The successful hacking attack on the German parliament comes as no surprise to IT security specialist Sandro Gaycken. In an interview with DW, he criticizes the quick fix solutions often used by IT security systems.
DW: It's been called the "most severe cyber spying attack" in the history of the Bundestag, Germany's lower house of parliament. Trojan viruses are still causing damage in the parliamentary computer network, known as Parlakom. What exactly happened there?
Sandro Gaycken: No doubt an intelligence agency has struck and gained access to parliament's internal systems. This was accomplished either with the help of a collaborator, someone on the inside, or via the Internet, by means of an infected document in an email. From there, the virus was able to spread by gaining access to different computers. And the last step was to create an external channel, from which it's now possible to "suck out" information.
Will members of parliament have to accept the fact that their private emails have been compromised?
Members of parliament should expect that everything's gone: all communication, all connections, contacts and organizational structures. This applies to all the documents they've created. Whether they'll be publicized is another matter. Normally, an intelligence service keeps the knowledge to itself and has no interest in making it public, unless it can be used for political purposes.
Russian spies appear to have been behind the cyberattack on the French TV station TV5 Monde in April. Who could be responsible for this one?
A few digital clues have been found but unfortunately, it's highly likely that they have been entirely falsified. So it will be quite difficult to uncover those responsible for the attack, unless insiders working with the attackers reveal information. Ultimately, support will be needed from spy agencies with foreign contacts to help track down the culprits.
The attack took place last month. Why did it take so long to find out what exactly had happened?
It's always difficult to shed light on the severity and sophistication of an attack. It's only possible to see if someone is in a system, but not their identity, and what information exactly has seeped out. This calls for incredibly difficult forensic work, which in some cases can drag on for months.
How is it possible that Germany's parliament is not able to sufficiently protect itself against such an attack?
Essentially, as sad as it sounds, none of the security systems available on the market are sufficient. Even with all the security system add-ons - none of them work against spy attacks.
That seems disheartening. Is your conclusion, then "Too bad. There's nothing we can do."?
A lot can be done, but it all requires long-term strategies. The approach where everything is "quickly made secure" after an attack - that hasn't worked in years. Systems must be replaced - in their entirety, if possible - after an attack on this scale. The next step is to incorporate solid isolation analysis systems. In the long term, IT networks need to be built to provide high-quality security.
How would such IT systems work?
Many different approaches have been developed in research, but in the long run, computers need to be unhackable. Then you don't need to add extra security measures. But in order to do that, there have to be companies out there willing to spend hundreds of millions in order to build such systems and launch them on the market. In the past, institutions have too often settled on simplified, commercial IT solutions.
Does that mean that security systems are lagging behind our current know-how?
Absolutely. Years behind. It's not a cat-and-mouse game, as the IT security industry always makes it out to be. The truth is that progress on the IT security front is years behind that of the attackers, in terms of development, and is lacking many billions of dollars in terms of financial investment.
Sandro Gaycken is a senior researcher in cybersecurity at the European School of Management and Technology in Berlin.