Abo
  • Services:

Government Hack: Hack on German Government via E-Learning Software Ilias

The German government was hacked via the learning plattform Ilias, which is used at the government's own university. The university was using an old version with various security vulnerabilities.

Artikel veröffentlicht am , Hanno Böck/
The German government used a software called Ilias for education purposes - and that software has the standard password "homer".
The German government used a software called Ilias for education purposes - and that software has the standard password "homer". (Bild: Wikimedia Commons)

Employees of the public administration in Germany can use educational programs on the webpage lernplattform-bakoev.bund.de - usually. But the webpage, which is operated by the University of the German government, is currently not available. Visitors only get an error message: "The learning plattform Ilias is currently unavailable. It was disabled due to a recommendation from the BSI." The BSI is the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik). It's this platform via which the hacker attack on the German government supposedly happened.

Inhalt:
  1. Government Hack: Hack on German Government via E-Learning Software Ilias
  2. University uses old version with known Vulnerabilities

The BSI stated that is has no knowledge of security vulnerabilities in Ilias, the Ministry of Interior declined to make further comments. Golem.de has taken a look at the software.

The error message confirms previous media reports according to which an e-learning service of the government was the entry point for the malware attack. By modifying an online course the attackers were able to infect 17 computers of the Federal Foreign Office, as reported by the newspaper Frankfurter Allgemeine Sonntagszeitung. The attack was detected in December 2017, but it is supposed that it had already been active for several months at that point. Previous reports said that the German government was informed by a secret service of another country about the infected computers.

Although individual computers connected to the IVBB (Informationsverbund Bonn Berlin) network were compromised, there is no clear indication that IVBB network infrastructure was compromised. IVBB is the German government's secure network for communicating certain classified information. According to media reports security authorities believe the attack was of Russian origin.

Ilias confirms hack of its software

Stellenmarkt
  1. Lidl Dienstleistung GmbH & Co. KG, Neckarsulm
  2. DESY Deutsches Elektronen Synchrotron, Hamburg

Ilias is an open source project, it is used at several Universities and other public institutions. It was developed by an organization located in Cologne. On the public administrators mailing list of Ilias the product manager Matthias Kunkel wrote on March 8th that "an Instalaltion of the Ilias-Software was supposedly involved" in the Hack of the network of the Government. However currently they have no detailed information about the used security vulnerabilities. The organization wants to discuss the issue at their developer conference next week in the city of Halle/Saale.

Answering a request from Golem.de Matthias Kunkel from Ilias commented on the software. He said: "The organization Ilias open source e-Learning e.V. publishes Ilias as an open source software and coordinates the software development. Yet the individual Ilias installations are operated by their corresponding institutions or companies that use Ilias for their e-learning purposes." The installation that was taken offline "is operated by the University of the German Government".

There are a number of security vulnerabilities that attackers could have used.

University uses old version with known Vulnerabilities 
  1. 1
  2. 2
  3.  


Anzeige
Hardware-Angebote
  1. auf ausgewählte Corsair-Netzteile

hg (Golem.de) 12. Mär 2018

Wir haben in diesem Fall auch eine englische Version des Artikels gemacht, weil wir die...


Folgen Sie uns
       


Parrot Anafi angesehen

Angucken ja, fliegen nein: Wir waren bei der Vorstellung der neuen Drohne von Parrot dabei.

Parrot Anafi angesehen Video aufrufen
Always Connected PCs im Test: Das kann Windows 10 on Snapdragon
Always Connected PCs im Test
Das kann Windows 10 on Snapdragon

Noch keine Konkurrenz für x86-Notebooks: Die Convertibles mit Snapdragon-Chip und Windows 10 on ARM sind flott, haben LTE integriert und eine extrem lange Akkulaufzeit. Der App- und der Treiber-Support ist im Alltag teils ein Manko, aber nur eins der bisherigen Geräte überzeugt uns.
Ein Test von Marc Sauter und Oliver Nickel

  1. Qualcomm "Wir entwickeln dediziertes Silizium für Laptops"
  2. Windows 10 on ARM Microsoft plant 64-Bit-Support ab Mai 2018
  3. Always Connected PCs Vielversprechender Windows-RT-Nachfolger mit Fragezeichen

Segelschiff: Das Vindskip steckt in der Flaute
Segelschiff
Das Vindskip steckt in der Flaute

Hochseeschiffe gelten als große Umweltverschmutzer. Neue saubere Antriebe sind gefragt. Der Norweger Terje Lade hat ein futuristisches Segelschiff entwickelt. Doch solch ein neuartiges Konzept umzusetzen, ist nicht so einfach.
Ein Bericht von Werner Pluta

  1. Energy Observer Toyota unterstützt Weltumrundung von Brennstoffzellenschiff
  2. Hyseas III Schottische Werft baut Hochseefähre mit Brennstoffzelle
  3. Kreuzschifffahrt Wie Brennstoffzellen Schiffe sauberer machen

Krankenversicherung: Der Papierkrieg geht weiter
Krankenversicherung
Der Papierkrieg geht weiter

Die Krankenversicherung der Zukunft wird digital und direkt, aber eine tiefgreifende Disruption des Gesundheitswesens à la Amazon wird in Deutschland wohl ausbleiben. Die Beharrungskräfte sind zu groß.
Eine Analyse von Daniel Fallenstein

  1. Imagen Tech KI-System Osteodetect erkennt Knochenbrüche
  2. Medizintechnik Implantat wird per Ultraschall programmiert
  3. Telemedizin Neue Patienten für die Onlinepraxis

    •  /