BKA cybercrime situation: small successes, big problems
When presenting the situation report on crime in the digital space, the Federal Criminal Police Office reports the first positive signs alongside many warnings.
(Image: ronstik/Shutterstock.com)
“Cybercrime is an increasing threat to our security,” said Federal Minister of the Interior Alexander Dobrindt (CSU) this morning in Berlin. It is becoming more and more aggressive – but the counter-strategies are also becoming more and more professional. Digitalization is creating more and more opportunities to commit crimes and attack critical infrastructures, for example. According to Dobrindt, the use of AI in phishing is creating new problems due to the supposed authenticity. However, the exact extent of this new issue is not yet foreseeable.
On the other hand, there has been a decline in ransomware attacks, which is due to stronger countermeasures, reports the Federal Minister of the Interior. Operation Endgame 2.0, for example, has had an impact here, as 300 servers, 50 of which are in Germany, have been removed from the perpetrators' grasp.
Videos by heise
According to Dobrindt, Germany is increasingly being targeted by criminals from abroad. They were no longer just pursuing criminal motives, “but very much political objectives”, said the Federal Minister of the Interior. There are also always combined objectives: Previously classified as profit-oriented criminals, criminal organizations are recruited or paid for state objectives. According to the Federal Minister of the Interior, the aim is to attack political stability.
There is little doubt that acts committed from abroad in particular play a major role. So far, however, there has been little reliable data on how big the problem is. For the first time, the BKA situation report now shows a standardized origin: the police crime statistics now list 131,000 cybercrime cases committed in Germany and 201,877 from abroad. However, this “only reflects reality to a limited extent”, warns BKA President Holger Münch. He reckons that around 90 percent of cases are unreported.
From the investigators' perspective, there is a further issue, particularly in the case of crimes committed from abroad. The perpetrators are in countries where prosecution is impossible, as the example of Endgame 2.0 shows, says Münch: “Of the 20 people wanted on arrest warrants, all the perpetrators are currently in Russia.”
BKA relies on parallel strategies
The Federal Criminal Police Office is therefore currently pursuing four parallel strategies. Firstly, traditional criminal prosecution, secondly, the withdrawal of financial resources – for example through confiscations from crypto exchanges –, the paralysis of the perpetrators' infrastructures, supplemented by public naming and shaming of the perpetrators, which the BKA uses to destroy their reputation in the perpetrator scene.
Münch reports changes in the paralyzing of infrastructures: Since the BKA began doing this with Emotet in 2021, this has become a regular tool in the work of cybercrime officers. The “infrastructure approach” has been used several times a year since 2023, and perpetrator structures have already been technically removed four times in 2025. “Identifying used perpetrator systems and then removing them from the network is now standard practice for us,” says Münch.
Federal Minister of the Interior wants to create legal powers quickly
However, there is still the problem that the BKA does not yet have a legally secure way of automatically cleaning up affected victim systems. This is one of the things Alexander Dobrindt wants to change: “We are massively upgrading. Legally, technically and organizationally.” Legally, this means giving the authorities more powers. Technically, the authorities' IT tools should be “further developed with AI”. Organizationally, the National Cyber Defence Centre should be further expanded. In addition to Bavaria and Hesse, Dobrindt called on other federal states to participate. To make the technical “upgrade” possible, Dobrindt wants to use the exemption from the debt brake.
Basic law amendment to be circumvented
There are also numerous legal plans. The coalition would like to create further powers in the BKA Act that would allow it to redirect data traffic, shut down systems or clean up user systems, as requested by BKA chief MĂĽnch. This is intended to avoid an amendment to the Basic Law, for which the coalition does not have its majority in the Bundestag. However, the BKA President warns that all 16 federal states would then have to follow suit and include corresponding powers in their state laws.
Until now, the Federal Criminal Police Office has passed on information about affected systems to the Federal Office for Information Security, which in turn notifies the Internet access providers of the affected customers. They then inform the customers, who in the best case also clean their systems of malware.
Alexander Dobrindt also wants to get the regulations for the NIS2 Implementation Act through the cabinet before the summer break. The preparations made during the last legislative period should be put to good use. “We are at the point where we are looking at the economy and administration and are still discussing the depth,” says the Federal Minister of the Interior.
The Federal Situation Report Cybercrime 2024 is available on the BKA website.
(dahe)
