Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Hardware
Tom’s Hardware
Technology
Jowi Morales

German MPs and their staff fail simple phishing attack test

Bundestag building.

The Bundestag, the lower house of the German congress, conducted a secret penetration test (pen test) against members of parliament by sending phishing emails that supposedly came from the Bundestag administration. While many MPs and their staff members passed the test, Spiegel (machine translated) says that several fell for the faked email and disclosed sensitive information like usernames and passwords.

All representatives and their staff eventually received a letter explaining the penetration test, saying, “This is absolutely necessary for an effective defense against real phishing campaigns.” However, it also added, “I would like to ask all those who have clicked on the links in the e-mails and, if necessary, entered login credentials and passwords to change their password as a precautionary measure.”

As one of the leading government bodies in Germany, the Bundestag is a prime target of both state and non-state actors for hacking, and phishing is one of the techniques bad actors use to gain access to restricted systems. This actually isn’t the first time that the German lower house has been attacked, with the most serious incident occurring in 2015, when its IT infrastructure was left in complete disarray while the attackers made off with at least 16GB of data.

Spiegel says that hackers related to the GRU — Russia’s military intelligence service — were behind the 2015 attack and that phishing was one of the techniques that it used to gain access to the Bundestag’s systems. As the global political situation is becoming more heated, governments must focus on protecting their secrets. More recently, Germany accused China of a cyberattack against its primary mapping agency.

And because these cybersecurity protections are only as strong as their weakest link, it makes sense that the Bundestag makes all its people aware of phishing attacks and reminds them to be aware of it. This is especially important as not everyone is tech or internet-savvy, and just a single person on the staff of a key MP could potentially compromise confidential projects and operations. This isn’t exactly a new practice, as practically every government has been trying to gather intelligence by compromising key persons; the internet age has just made that far easier than ever before.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.