Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Standards, Regulations & Compliance

Germany Rules Out Russian Hack in Military Data Leak

Defense Minister Pistorius Says Leak Caused by Webex 'Application Error'
Germany Rules Out Russian Hack in Military Data Leak
Image: Shutterstock

On Friday, a 38-minute-long audio recording of German military officers discussing the transfer of German Swedish Taurus air missiles to Ukraine was published by Russian state broadcaster RT. The audio reportedly originated from a call placed by a German official in a hotel room in Singapore using the Cisco-owned Webex web conferencing app. The German government on Saturday verified that the leaked data was legitimate.

See Also: Panel | Cyberattacks Are Increasing — And Cyber Insurance Rates Are Skyrocketing

"The communication system is not compromised. The fact that the conversation could be listened to within Luftwaffe was an application error," Pistorius said in an update on Tuesday. He also said the German government will continue to examine the incident further.

German Chancellor Olaf Scholz described the leak as "a very serious matter," and others raised concerns that the leak may have been just the "tip of the iceberg" and that Russian actors have accessed NATO secrets as well.

It is unclear if the Russian actors may have accessed other sensitive data. The German federal cyber agency did not immediately respond to a request for comment by Information Security Media Group.

The data leak triggered heightened scrutiny over German security practices to protect federal networks, which include its decision to hold sensitive unencrypted calls over Webex. The application is also widely used by European Union agencies to hold online conferences.

"This wasn't an 'application error,' this was a configuration error. Leaving the unencrypted telephone dial-in open because the rest of the WebEx system is unreliable is the mistake," tweeted Frank Rieger, a German hacker and entrepreneur, who added that relying on the application is a mistake that "almost all authorities and corporations do."

German programmer and anti-censorship activist Alvar Freude said the Webex software is not secure. "Cisco, as the operator of the service, can listen in, and I don't know of any proof that they can't listen in, even for the encrypted version. Data always goes via Cisco servers," he said.

German politician and member of the Pirate Party Patrick Breyer warned that continued reliance on the application could expose European governments to spoofing and telephone interception risks.

"We need a communication sovereignty offensive that makes open, self-operated, meta-data-saving and pre-set, end-to-end encrypted communication a matter of course," Breyer said.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.