US intelligence agencies claim that Russian attackers influenced the presidential election. Experts warn similar events could unfold in Germany, as the existing security infrastructure is often too easy to break down.
"You can crack everything," says Sandro Gaycken, a security consultant for government institutions and businesses. "Above all, the hardware and software used by German parties is not as well-protected as the high-security CIA computers." As the director of the Digital Society Institute (DSI) at the European School of Management and Technology (ESMT), he is considered to be one of the leading specialists for IT high security in Germany. He says that even the federal government is not in good enough shape to withstand cyberattacks.
"It is quite easy and little effort is needed. A system of 1,000 bots (automatic robots) that can flood a social network system like Twitter would not even cost me 30 euros," explains Linus Neumann from the Chaos Computer Club (CCC) in Berlin. Since the 1980s, the organization has been dealing with the weaknesses of computer systems.
Many hacking methods
Passwords are the key needed to get past a computer's firewall. This is where spear phishing is used. "Nearly all cyberattacks use a ploy to take advantage of human weakness," Neumann explains. It all begins with a simple email with a great deal of correct information about its recipient, their work field and employer. Then, the recipient is asked to change their password because it has apparently not been done for a while; otherwise, Internet access would be denied.
A link to reset the password is also sent. When clicked, it shows a page that looks like a company page, including the company logo. This is followed by a request to enter the old password again. But the page is a fake. Do people fall for it or not?
Yes, they do. That is how cyber attackers gained access to former White House chief of staff and Hillary Clinton campaign chief John Podesta's confidential emails. The information was later obtained by whistleblower website WikiLeaks. Among other things, the emails revealed Clinton's conflicts of interest and became a significant source of controversy during her election campaign. Germany's parliament, the Bundestag, was the target of a similar cyberattack in 2015.
Sandro Gaycken is familiar with many other methods, like the watering hole attack, in which websites that someone visits frequently are hacked before a visit and then spiked with spyware. This switches on immediately, as soon as the user opens a familiar page again.
"DDoS - [or] Denial of Service - floods the server's internet access with such a large amount of data that the system is brought to its knees and cannot be used for hours, or even days," Gaycken says. "That is how one can buy time during an election because not everyone has the same information."
Outdated operating systems can often be blamed for the successful attacks, Gaycken adds.
Danger from Russia?
Hacked and fake information about politicians is supposed to create doubts among the people - the data is often spread on social media outlets. The aim is to harm the political opponent.
Cyber experts Sandro Gaycken and Linus Neumann point out that one cannot be sure whether Russian hackers or even President Vladimir Putin's government are behind the attacks in the US. "There is no evidence in the abridged report published by US intelligence agencies," Neumann says.
Fear in Berlin
Potential cyberattacks on Germany's upcoming parliamentary elections in 2017 have been a topic of discussion since autumn 2016. Volker Kauder, the parliamentary group leader of the ruling conservative CDU/CSU faction told DW that "he is not scared." He points out that Germany, unlike the US, does not use electronic voting machines with an internet connection.
Hans-Georg Maassen, head of the Federal Office for the Protection of the Constitution (BfV), Germany's domestic intelligence agency, reports, however, that evidence of an influence on parliament has grown since Germany took a hard line on sanctions in the Ukraine conflict. Moscow is suspected of having attacked the Bundestag's internal data network in the spring of 2015 and stolen information.
According to government circles, medium-sized companies from the southwestern state of Baden-Württemberg have designed improved security software to protect key government institutions. But Sandro Gaycken doubts whether this software can provide reliable protection. German companies have almost no chance against "super hacker authorities" in the US or Russia. They lack the expertise and sufficient funding.