Germany scrambles to plug military audio leak

The leak shows Germany is “pretty penetrated” by Russian intelligence, former United Kingdom Defense Secretary Ben Wallace told the Times newspaper over the weekend. “It just demonstrates they are neither secure nor reliable,” he said.

It demonstrated that German government communications were “a mess,” said Christian Mölling, deputy director of the German Council of Foreign Relations. “The hack basically shows that [Russia] is actively setting the agenda in Germany.”

German Defense Minister Boris Pistorius was quick to call the leak a “hybrid disinformation attack” in a statement on the national defense ministry website on Sunday. In yet another clumsy move, journalists were told they needed a password to access that statement. The password? 1234.

The country’s Military Counterintelligence Service (MAD) launched an inquiry into the audio leak. The government hasn’t confirmed further details.

It's unclear whether the audio was obtained through a hack of a cybersecurity vulnerability, wiretapping or a more traditional types of eavesdropping.

What is clear is that the incident bears the hallmark of other so-called hack-and-leak operations previously conducted by Moscow. Russian hackers published more than 150,000 emails during the 2016 U.S. presidential campaigns. And last December the U.K. called out hackers linked to Russia's security service for attempts to interfere in the country's politics by leaking private conversations between politicians and media figures.

“It’s an act of hybrid warfare against Germany by Russia. In this information war it’s a significant success," said Guntram Wolff, a senior fellow at the Brussels-based Bruegel think tank.

The audio tape fired up the debate about German deliveries of long-range missiles to Ukraine — something the governing three-way coalition is split over. Above all, the incident also raises uncomfortable questions of how German government communications are secured online. 

Christopher Ahlberg, chief executive of intelligence company Recorded Future, said that having the right technology to secure communications is important but officials also need to be diligent in sticking to communication protocols and secure devices.

“Given that it’s Germany I would assume there were plenty of protocols" in place, Ahlberg said. "But somebody was sloppy.”

The German Bundestag's Parliamentary Commissioner for the Armed Forces of Germany Eva Högl, who leads parliament's oversight of the army, has called for a “wide-reaching” response to the affair, including compelling all levels of the Bundeswehr to be immediately trained in protected communication.

Högl also called for greater investment in countering espionage and for MAD to be beefed up.

In a response to POLITICO, the Bundeswehr said that in order to ensure military security and the protection of classified information, "different technical and organizational means of communication are chosen depending on the classification level."

The incident also put the spotlight on popular communication platforms and their role in providing confidential communications.

Roderich Kiesewetter, deputy head of the Parliamentary Control Committee, said the audio was allegedly captured from a call happening on Cisco’s WebEx platform, with a Russian participant logging into the virtual discussion. The defense ministry however said this theory was “speculation.”

In 2020, security researchers at tech giant IBM found flaws in WebEx that could allow attackers to join meetings as ghosts (without being seen by other participants), remain in the meeting as a ghost after being expelled, and access information on meeting attendees including names, email addresses and IP addresses. The only indicator an attacker had joined would be a “beep.” Cisco released a fix for these bugs shortly after.

In a response to POLITICO's questions about the German audio leak, Cisco said it does not publicly discuss customer information.

Jack Blanchard, Gordon Repinski and Joshua Posaner contributed reporting.