Government Hack: Hack on German Government via E-Learning Software Ilias

Employees of the public administration in Germany can use educational programs on the webpage lernplattform-bakoev.bund.de - usually. But the webpage, which is operated by the University of the German government, is currently not available. Visitors only get an error message: "The learning plattform Ilias is currently unavailable. It was disabled due to a recommendation from the BSI." The BSI is the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik). It's this platform via which the hacker attack on the German government supposedly happened.

The BSI stated that is has no knowledge of security vulnerabilities in Ilias, the Ministry of Interior declined to make further comments. Golem.de has taken a look at the software.

The error message confirms previous media reports according to which an e-learning service of the government was the entry point for the malware attack. By modifying an online course the attackers were able to infect 17 computers of the Federal Foreign Office, as reported by the newspaper Frankfurter Allgemeine Sonntagszeitung. The attack was detected in December 2017, but it is supposed that it had already been active for several months at that point. Previous reports said that the German government was informed by a secret service of another country about the infected computers.

Although individual computers connected to the IVBB (Informationsverbund Bonn Berlin) network were compromised, there is no clear indication that IVBB network infrastructure was compromised. IVBB is the German government's secure network for communicating certain classified information. According to media reports security authorities believe the attack was of Russian origin.

Ilias confirms hack of its software

Ilias is an open source project, it is used at several Universities and other public institutions. It was developed by an organization located in Cologne. On the public administrators mailing list of Ilias the product manager Matthias Kunkel wrote on March 8th that "an Instalaltion of the Ilias-Software was supposedly involved" in the Hack of the network of the Government. However currently they have no detailed information about the used security vulnerabilities. The organization wants to discuss the issue at their developer conference next week in the city of Halle/Saale.

Answering a request from Golem.de Matthias Kunkel from Ilias commented on the software. He said: "The organization Ilias open source e-Learning e.V. publishes Ilias as an open source software and coordinates the software development. Yet the individual Ilias installations are operated by their corresponding institutions or companies that use Ilias for their e-learning purposes." The installation that was taken offline "is operated by the University of the German Government".

There are a number of security vulnerabilities that attackers could have used.