In Germany too, authorities could be affected by the hack on the network software of the Orion series from SolarWinds. Accordingly, use or used 15 ministries and federal agencies at least partially or “occasionally” products of the US company, as from an answer from Federal government at the request of the Bundestag member Manuel Höferlin (FDP) emerges, which heise is online. These include the central IT service provider of the federal government, ITZ Bund, the Federal Ministry of Transport, the Federal Motor Transport Authority, the Robert Koch Institute, the German Patent and Trademark Office, the Federal Criminal Police Office and the Federal Office for Information Security (BSI).

The list leaves completely open whether it is also the hacked software from the SolarWinds portfolio that was used. In the case of the ITZ Bund, it was only an “uncritical version” of server software and not the hacked SolarWinds Orion, the director of the ITZ Bund, Alfred Kranstedt, told Spiegel in the meantime. Consequently one is not affected. Der Spiegel had first reported on the topic.

“No unauthorized access” Regarding the question of whether unauthorized access to sensitive data was possibly carried out at the facilities mentioned, the federal government stated: “According to the current state of knowledge of the federal government, there has been no unauthorized access to systems of the federal administration via the sunburst program in the SolarWinds Orion software . ” However, the list of the institutions mentioned does not yet make “any claim to completeness” and has been drawn up with a “high expenditure of resources and extensive coordination”.

On a deployment of SolarWinds tools at the Federal Office for the Protection of the Constitution (BfV) and the Federal Intelligence Service (BND) were not disclosed by the federal government. “This could mean a disadvantage for the effective fulfillment of tasks of the BfV and the BND and thus for the interests of the Federal Republic of Germany”, is the reasoning in the answer.

Complaint about Research effort FDP politician Höferlin criticized that the federal government “still hasn’t the faintest idea where and to what extent German IT security is affected. Instead of worrying about integrity.” of their own systems and the effects on IT security throughout Germany, she even complains about the research effort for my request. ”

The malware Sunburst used by the attackers has been around at least since then Spring about infected updates for the Orion network management platform from SolarWinds on systems of up to 18. 000 customers of the service provider. The malware installed a back door there, thus initiating the remote takeover of infected systems. The same group is said to be behind the attacks that had previously successfully attacked the IT security company FireEye. Those affected included several US ministries and authorities, but also companies such as Microsoft.

Russia suspected US intelligence and security agencies are now assuming that Russia is probably behind the cyber attack. Justice Minister Barr and Foreign Minister Pompeo accused Moscow at the end of December. According to the US services, there is only a much smaller number of 15. 000 Affected persons were deliberately compromised by subsequent attacks. Fewer than ten US government agencies are affected. They are still working on finding all victims in the private sector.

The US Department of Justice announced, for example, that attackers had succeeded in opening their own office – 365 – to tap mailboxes and thus the mail traffic of three percent of the around 100. 000 Employees to tap.

In the case of Microsoft, the attackers were probably able to penetrate the software company’s networks so far that they gained access to source code. However, the damage is limited, said Microsoft. Neither one’s own security nor that of the customers is endangered, there are no indications that the company’s programs were subsequently used to attack third parties.

JetBrains software as a gateway? Reports from the Wall Street Journal and the New York Times suggest that US services are now a possible link between the case and the Czech-based software company Investigate JetBrains. Accordingly, this could have been compromised in turn and served as a gateway to SolarWinds – specifically, the Teamcity tool, popular among developers, is under suspicion. It is used during software development in the team to continuously integrate changes made into the code base (continuous integration) and test them.

JetBrains boss Maxim Shafirov stated that his company neither in any way who was involved in the hack was still aware of investigations by security services or authorities. SolarWinds is a customer and also uses Teamcity, but has not contacted JetBrains regarding the hack. Pay attention to security updates and provide transparent information about them, Shafirov said. If Teamcity was used for the hack, this could also have been due to a misconfiguration of the complex tool and not necessarily to a security hole.

(axk)