Cyber crime
Why administrations are attractive to hackers – and why there is no overview of their security
Secret encryption: Hackers use “ransomware” to make data inaccessible to users.
© Oliver Berg / DPA
With increasing digitalization, hacker attacks become more likely. Public administrations are also targeted by the perpetrators – and they have an easy game there: Because IT security is a largely blind spot for many authorities.
With the help of malware, strangers have succeeded in hacking into the authorities’ computers and encrypting all data. A disaster is declared and the computers shut down to prevent further damage. The perpetrators demand a ransom for the return of the data. What sounds like the plot of a science fiction film is happening more and more often beyond the big screen – also in Germany.
In 2019, for example, the administrations in Frankfurt am Main and Neustadt am Rübenberge and the Berlin Higher Regional Court were targeted by hackers. In April this year, the criminal investigation department in Kammertal in the district of Günzburg. Criminals had infected the town hall computers and tried to blackmail the community. In July it finally hit the Anhalt-Bitterfeld district. During the incident, all of the district administration’s data was infected and encrypted; the perpetrators demanded a ransom. For the first time, a disaster was declared in connection with a hacker attack. In October it finally hit administrations in Mecklenburg-Western Pomerania and Witten.
The consequences: The administrations were paralyzed for days, some even for weeks, orders could only be processed to a limited extent. In Anhalt-Bitterfeld, experts are still working three months after the incident to restore the technology.
The examples show that the threat posed by cyber attacks in Germany is growing. This is proven by the Current situation report of the Federal Office for Information Security (BSI). A year ago the situation was still considered “tense”, but the Bonn authority describes the current situation as “tense to critical”. In some areas there is already a “red alert”, says BSI President Arne Schönbohm. Not only large commercial enterprises are affected.
No reporting, no data
In fact, “hardly a day goes by on which public administrations are not attacked by cyber criminals,” said a spokesman for the Ministry of the Interior in Baden-Württemberg. Thousands of malicious emails are intercepted every day – at least in Baden-Württemberg. In Brandenburg they wanted “due to existing security interests neither to comment on the number of possible cyber attacks, nor on the security measures taken,” as a spokesman for the Ministry of the Interior announced.
State and public institutions are of particular interest to cyber criminals because of their services to citizens. If local governments fail, public pressure increases. “Attackers therefore suspect that they can extort ransom quickly. Municipalities also manage a lot of confidential data for which some people pay a lot of money,” said Baden-Württemberg.
At the same time, media interest in hacker attacks is greater. “Business enterprises have no interest in attacks on them being made public – but the administration generally has a duty to be transparent,” says Professor Anna Schulze, from the Federal University of Public Administration. This is hardly noticeable. Official figures on cyber attacks on local governments and authorities are missing.
Most recently, “Zeit Online” and Bayerischer Rundfunk tried to take stock. According to their investigation, over 100 municipalities, authorities and other government agencies are said to have been affected by hacker attacks in the past six years. However, there is no obligation to report cyberattacks on local governments and authorities – neither at the federal nor at the state level.
Because the local administrations are part of the federal states, the federal government does not collect any data on the level of protection of the facilities, according to the Federal Ministry of the Interior. “However, it can be assumed that this is very heterogeneous,” writes the BSI on request. As some federal states inform on request, the local governments organize their IT security independently. This means that neither the state nor the authorities at the state level should have a clear overview of the security of the facilities.
Probably not a targeted wave of attacks
From the perspective of the BMI, however, this situation does not seem dramatic. After all, from a legal point of view, local governments are not part of the critical infrastructure that includes waterworks, hospitals and the food indisuria. For the functioning of the state, however, local government is essential – and From the point of view of experts, it should also be part of the critical infrastructure get ranked.
According to the investigators, the attacks are attacks with the ransomware. It is sent by email, among other things, and ensures that the data on the affected servers is no longer accessible. Both BMI and experts from the BSI are currently recording an increase in such ransomware attacks. However, they do not assume that there is a controlled wave of attacks on local governments.
The BSI has issued recommendations on municipal IT security on its website. With backups, encrypted data can be restored. As a preventive measure, the authorities could also rely on network segmentation. “IT networks are divided into smaller areas. If one part is compromised, others can be protected,” explains a spokesman for the agency. And emergency management could also help.
Meanwhile, Anhalt-Bitterfeld is still working on the hacker attack. According to media reports, around 1,000 workstations had to be deleted and then reconfigured. Only at the end of the year could all systems be completely restored. The costs are already in the six-figure range. The damage is currently also being repaired in Mecklenburg-Western Pomerania and Witten.