
Berlin court used Windows 95, hit by virus, now uses typewriters&fax (German) - ptaipale
https://www.tagesspiegel.de/berlin/experten-warnten-schon-2017-it-katastrophe-am-berliner-kammergericht-kam-mit-ansage/25163810.html
======
ptaipale
"Gamrith" comments in Tagesspiegel, and I think (s)he makes an accurate
analysis of judicial behaviour which applies not only to Berlin and not only
to Germany.

 _The problem lies in the way the judiciary sees itself and its work, and not
just in Berlin. Every time you come to the judges and prosecutors with the
subject of IT security and the associated user care obligations, they wave the
Constitution and refer to the judiciary independence. Every time you point out
that old applications have to be replaced, it is pointed out that changes in
form and procedures can neither be desired nor tolerated by the employees.

IT is not a core competence of the administration, and especially not the
judiciary with its absolutely obsolete professional mindset. In particular,
one does not really understand that as a part of an integrated system in which
the user and the applications work together, they also have duties that they
must perform. They always point at the IT or IT service providers, and shy
away from responsibility.

AULAK is not the only critical specialist procedure in the Berlin judiciary
that needs to be renewed. However, the judiciary shies away from the costs and
expenses that one would have to invest here. In particular, in such projects,
any judges and prosecutors are "voluntarily" ordered as project managers, and
staff who have no idea or real interest in the subject would just like to
implement existing paper-based processes 1:1 in software. That the IT offers
other possibilities is then always dismissed with the reference to the "laws".

Smentek and the ITDZ are not collecting any prestige from their role in the
process, but the plight of the Supreme Court is homemade and is mainly due to
the inability of the judiciary to renew._

~~~
blowski
Trying to see this from the users’ perspective, why does me being secure
require a completely different UI? Why can’t all the security patches for the
latest version of Windows be ported back into _my_ version instead of me
having to learn a new operating system?

This is the cost of the tech industry’s obsession with constantly fiddling
with the UI.

~~~
ptaipale
I think the fundamental thing is that keeping up to date involves both user
interfaces & operating system versions as well as work processes and
interfaces. You cannot develop just one of them without considering the other,
and because the system needs to work as a common process with unified working
methods and tools, it means that everyone needs to adapt to both.

Yes, there is too much fiddling with the UI in the industry, but continuing to
use 1990's operating systems without updates, just because people don't want
to change their ways of working... that is not sensible.

------
tnolet
Short recap for non German speakers.

\- Berlin (city/state) court was running on Win 95.

\- Trojan infected their whole network. Now they disconnected all PC’s from
the internet. They run on phones and faxes now.

\- Various consultancies (Accenture e.a.) warned them the situation was
critical in 2017.

~~~
kylek
>> Trojan infected their whole network. Now they disconnected all PC’s from
the internet. They run on phones and faxes now.

The ol' Galactica strategy

~~~
downrightmike
Admiral Adama had a point.

~~~
C1sc0cat
Though using that analogy Madame Airlock (MS Merkel) would had a few people
spaced :-)

------
ptaipale
Another article mentioning the use of faxes now that the court is disconnected
from network: [https://www.tagesspiegel.de/berlin/anhoerung-zu-trojaner-
ang...](https://www.tagesspiegel.de/berlin/anhoerung-zu-trojaner-angriff-
kammergericht-baut-den-notbetrieb-aus/25172194.html)

Summary: Berlins Court of Appeals (Kammergericht) kept using Windows 95, even
though the maintenance of this OS ended in 2001.

Elsewhere, it is mentioned, that the court was hit by Emotet malware.

Some judges have stored all their documents in the official system and have
now lost them, and they have literally no access to their past work except on
paper printouts, if they have any. Some other judges did not obey rules and
stored their documents also on USB sticks; they now do have some back-ups.

(Google Translate works reasonably well for German-English.)

~~~
ryanlol
Very surprising that Emotet runs on Win95.

~~~
iforgotpassword
Same here. Also the USB part was mentioned in several news outlets. Iirc,
Win95 had no USB support. So it either was only parts of the system that ran
in it, or something got messed up during reporting. Because I faintly remember
an earlier report that only mentioned Word 95, which would make a little more
sense as that should run on more recent versions of Windows.

~~~
ptaipale
All computers probably are not running Windows 95, many are newer. But I
understood the point here is that judges take files home (maybe using
floppies?) and use their own computers to work on them. And when at home, they
are not supposed to take local backups, but some did it anyway.

It's also suspected that the infection of malware came via a private computer
handling the files.

Again, Google Translate does a decent job:

 _Infection may be through private computers

Many of them have in the past, also because of the often outdated service
computers, taken office data on storage media such as USB sticks home and
worked there in the home office. The fear of having infected the private
computer with the virus is great - and apparently justified. The Federal
Office for Information Security advises in case of infection with the Emotet
virus to a reorganization of the affected computer. Current information about
the virus further states: "Emotet is considered one of the biggest threats of
malware worldwide."_

[https://www.tagesspiegel.de/berlin/schadsoftware-im-
berliner...](https://www.tagesspiegel.de/berlin/schadsoftware-im-berliner-
kammergericht-trojaner-angriff-deutlich-schwerer-als-gedacht/25092566.html)

------
tnolet
This whole thing is sadly “typically Berlin”. No hard, scientific proof for
that but it is extremely unsurprising when you have some experience with
Berlin bureaucracy.

~~~
jaynetics
I recently visited a hospital in Berlin. I ended up next to a screen with a
live ECG from someone in another room. This alone seemed slightly
questionable, both due to privacy reasons and because it ran in some weird
modified Internet Explorer.

Then the ECG was interrupted by Windows Update.

~~~
tnolet
Weirdly enough, Germany in general is very very privacy conscious. In Berlin
even more, due to DDR hangover.

~~~
briandear
Yet they still have people register their religion choice. Ostensibly it’s
because of taxes, but given Germany’s history, a government list of everyone
and their religion can’t be good. Germans care about privacy, but they have
seemingly a foolhardy trust of government.

~~~
catalogia
> _" Yet they still have people register their religion choice. Ostensibly
> it’s because of taxes"_

Stupid question maybe, but do Germans actually comply with that law? Even the
ostensible justification seems weird; why should religious beliefs be relevant
to taxes owed?

~~~
detaro
Because the state helpfully pulls in "membership fees" for the churches
through the tax system. Really stupid system, but little political will to get
rid of it.

~~~
ptaipale
One may call it stupid, but such a system, particularly collecting the
membership dues for the Lutheran protestant churches, is in place in very many
of the most-advanced nations in the world with highest rankings of human
development, press freedom, strong welfare state, good public health and so
on.

Is that a coincidence? I think it is not, although it is obvious that the
mechanism doesn't work like "start collecting membership dues for Lutherans
and you'll have a great welfare state". Rather, it's the current outcome of a
long historical development.

~~~
C1sc0cat
I think you mean guilt from ww2 and also some of the sectarian episodes in
Germanys Past - Bismarck locking up a large proportion of the Catholic clergy
is one example not well known

~~~
ptaipale
I think WW2 is just a passing episode in this development, as different
countries fared differently in the war but this long-standing development has
ended in rather similar outcomes. Overall, it's that the secular society
picked up from the administration structures and practices built by (mostly
Protestant) churches.

WW2 guilt did not stop Austria from applying this law for collecting church
dues (for the Catholic church) after WW2, even if the practice was in fact
brought to statute books by Adolf Hitler in 1939.

------
blackhaz
Update:

Berlin court used typewriters & fax, hit by rust and lack of paper, now uses
cuneiform & clay tablets.

------
durnygbur
It's mindblowing how one getting behind even 2 years in the general ecosystem
and the technological progress is basically out of the job market, yet people
responsible for the functioning of the society can completely ignore all these
and remain in their positions of power and authority.

------
zelphirkalt
Hahaha, I am glad it finally hit them. Hopefully many more official
institutions including ticket selling machines using old Windows will get hit.
Maybe one day they will learn, that using proprietary software (even less
outdated software)is not suitable for official institutions financed by the
tax payers.

------
mkonecny
I wonder if theres an inflection point where using older operating systems
cause you to be more resilient to viruses - presumably because malicious
software is written targetting more modern stacks

~~~
belltaco
Might be true for other platforms but Microsoft's laser focus on backward
compatibility probably helps viruses.

------
idiliv
It's surprising that it took until 2017 for "Fachleute" (experts) to warn the
city about the situation. Wouldn't one expect the same advice to be given ever
since 2001 when Windows 95 support ended?

~~~
pas
They probably got the warning every year every day informally, they got it
formally at least once a year.

------
m4lvin
related article (also German) on heise, a more technical publication than
tagesspiegel: [https://www.heise.de/newsticker/meldung/Emotet-Das-Faxen-
am-...](https://www.heise.de/newsticker/meldung/Emotet-Das-Faxen-am-Berliner-
Kammergericht-hat-hoffentlich-bald-ein-Ende-4572843.html)

------
AYBABTME
So how do you write fire-and-forget systems? Typewriters can't become
hopelessly insecure by leaving the typewriter sit on a shelf for a year. On
the other hand, you can't leave a Linux box unattended for more than a couple
months before it's hopelessly insecure. Is the solution unikernels, or what? I
think we'll have to find ways to make software that stands the passage of time
a bit more. I feel like it's really hard to build software that survives on
its own for even a tiny bit of time. Are we in an era that will leave no
usable artifact behind?

~~~
C1sc0cat
They can be insecure if you don't dispose of your carbon papers properly

------
fortran77
It's amazing you can still be productive with Windows 95 in 2019. It shows you
how great it was. Imagine getting anything done with Mac OS 7.6, which was
current in 1995.

We simply didn't know what dangers lie in connected computers back then, so
it's no wonder it would be vulnerable to attack. Still, you'd think the sheer
age of it would protect it (who's still attacking Windows 95?) and it probably
did keep them safe for some time.

~~~
bitwize
> Imagine getting anything done with Mac OS 7.6, which was current in 1995.

C:\ONGRTLNS.W95

Win95 = Mac '84

~~~
fortran77
I was at the Windows 95 Launch Event (hosted by Jay Leno!) and we saw Apple
driving "billboard" trucks around with this message. I was sad/pathetic.
Windows 95 had real virtual memory, processes with protected memory space, and
file names up to 260 charaters (vs Mac's 32 character limit back then.)

If Steve Jobs didn't come back and throw away MacOS to make a new one based on
NeXT, they would have been quite dead today.

~~~
bitwize
I was at MacWorld '95 -- just before Windows 95's release -- and saw lots of
T-shirts with those slogans. You're right. Technology-wise even cruddy old
Windows 95 was superior. But Apple had a hardcore base of true believers
(Bungie, for instance, was a Mac-only and then a Mac-first shop) and _those_
were their marketing audience. Part of the dogma was that beauty and ease of
use came before _all_ other concerns, and Mac was indeed beautiful and easy to
use.

------
dewey
I can't see fax or typewriters being mentioned in this article at all, they
only talk about encrypted usb drives from what I can see.

Where does this headline come from?

~~~
tnolet
It’s linked in the first paragraph. Article in the same magazine
[https://m.tagesspiegel.de/berlin/nach-trojaner-attacke-am-
ka...](https://m.tagesspiegel.de/berlin/nach-trojaner-attacke-am-
kammergericht-richter-muessen-auf-fax-geraete-ausweichen/25132698.html)

------
ptah
I think it is important to consider that possibly computers are not the
optimum solution for everything

------
rahuldottech
Don't fax machines operate over phone lines though? Should be stupid easy to
tap into. Not great for sensitive court docs.

Also, by removing digital docs, you make it much harder for those with visual
impairments to access such documents.

------
zerr
Why didn't they switch to ArcaOS (modern OS/2)?

