IT security: Bundestag secretly tests MPs' phishing resilience

The Bundestag is investigating whether MPs and their staff are being taken in by bait emails as part of phishing attacks. The offices of politicians from all parliamentary groups are said to have received a series of emails in recent days that purported to come from the parliamentary administration, writes Der Spiegel. Anyone who clicked on a link contained in the emails was asked to enter personal information such as passwords on a website.

According to the report, the phishing campaign is part of an official penetration test. The aim was to take a covert look at IT security in the Bundestag. The Commission for Information and Communication Technologies (IuK) of the Council of Elders had decided on this measure. In the meantime, all MPs have been informed about the background to the campaign in a letter from the Bundestag's IT security department.

Many recipients did not fall for the suspicious emails. They had forwarded them "as intended" to a reporting office or contacted the Bundestag IT hotline, Der Spiegel quotes from the letter. Such handling is "absolutely necessary" for an effective defense against real phishing campaigns. Apparently, however, not all those affected were sensitized enough: all those "who clicked on links in the e-mails" and possibly entered login information were urged to "change their password as a precaution".

Members of parliament targeted: "Bundestag hack" and ghostwriters

"It is good that all constitutional bodies are taking on the task of increasing their own resilience in light of the sharp rise in threats," said Konstantin von Notz, deputy leader of the Green parliamentary group, praising the unannounced tests. "Sensitivity to greatly increased risks is an important building block for this." The 53-year-old is a member of parliament's ICT Commission, so was presumably aware of the project in principle.

Local representatives have already had painful experiences with cyber attacks. A serious attack known as the"Bundestag hack" occurred in 2015, when the parliament's IT infrastructure was completely paralyzed for a time. 16 gigabytes of data are said to have been leaked. The German government accused the Russian military intelligence service GRU of being behind the hostile action. The criminals had infiltrated the IT systems via phishing. The sender of the emails included a UN organization.

In 2021, allegations were made against the "ghostwriter" gang in Germany in the weeks leading up to the general election. According to the German government, they used large-scale phishing attacks in an attempt to obtain "personal login details, particularly of members of the Bundestag and state parliaments". If successful, the captured documents would have been used to prepare disinformation campaigns in connection with the election. According to the executive, the traces once again pointed to Russia. The IT security company Mandiant was convinced a short time later that the cyber criminals were at least receiving technical help from a group called "UNC1151", which could almost certainly be attributed to the regime in Belarus.

(nen)