Icon: enlarge
Entrance to the Federal Environment Agency (UBA) in Dessau-Roßlau
Photo: Hendrik Schmidt / dpa
For visitors to the website of the Federal Environment Agency, the hint does not sound particularly dramatic: You are "currently not available by e-mail", it says there, for "technical reasons" - if you have current concerns, please contact us by phone.
The report on the authorities' website has a serious background.
According to SPIEGEL information, the Federal Environment Agency (UBA), headquartered in Dessau-Roßlau, is affected by the massive security problems with Microsoft's widespread Exchange servers, which have been causing unrest in companies, organizations and authorities around the world for days.
The EU banking supervisory authority in Paris has already switched off its entire mail system, and the full extent of the incident is still not foreseeable.
At the Federal Environment Agency, the president wrote a circular to all employees on Tuesday in which he described the extent of the problem in drastic terms: "A new mail server structure must be completely rebuilt," says the letter that SPIEGEL has received.
How long this will take cannot yet be determined exactly, but "at least a period of three weeks is assumed."
It is about »damage minimization«, the UBA president continued.
The Federal Environment Agency has around 1,600 employees.
The topics it deals with range from waste avoidance and climate protection to the approval of pesticides.
Eight German authorities are considered affected
The UBA is not the only authority that currently has crisis meetings and visits by IT security experts: The Federal Office for Administrative Services, headquartered in Aurich, is also affected, as a spokeswoman for SPIEGEL confirmed.
There, too, the entire mail system has been shielded for the 380 employees who work from six locations.
According to information from security circles, eight authorities are now considered "affected", only two of them as "compromised", ie critical.
In these cases, the attackers had already installed a back door, explains IT security expert Tim-Philipp Schäfers from internetwache.org, who had informed SPIEGEL in advance about the vulnerability at the Aurich office.
According to Schäfers research, the Federal Institute for Drugs and Medical Devices (BfArM) also used the critical and vulnerable interface - for several years and also during the critical period.
Upon request, the office announced that it had responded in good time and installed security updates, and that it had not been able to detect any malware or successful attacks on its own systems.
The Federal Office for Information Security calls out "Red warning level"
According to the current status, no data should actually have flowed from any German authority.
However, this is no reason to give the all-clear, as emphasized by the Federal Office for Information Security (BSI), which announced its highest “red warning level” because of the incident - for the first time in more than a decade.
Microsoft has now published a series of problem solutions (patches) for the affected Microsoft Exchange systems - as well as procedures with which companies and users can check whether their servers are secure.
Apparently, the number of vulnerable systems in this country is still high.
BSI President Arne Schönbohm therefore addressed all potentially affected users of Microsoft products on Thursday with a video warning message: According to BSI findings, around 60,000 systems in this country were initially vulnerable, but currently there are still around 25,000.
"Every vulnerable system is one too many," said Schönbohm.
"It is clear that the situation is very serious."
"Please take this warning very seriously."
The central IT service provider of the federal government, the ITZ-Bund, which looks after 33,400 "logical server systems", is "not affected" by the security problems, its director Alfred Kranstedt told SPIEGEL - this was checked with the appropriate diagnostic programs.
Microsoft had pointed out that the security gaps in the affected systems had already been actively exploited - by a "new, state-supported threat actor" from China, whom the company named "Hafnium".
In the past, hackers in government services were primarily targeted at organizations in the United States - including research institutes for infectious diseases, armaments companies and political think tanks.
The BSI and independent IT security experts also fear that online criminals have long tried to benefit from the sometimes hesitant problem solving of some operators and smuggle in their own malicious codes - in order to later blackmail companies by encrypting their computers, for example.
The existing weaknesses increased »the risk that data and know-how could leak« and even production could be paralyzed, according to BSI President Schönbohm.
Icon: The mirror
