Cyber terrorism: German infrastructure highly vulnerable

September 28, 2009;

Marco Di Filippo, Regional Director Germany of Compass, shows how easy it is to compromise power, internet and telecommunication networks in Germany.

"It is only a question of time before criminals take advantage of the vulnerabilities of the German infrastructure", says Marco Di Filippo. "With the corresponding know-how, which terrorists could just simply pull from the Internet, it is possible without too great financial means, to manipulate respectively to paralyse our networks. Everything would break down."

How endangered is Germany?
The facts (based on studies of the KoSiB eG, the Bavarian Competence Centre for Security, Munich):
- 79% of the German telecommunication fixed line network are firmly in the hands of one single provider
- 81% of the virus attacks have a correlation with the monoculture of our desktops
- 99% of the users underestimate Trojans and Spyware
- Nearly 100% dependence on the USA and on monopolists such as Intel, IBM, Cisco, HP, Microsoft
- Even the government fosters the development of monocultures
Already a diversity of operating systems would considerably reduce the danger of a domino effect.

Cyber War - the total control
The motives for attacks on monocultures are often the desire to prove knowledge, to test out the limits and to attract attention, but also a new form of terrorism. How systematic hacking activists proceed, is proven by the recent Denial-of-Service attack on the Website of the Australian Prime Minister, Mr Kevin Rudd. This was just to demonstrate their protest against the Internet barriers introduced.

A possible attacking scenario in Germany would be the following: Germany without Internet. Frankfurt is de facto one of the main points of intersection for the DFN (German research network), .de domains and provider networks. If Frankfurt becomes the target, the following procedure could lead to a complete breakdown of the network. Firstly the points of intersection are retrieved on-site and staff is infiltrated in the organisation of a large network provider. The "new employees" elicit the respective lines and destroy them. The demand for band width can no longer be met and servers are thus no longer accessible in full. The consequences: no cash, no re-fuelling possibilities, no tickets for public transport, traffic chaos, no payments, economical damage, etc.

How can Germany protect itself?
Marco di Filippo recommends: "In a first step it is important to increase prevention. First of all we are to detect the nation wide vulnerabilities and to find the possible attacking points. Then threat scenarios must be determined and analysed. Responsible persons should search for advice on what new security solutions they could make use of. This also includes encouraging German developments, to link with each other and to cooperate remotely. This will be the only way to counter the monocultures and thus to reduce the attack surface provided by the Federal Republic of Germany."