communication system is not compromised. The fact that the conversation could be listened to within Luftwaffe was an application error," Pistorius said in an update on Tuesday. He also said the German government will continue to examine the incident further.
German Chancellor Olaf Scholz described the leak as "a very serious matter," and others raised concerns that the leak may have been just the "tip of the iceberg" and that Russian actors have accessed NATO secrets as well.
It is unclear if the Russian actors may have accessed other sensitive data. The German federal cyber agency did not immediately respond to a request for comment by Information Security Media Group.
The data leak triggered heightened scrutiny over German security practices to protect federal networks, which include its decision to hold sensitive unencrypted calls over Webex. The application is also widely used by European Union agencies to hold online conferences.
"This wasn't an 'application error,' this was a configuration error. Leaving the unencrypted telephone dial-in open because the rest of the WebEx system is unreliable is the mistake," tweeted Frank Rieger, a German hacker and entrepreneur, who added that relying on the application is a mistake that "almost all authorities and corporations do."
German programmer and anti-censorship activist Alvar Freude said the Webex software is not secure. "Cisco, as the operator of the service, can listen in, and I don't know of any proof that they can't listen in, even for the encrypted version. Data always goes via Cisco servers," he said.
German politician and member of the Pirate Party Patrick Breyer warned that continued reliance on the application could expose European governments to spoofing and telephone interception risks.
"We need a communication sovereignty offensive that makes open, self-operated, meta-data-saving and pre-set, end-to-end encrypted communication a matter of course," Breyer said.