MOSCOW (Sputnik) – Cybersecurity is an issue that remains in the spotlight in Germany as the country’s officials reiterate their wariness of cyberattacks.
On September 7, the Chaos Computer Club (CCC), Europe's largest association of hackers, published a report claiming there is "a host of problems and security holes" in the PC-Wahl software used to count and transmit vote counts to electoral officials. The day findings were made public, one of the authors of the report tweeted "we hacked German elections software … total disaster. You’re welcome."
The CCC claims that there is no need for a state-sponsored team of hackers to interfere with PC-Wahl, instead "the broken software update mechanism of ‘PC-Wahl’ allows for one-click compromise."
PC-Wahl's manufacturer, vote-iT, told Sputnik in a written statement that the report from the CCC gave them a chance to mend the security architecture of the software, and that they were working closely with the Federal Office for Information Security in Germany (BSI) to be able to respond to new cyberattack scenarios, should they arise.
Vote-iT maintains that elections in the Bundestag, the lower house of the German parliament, cannot be manipulated. The company explained that even though the software is indeed used to transmit votes, final results are independently and separately verified by electoral officials.
The federal returning officer, responsible for overseeing elections in Germany, stated that they ordered PC-Wahl to be updated to the latest version to fix possible vulnerabilities, adding that electoral authorities on all levels were told to take additional steps to ensure the results of the vote are not manipulated.
Safe and Sound?
The Federal Office for Protection of the Constitution (BfV) has said the country is a big target for cyberattacks. According to its annual report presented to the public on July 4, entities who sustain the most damage are often small and medium business, while key political targets for cybercrime are the Foreign Ministry and its overseas offices, the Finance and Economics ministries, and the Chancellery. The agency warned that cyberattacks could lead to the loss and manipulation of the information.
Amid reports of increasing cyberthreats, German Interior Minister Thomas de Maiziere said the government was working closely with industry to increase security.
Hans-Wilhelm Dunn, the general secretary of the Berlin-based association Cyber-Security Council Germany told Sputnik that over recent years, the country’s officials had implemented several initiatives to improve the situation.
"Fortunately, the overall level of cybersecurity improves steadily. There are several welcome initiatives and strategies, which respond to the current cyberthreat situation, such as the Cybersecurity Strategy for Germany 2016 or the IT Security Law 2015. At the moment, however, it is a big challenge to coordinate all cyber competences among respective state actors," Dunn explained.
Markus Jakobsson, a leading security researcher at Agari, a firm that provides security solutions, told Sputnik that the progress was indeed being made. However, while financial institutions and businesses have been dealing with industrial espionage for some time, Jakobsson explained that political organizations have only just started to realize the scope of the problem.
"The current cybersecurity climate has been a rude awakening for political parties, most of which have no internal competence to address the rising threat. Political parties — and not just German political parties — have only recently realized the importance of cybersecurity, and how it applies to them," Jakobsson stressed.
There have been several attacks on German political institutions in the recent years. Among the most noticeable was a cyberattack on the Bundestag in 2015, as well as several attacks against Christian Democratic Union (CDU) politicians and institutions affiliated with the party. Those incidents re-energized the debate on cybersecurity awareness.
"People in government structures are getting anti-hackers training to be aware of threats against them, against the different IT driven systems. But still the human factor remains the weakest link in the security chain. The development of technological tools is moving so rapidly that there are serious lacks in quality controls, thus constant vulnerabilities present in software," Steve Waterhouse, a former Information Systems Security Officer with the Canadian Department of National Defence, told Sputnik.
Possible Threat Actors
The BfV report said that "the major players behind espionage activities that are directed against Germany" were Russia, China and Iran.
According to the full report obtained by the media, Russia is also believed to have intention to influence the upcoming Bundestag elections.
In August, the BfV leader told German Die Welt newspaper that they believed that "Russia is capable of starting disinformation campaigns in connection with the elections to the Bundestag."
German officials pointed to Russia in regards to cyberactivities once again in September. Julia Kloeckner, the vice chairman of Merkel’s Christian Democratic Union said on September 4 that her website was hit by hundreds of cyberattacks, and that "many of the senders have Russian IP addresses."
Experts, however, say that assumptions and hallmarks cannot be used as a proof in cybersecurity.
"There’s a chance that hackers or intelligence services might interfere with the elections. But it is hard to trace who the threat actors actually are because there are a lot of technical means that would make you believe that a hacker is in operation from a certain country (where an IP address has been found). It’s very difficult to find out who actually is behind any cyberattacks," Waterhouse noted.
Moscow has denied accusations of targeting German entities with such attacks. At the end of 2016, the German government admitted that it had no solid evidence that Russia would try to influence the upcoming elections and since then no additional proof had been released.
"Interfering in elections via cyberspace is a thoroughly possible scenario. However, the attribution of cyberattacks requires careful and complex IT forensic as cyberspace provides many possibilities to hide the attack’s actual origin. Country specific IT addresses, characters or office hours are anything but a reliable clue. Here, it is necessary to strengthen transnational cooperation to improve clearance of cybercrimes," Dunn indicated.
Don't Let Your Guard Down
Hackers always evolve the methods of their attacks, but some patterns are used over and over again.
A recipient gets an e-mail from a source, which looks reliable and when opened, it exposes the user’s computer to malware.
Phishing e-mails were one of the means used to hack the US Democratic National Committee's network last year. French President Emmanuel Macron also said that his staff received phishing e-mails during his own election campaign.
"Targeted phishing attacks are still effective, because they take advantage of human weaknesses. They often do not target people of high power directly, but rather assistants or others who may not be as knowledgeable when it comes to cybersecurity," Alexey Fedorov, an Avast representative for Russia and the CIS, told Sputnik.
The phishing scheme was also reportedly used in the attack on the Bundestag, and against the Christian Social Union in Bavaria (CSU) and CDU lawmakers.
Experts warned that despite the ongoing effort to promote awareness of cyberthreats, people still easily fall into the hands of abusers, which is why firms and governments should be working together and not against each other to confront cybercrime.
"Sadly, many people are not very cautious when it comes to attachments, especially if the emails carrying them come from users whose names the victims recognize. Awareness campaigns have managed to do very little to turn this around — maybe because people do not find time to be suspicious of an email that comes from what looks like a trusted sender," Jakobsson said.
The cybercommunity has been warning of cybercrime fallout for years. In 2015, Ginni Rometty, IBM Corp.’s chairman, president and CEO said that "cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world." Cybersecurity Ventures predicted that cybercrime would cost the world in excess of $6 trillion annually by 2021.
"Cybersecurity is a pan-state task, so everyone and all levels have to be involved, so that the analysis out of a broad perspective is recommendable," Dunn emphasized.
Cyberarea constitutes a platform for cooperation and common growth, in particular in economic relations, Dunn outlined.