A computer security breach allowed access to information on the holding of at least 6,000 meetings of the German army on the videoconferencing platform Webex, the media “Zeit online” reported on Saturday, two months after the leak of a confidential military meeting via the same tool.
In a search carried out by the news site, it was possible to access the title, date, time or name of the person inviting to important Bundeswehr meetings on Webex.
“More than 6,000 meetings could be found online,” writes Zeit, some of which were classified, for example with the subject of the long-range Taurus missiles claimed by Ukraine or “the digital battlefield”.
In addition, the virtual meeting rooms, allocated to the 248,000 members of the Bundeswehr, were easily identifiable, thanks to a simple IT architecture, and were not protected by a password. Zeit online says it has found, among other things, the digital meeting room of Ingo Gerhartz, the head of the German air force.
Leaks of confidential conversations
The latter’s name was cited in March when a confidential conversation between high-ranking Bundeswehr officers was leaked. Ingo Gerhartz was among the service members who allegedly did not use the required login on Webex. The interception of this conversation by Russian intelligence services caused a scandal in Germany and embarrassed the country with its allies.
According to “Zeit Online”, the German army only became aware of the security breach following questions from journalists.
The flaws themselves were brought to light by Netzbegrünung, an association of cyberactivists, explains the media.
A spokesperson for the Bundeswehr’s Cyberspace and Information Command confirmed that the army’s Webex instance “had a flaw” and that once it was known, it was fixed “within 24 hours.”
“It was not possible to participate in the videoconferences without the knowledge of the participants or without authorization; no confidential content could therefore come out of the conferences,” assured this spokesperson.
