Open Season on Confidentiality: Bundeswehr and Federal Government's Video Call Links Left Unlocked and Online for All to See
In a world where we expect military and government communications to be as secure as Fort Knox, it turns out that the Bundeswehr and the Federal Government were more akin to an open book at a yard sale (thanks to Webex): thousands of links to what were supposed to be confidential video meetings were just hanging out in the digital ether, accessible to anyone who could muster the Herculean effort of clicking a mouse.
And the response? The Bundeswehr assured that “unnoticed or unauthorized participation in video conferences” was as unlikely as finding a unicorn in your backyard, thus ensuring that no confidential content could have possibly leaked. Because, as we all know, if you can’t see the problem, it doesn’t exist.
Not forget the previous incidents that set the stage for this masterpiece of security theater. The Bundeswehr had already dazzled us with an eavesdropping scandal involving the Air Force, proving that when it comes to securing German military secrets, they’re as reliable as a chocolate teapot.
📌Public Accessibility of Video Call Links: Thousands of links to confidential video meetings were publicly accessible for months. This vulnerability allowed anyone to see who invited whom to a video call and when.
📌Platform Involved: The video conferencing platform implicated in this security breach is Webex, a cloud service provided by Cisco. This platform was used not only by the Bundeswehr but also by all federal authorities, including for the first completely digital committee meeting of the Bundestag due to COVID-19 restrictions.
📌Response and Measures: Upon discovery, the Bundeswehr disconnected its video conferencing system from the internet. A spokesperson from the Cyber and Information Space Command confirmed that the vulnerability had been closed within 24 hours after it was reported. However, the Bundeswehr emphasized that “unnoticed or unauthorized participation in video conferences” was not possible due to this vulnerability, suggesting that no confidential content from the conferences could have leaked.
📌Criticism and Concerns: The incident has drawn criticism regarding the handling of IT security within the Bundeswehr and the Federal Government. The Green Party’s Konstantin von Notz criticized the “great carelessness” in the Federal Ministry of Defense, highlighting the importance of IT security checks, especially in handling sensitive security-political files and information.
📌Previous Incidents: This is not the first time the Bundeswehr has faced security issues. In March of the same year, an eavesdropping scandal involving the Air Force was reported, where a conference call discussing the potential delivery of Taurus cruise missiles to Ukraine was leaked by Russia. This incident raised questions about the security of German military secrets and the effectiveness of the Bundeswehr’s operational security (OPSEC).
📌Public and Political Reaction: The security breach has sparked discussions on digital security and the need for stringent measures to protect sensitive information. It also reflects the ongoing challenges faced by government and military institutions in safeguarding their communications in the digital age