Information network Berlin-Bonn

from Wikipedia, the free encyclopedia

The Information Network Berlin-Bonn ( IVBB ) was an information network of the Federal for networking the highest federal authorities . Like the Federal Administration's Information Network (IVBV), the IVBB was one of the cornerstones of the modernization of the administration as part of the BundOnline 2005 initiative . Both the IVBB and the IVBV were migrated to the federal networks , which started operations on July 1, 2019.

The information network Berlin-Bonn was established due to the move of the German Bundestag and most of the federal government to Berlin . The IVBB was operated by T-Systems and enabled fast and secure data exchange between the individual offices in Berlin and Bonn . E-mails, telephone calls and the intranet of the Bundestag, Bundesrat, Federal Chancellery and federal ministries ran via the IVBB network . A high level of security should be guaranteed through the structure, which is separate from public networks. According to information from the German Press Agency (dpa), foreign hackers have penetrated the data network, which was previously considered secure, over a longer period of time. According to dpa , malware was smuggled in; the attackers have also stolen data. This was discovered in December 2017 by a foreign service, publicly at the end of February 2018. However, according to the ex-IT officer in the Federal Ministry of the Interior, Martin Schallbruch, the intrusion of hackers into the network of the IVBB did not mean that they had access to the data of everyone connected there Authorities had; each ministry was again secured with two own “protective walls”. Special meetings of the Parliamentary Control Committee (PKGr) and the Bundestag Committee on Digital Agenda were convened for March 1, 2018 .

structure

The Berlin-Bonn information network was the federal administration's communication platform . Users were the Federal Chancellery and all federal ministries, the Federal Audit Office and security authorities in Berlin, Bonn and other locations. The Bundestag and Bundesrat were also affiliated. It is particularly protected against attacks from outside. The infrastructure of the IVBB was separated from public networks.

According to its own information, the federal government registered around 20 highly specialized hacker attacks on its IT infrastructure every day. On average, one per week had an intelligence background, the government said in response to a small request from members of the left-wing parliamentary group about the federal government's cyber security strategy . In addition, there were repeated indications that Russian spies wanted to recruit members of the Bundestag for their purposes. The IT of the Bundestag is partly connected to the IVBB.

Telephone and internet services

Telephone code 01888

Until the end of 2009, the IVBB had its own telephone code for nationwide pricing for calls made by citizens to federal institutions. This number was introduced in 1997. Since then, the phone market has changed a lot. There are now other fixed network operators, and mobile networks have a completely different status today. The fee structure of the providers has also changed significantly compared to 1997. In the past, the fees were based on distance, now there are mostly standard fees. Because of the distance dependency, uniform pricing also applied, at least in the west-east direction. That meant, for example: If a participant from Bonn called a number in the IVBB, it did not matter whether the destination connection was in Berlin or Bonn. This procedure could not be maintained because of the lack of interconnection agreements between the individual national and international network operators. In order to still be able to enjoy the advantages of a network, it was decided to switch to new standardized dial-in numbers for the IVBB and to let the national number expire. On January 1, 2010, the 01888 area code was switched off.

New IVBB telephone codes for Bonn and Berlin

In 2006, new dial-in numbers for the IVBB were switched in the local networks of Bonn and Berlin. These were in operation parallel to the national code 01888 in order to create a smooth transition for everyone involved. This new regulation does better justice to the now common fee structures and forms a cheaper basis for calls from mobile phones to the IVBB than the old model.

Local network, regardless of the seat of the
ministries and constitutional bodies		 IVBB dial-in number Example old Example new
Berlin 030 18 "IVBB number" 01888 456789 030 18 456789
Bonn 0228 99 "IVBB number" 01888 456789 0228 99 456789

In the future there will be two access numbers, but it doesn't matter which one you use. Because of the largely standardized charges (the providers essentially only differentiate between mobile, local and long-distance calls), the costs now correspond to a normal call to the Bonn or Berlin local network. There is no longer any billing as a special number. Another advantage is the full accessibility from abroad, since the dial-in number belongs to the number range of the respective local area networks.

Uniform domain name for all federal institutions

When the IVBB was introduced, it comprised all services that were already available in 1997. These include the following services: e-mail , Domain Name Service (DNS) and the web server for the World Wide Web. The domain “bund.de” was reserved and used so that an easy assignment was also possible here. After its introduction in the IVBB, this domain was also used step by step by all federal authorities that were not in Bonn or Berlin.

As a result of the standardization, almost all ministries now offer their offers at this uniform address, for example the Federal Ministry of the Interior at bmi.bund.de or the Federal Ministry of Labor and Social Affairs at bmas.bund.de. In addition, a portal for the public was set up (bund.de). There you get access to the federal administration. Domain grabbing was avoided through the uniform domain name . The domain is also used for the e-mail addresses of federal employees.

Hack of the network 2017-2018

At the end of February 2018, it became known that attackers from a presumably foreign power had penetrated the information network. According to press research, a foreign secret service had already informed the German authorities in December 2017 that a cyber attack might have been carried out on the German government network by hackers . According to information from NDR, WDR and Süddeutscher Zeitung, the attack is part of a global hacker attack that also affects other countries.

“Cyber ​​attacks can cause information to leak unnoticed for years. It is also possible to activate malware that has already been introduced at a certain later point in time. If not only the outflow of information, but also the manipulation of data and the (dis) disruption of functionality is the actual goal - possibly combined with the targeted induction of a major incident (i.e. sabotage) - the corresponding attack could turn into a silently ticking one digital time bomb. "

- Federal Office for the Protection of the Constitution : 2016 Report on the Protection of the Constitution

The Federal Foreign Office first reported an incident. The Federal Ministry of the Interior stated that the Federal Office for Information Security (BSI) and the intelligence services are investigating an IT security incident. The attack was isolated and under control within the federal administration. However, the attack was recognized by German security authorities as early as December 2017. At that time, the attack had been going on for a long time, possibly a whole year. Since then, the authorities have been trying to find out how deep the attacking group has penetrated into the government network. The attack is said to have initially taken place on the network of the federal university for public administration and to have continued to work from there.

According to the dpa , malware was smuggled into the network that enabled the attackers to read and extract data over a long period of time. Shortly after the attack was recognized, the BSI sent a “special technical unit” to the Federal Foreign Office to analyze the attack in detail. The so-called Mobile Incident Response Team (MIRT) was introduced in 2016 in order to be able to provide quick on-site support to affected areas.

According to security circles , the attacking group should initially be APT28 . Because the attackers' approach was too complex and cautious for APT28, the hacker group "Snake" was finally named as a possible attacker.

According to information from the Frankfurter Allgemeine Sonntagszeitung (FAS), the cyberattack on the non-public network of the IVBB was a targeted attempt to gain access to documents from the Foreign Office . According to these reports, the attackers placed two years ago spyware (spyware) on a platform of Federal Academy of Public Administration , the customized Internet courses for e-learning offering. The electronic documents of a correspondence course for employees of the Foreign Office were then deliberately infected from this source . After information from an unnamed foreign intelligence service , the German counterintelligence discovered spyware on 17 computers of employees of the Foreign Office and then tried to locate the attackers and analyze their methods.

According to information from the Süddeutsche Zeitung, the spy software was controlled via the Microsoft Outlook e-mail program . The attackers therefore sent e-mails to the infected computers with coded commands hidden in the e-mail attachments. The mail attachments were downloaded from Outlook without interaction with the PC user and stored in the mailbox. Here the spy software then looked for such hidden commands independently and only tried to send documents stored on the PC to the outside following a corresponding instruction.

Web links

Individual evidence

  1. ^ The project "Netze des Bundes" (NdB). Federal Government Commissioner for Information Technology , Federal Ministry of the Interior (BMI), accessed on April 27, 2020 .
  2. ^ A b Jörg Blank, Christoph Dernbach, dpa: Security circles: Hackers penetrated the German government network. In: heise online. February 28, 2018, accessed March 1, 2018 .
  3. a b Anna Sauerbrey , Frank Jansen, Claudia von Salzen, Sonja Álvarez, Oliver Voss: Cyber ​​attack - under Russian observation. In: Der Tagesspiegel . March 1, 2018, accessed March 2, 2018 .
  4. Bundestag control committee meets because of hacker attack. (No longer available online.) In: Zeit Online . March 1, 2018, archived from the original on March 5, 2018 ; accessed on March 4, 2018 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.zeit.de
  5. Printed matter 18/10839. (PDF) German Bundestag , January 16, 2017.
  6. ^ Stefan Krempl: Bundeshack: Attackers compromised 17 computers in the Foreign Office. In: heise.de. February 28, 2018, accessed March 2, 2018 .
  7. Federal Office for the Protection of the Constitution , Federal Ministry of the Interior (ed.): Verfassungsschutzbericht 2016 . June 2017, chapter "Espionage and other intelligence activities", p. 260 ( verassungsschutz.de/de/oeffentlichkeitsarbeit/publikationen/verfassungsschutzberichte [PDF; accessed on March 2, 2018]).
  8. Jannis Brühl, Hakan Tanriverdi: Hacker attack on the Ministry of Foreign Affairs. In: sueddeutsche.de . February 28, 2018, accessed March 1, 2018 .
  9. Hakan Tanriverdi: This group is said to be behind the federal hack. In: sueddeutsche.de. March 2, 2018, accessed March 2, 2018 .
  10. Andreas Wilkens: Bundeshack: Russian hacker group "Snake" is said to be behind the attack. In: heise.de . March 1, 2018, accessed March 4, 2018 .
  11. Peter Carstens, Thomas Gutschker: Cyber ​​attack was a targeted attack on the Federal Foreign Office. In: Frankfurter Allgemeine Sonntagszeitung (FAS). March 3, 2018, accessed March 4, 2018 .
  12. Hakan Tanriverdi: This is how the hackers smuggled data from the Foreign Office . Süddeutsche Zeitung , March 6, 2018