

Cyber attack on German parliament still active, could cost millions - draugadrotten
http://ca.reuters.com/article/technologyNews/idCAKBN0OQ2GA20150610

======
pluma
I love how these stories always tend to focus on the "cyber attacks" rather
than the incompetence that allowed them to be attacked in the first place.

These days, if a website gets defaced because of an outdated Wordpress
installation, the media instantly rallies to the victim's defence and portrays
the script kiddies that did it as terrorists. And if they're not personally
identifiable, they're government agents of wherever their IP addresses
originate from (or whoever the current political go-to villain happens to be).

I wouldn't be surprised if this major government IT SNAFU paves the way to
more aggressive "cyber crime" laws and more posturing against Russia. It'll
also likely be used to make the public forget about the entire NSA ordeal
(because hey, we totally need the US to protect us against evil Russia).

Keep in mind that the entire "we're under attack" narrative isn't as popular
or widely accepted in Germany as it is in the US. The last attempt to portray
us as having to defend ourselves against an attack was during our involvement
in Afghanistan, which the public generally disagreed with (although our
politicians promised unlimited solidarity to the US).

We're also in a really awkward position: politically we're very dependent on
the US (up to the point where US agencies can legally do what it wants in
Germany thanks to post-WW2 agreements) but economically we're also very
dependent on Russia -- as is a lot of Europe, for that matter.

~~~
rayiner
> I love how these stories always tend to focus on the "cyber attacks" rather
> than the incompetence that allowed them to be attacked in the first place.

For the same reason stories about home invasions or robberies don't blame the
victim for leaving their house or car unlocked.

~~~
fwn
Just that it's the internet. So it's more like parking your ferrari with open
doors in Somalia.

~~~
rayiner
Sure. But if someone hacks you or robs you, the media should place blame on
the person who was actually malicious, not the one who was merely negligent

Also, I love that the Internet = Somalia.

~~~
balabaster
This whole thread puts the image of Somalia being like something out of Mad
Max... I've never been there, but I bet it's not like that at all.

~~~
pluma
Somalia being a post-apocalyptic wasteland qualifies as a mesofact[0], I
guess. Whether it actually ever was quite _that_ bad I don't even know. I
think the idea is mostly fed via movie tropes.

[0]:
[https://news.ycombinator.com/item?id=1173845](https://news.ycombinator.com/item?id=1173845)

~~~
fwn
In my argument I used Somalia as a metaphor to transport an idea of a certain
type of hostile enviroment.

I don't see how - in this context - a debate on somalias current affairs can
be seen as something other than derailing.

------
cstuder
It get's even better: According to some reports[1], the german IT-security
office (BSI) recommended completely replacing the IT-infrastructure with new
hardware and software. They say the situation has gone out of control and that
they are unable to stop the leaking of data from parliament computers to
unknown third parties.

[1] [http://www.heise.de/newsticker/meldung/Nach-Trojaner-
Angriff...](http://www.heise.de/newsticker/meldung/Nach-Trojaner-Angriff-
Bundestag-soll-neues-Computer-Netzwerk-benoetigen-2687521.html)

~~~
rndn
Are they incompetent or is this a result of unforeseeable circumstances?

~~~
draugadrotten
It is not a sign of incompetence to know when it's time to abandon a burning
building.

------
fwn
For this "we are being attacked" reason, they want to get the parlamentarians
to let secret services manipulate their laptops / phones. It's a classic.

As if the local agencies are somehow less dangerous for the individual
politician than the foreign agencies.

The actual costs, "millions", are rather irrelevant.

~~~
r3m6
>as if the local agencies are somehow less dangerous

And in what way are they dangerous? And if not these experts, who should do
this (expert) work?

~~~
fwn
In what way are foreign agencies dangerous? Now remember that they do the same
thing.

The other question is pretty easy: Every involved party should use own trusted
experts for the hardware/software part it manages.

If you are a parlamentarian and it feels suspicious to you that a secret
service wants to get your phone: Don't hand it.

~~~
boroboro
Again, the German BSI does not the same thing as the Russian GRU/SWR.

~~~
fwn
Again, it's not about the BSI.

~~~
boroboro
People can read on their own that it is about the BSI, contrary to your
propaganda. Go back to the Spiegel or Zeit forums, where Russian trolls
usually spend their time.

------
boroboro
Some years ago there was some press about how many German politicians were
complaining about the state phones and would bring in and use their own shiny
phones, probably this goes for laptops too. I assume this was against the
wishes of IT security. Then boom, and the politicians are complaining again.

~~~
mauricemir
All it takes for a "friend" to donate some new shiny to a MP who then plugs it
and its game over.

------
TazeTSchnitzel
If the attack is ongoing, why not unplug the Ethernet cable?

~~~
iMerNibor
Oh no that's not possible. Think of all the politicans who couldn't do work..
That's unacceptable!

~~~
mauricemir
Well they would have to go back to paper and maybe even voting physically
rather than pushing a button remotely.

------
wiz21c
1/ Replace with Linux 2/ Understand that security is not easy 3/ Conclude that
given 1/ you can work on 2/

~~~
v4n4d1s
All servers are already on linux since about 10 years.
[https://de.wikipedia.org/wiki/Open-Source-
Software_in_%C3%B6...](https://de.wikipedia.org/wiki/Open-Source-
Software_in_%C3%B6ffentlichen_Einrichtungen#Deutscher_Bundestag) [german]

