Confusion reigns as Bundestag malware clean-up staggers on

Watchdog fears it would be easier to throw away whole IT system and start again

The Bundestag in Berlin. Pic: Hernán Piñera

A malware infestation at the Bundestag is proving harder to clean up than first predicted, with several unconfirmed local reports going as far as suggesting that techies might have to rebuild the entire network from scratch.

As previously reported, a state-sponsored attack is suspected for the widespread infection of systems connected to the German parliament's network by a sophisticated trojan late last month. Code analysis points towards Russia as the most likely suspect, based on similarities to previous attacks, but this remains wide open to doubt.

thelocal.de reports that the security mess at the Bundestag is so bad that an "entirely new network will have to be built". According to these reports, the Federal Office of Information Technology Security (BSI) has decided on the extreme "nuke it from orbit" option as the only way to eradicate the infestation.

Der Spiegel (auf Deutsch, hier) reports something similar.

However, Deutsche Welle reports that Germany's parliamentary speaker Norbert Lammert dismissed reports that all 20,000 computers in the Bundestag would need to be replaced, although he did concede that some servers and workstations on the network would need to be wiped and reinstalled.

Eradicating malware from sprawling systems can be especially tricky. The clean-up operation at the Bundestag is under way and, at this stage, the situation is confusing. Neither German anti-virus firm G Data nor a well-connected representative in the international CERT community were able to shed light on the issue beyond published reports.

We understand from speaking to a Bundestag staffer that network access is continuing a slow return to normality. There's no official word, even internally, about the progress of the clean-up operation.

Germany has long been a focus of hacking activity, state sponsored or otherwise. Part of this comes from the important role of German industry, but other factors are also in play. For example, Germany's foreign policy in the Ukraine has antagonised forces aligned with Russia in the recent past.

Pro-Russian hackers in Eastern Ukraine (the self-styled Cyber Berkut) claimed responsibility for a cyber-attack that paralysed the Bundestag and German Chancellery websites for several hours back in January. ®


Biting the hand that feeds IT © 1998–2017