Four German military officials discussed what targets German-made Taurus missiles could potentially hit if Chancellor Olaf Scholz ever allowed them to be sent to Kyiv, and the call had been intercepted by Russian intelligence.
According to German authorities, the “data leak” was down to just one participant dialling in on an insecure line, either via his mobile or the hotel wi-fi.
The exact mode of dial-in is “still being clarified”, Germany has said.
“I think that’s a good lesson for everybody: never use hotel internet if you want to do a secure call,” Germany’s ambassador to the UK, Miguel Berger, told the BBC this week. Some may feel the advice came a little too late.
Eyebrows were raised when it emerged the call happened on the widely-used WebEx platform - but Berlin has insisted the officials used an especially secure, certified version.
Professor Alan Woodward from the Surrey Centre for Cyber Security says that WebEx does provide end-to-end encryption “if you use the app itself”.
But using a landline or open hotel wi-fi could mean security was no longer guaranteed - and Russian spies, it’s now supposed, were ready to pounce.
Yeah blame it on hotel internet, not their shitty communication service that’s not encrypted.
It probably is, but they didn’t disable the feature that allows you to dial in on a phone line for audio. That’s my guess.
“I think that’s a good lesson for everybody: never use hotel internet if you want to do a secure call,” Germany’s ambassador to the UK, Miguel Berger, told the BBC this week.
…
The exact mode of dial-in is “still being clarified”, Germany has said.
OK, well the exact mode kinda fucking matters before you just scapegoat a hotel.
This smells like a coverup.
This smells like a coverup.
It is a coverup to anyone remotely aware how web applications work.
Oh no. They’re not referring to a specific hotel. Seriously never use hotel Internet on a sensitive device or for sensitive business. You will regret it.
End to end encryption
USE IT
In a world where I can deploy end to end encrypted comms servers to an old computer in my house, the fucking military of any country should, at a minimum, require encryption to join meetings where military strategy is being discussed.
The simplest and most straightforward answer is usually the correct one: The hotel room was probably bugged.
Yes
an especially secure, certified version
Bwahahahahahhahahahhahahhaa
They can discuss missile targets but they don’t know how to set a secure comm channel, it makes me wonder… how old were they? why don’t they give a device with pre-installed VPN (incl. Killswitch) to all certain-rank officials and get done with this?..
They do. Its much more than a built in vpn, they also have specialized, hardened versions of communications apps on them. The weakest link in cybersecurity is usually the end user.
I think one issue is for high officials that outrank everyone, they can get away with getting an insecure device because they prefer an iPhone over the custom hardened phone on Android 10 locked down for secure reasons.
Not sure what their age has to do with it
What an amazing feat of incompetence! They’d be better off just using Signal…
They’d be quantum proof as well 😅 https://signal.org/blog/pqxdh/
They even have their own Matrix Messenger they could have used…
Yeah def this is what they should’ve been using.
I love Signal but military should use their own messenging service (and they do).
Yeah agree, just saying it would’ve bedn better then the hot garbage they were using.
It is fine if you use unprotected wifi and then connect to a VPN.
These VPN ad campaigns are incredibly detrimental to people’s understanding of security mechanisms in the internet.
How would this not have helped out in this case? I imagine the Bundeswehr must have an organization-wide VPN which would render any MITM in a local Wifi network impossible, barring user error.
The data still has to go through the man in the middle. It doesn’t matter if it’s encrypted by the VPN or the App.
EvE Online should be mandatory training for anyone with a security clearance. Minimum of six months in Goonswarm, Pandemic Horde, Fraternity, or The Initiative.
https://cad-comic.com/comic/one-of-us/
That’s only a slight exaggeration. I had a “chat” with one of our intel officers at one point due to a IRL purchase of PLEX.
Edit: maybe just Goonswarm. They do the intelligence and spy stuff the best.
Bad article
Isn’t like very basic security advice to not use random connections for sensitive information? But than again it’s Germany, pretty sure he has his password written down on a sticky note.
Should have used jitsi… It’s free too!
deleted by creator
The point of encryption and signature is to allow just that.
deleted by creator
For all we know, they were on speaker & the room was bugged
Called in via SIP or unencrypted mobile network, i bet. Probably because the client via VPN was “too slow”
