Germany’s Bundestag administration and federal parliamentarians were told Friday that unknown hackers had infiltrated the FuhrparkService (BWFU) transport fleet, reported the Sunday newspaper BamS (Bild am Sonntag).
“Last week, there was an attack on the company’s IT network by an as yet unidentified external party,” Germany’s defense ministry added on Saturday.
Headquartered at Troisdorf, near Bonn, the BWFU is run by Germany’s Bundeswehr military and comprises 33,500 vehicles, including trucks, and chauffeur-driven cars assigned to parliamentarians, including those in Berlin.
Last year, it provided 142,000 such chauffeur services for the Bundestag parliament and BaMs said it was possible the hackers could have obtained politicians’ private addresses and other sensitive details such as times booked and locations.
Parliament’s own information technology system was hacked in 2015. Last May, Chancellor Angela Merkel told the Bundestag there was “hard evidence” that Russian intelligence had been behind that infiltration.
The BWFU fleet and driver service, established in 2002 as a state-owned company, operates from 160 locations across Germany and recruits its own certified drivers.
The Bundeswehr military has a three-quarter majority holding in the fleet service; German Rail (Deutsche Bundesbahn) a one quarter stake.
A ‘serious’ incident
The German defense ministry on Saturday said the hacking incident notified on Thursday resulted immediately in all electronic links to clients, including the ministry itself, the military and the federal parliament, being capped.
“In addition, the (BWFU) management has called in a company specialized in the analysis and rectification of damage caused by such incidents,” it was reported.
Also involved was another Cyber Emergency Response Team (CERT) of Germany’s Federal Office for Information Security (BSI) based in Bonn.
Initial checks of the Bundeswehr military’s own dedicated electronic network had shown no damage.
The administration of the federal Bundestag parliament had written to governing and opposition parliamentary groups, reported BamS, telling them: “The attacker and the concrete targets of his attack are not known.”
“At present, it is not known when the data center was compromised for the first time, whether data was manipulated or whether data was siphoned off,” the letter stated.
One of parliament’s five vice-presidents, Thomas Oppermann of the center-left Social Democrats (SPD), described the cyber incident as “serious,” saying it must be solved quickly.
ipj/shs (dpa, AFP)