One arrest and further threats in the German police hacker case

The "No Name Crew", a group of hackers who recently published classified information relating to the German customs investigators' "Patras" GPS location system, has threatened to publish further data. The data is to be released at midnight on 28 July, and the alleged target is a German federal authority. The data reportedly includes sensitive information such as the authority's emails. The hackers say that they have had "full control of the central download server of the German Federal Police for some time", and that they were able to intercept the network traffic to and from the systems of the German Federal Criminal Police, the German Federal Police and the German Customs Authority, over the course of an entire year.

To avoid being arrested the hackers have, in WikiLeaks fashion, posted a 717 MB encrypted archive on the internet. The criminals have threatened that an automated response mechanism will publish the archive password should a member of their group get arrested. This could now be the case, as the North Rhine-Westphalian Federal Police reported earlier today (Monday, 18 July) that it has arrested a 23-year-old German citizen on the suspicion of intercepting and manipulating data and computer sabotage. Evidence was reportedly secured at the suspect's home. German Focus Online magazine says that the German police is aware of the identities of three suspected group members.

The case is currently being analysed at the cyber defence centre operated by the German Federal Office for Information Security (BSI). Talking to The H's associates at heise Security, the BSI's Matthias Gärtner was unable to rule out that the attackers may be in possession of further sensitive information. Focus Online quoted a high-ranking German security official as saying that he feared that hundreds of secret investigations could be disclosed on the internet.

Classified investigation documents that the magazine claims to have obtained reportedly state that the attackers managed to exploit mistakes made at the German Federal Police's Swisstal-Heimerzheim barracks in North Rhine-Westphalia (NRW). To save money, the police authority is said to have used the standard XAMPP Apache installation package. This package is intended as a simple introduction to the world of Apache for developers and doesn't present any major configuration hurdles. However, the XAMPP developers explicitly warn that the standard settings are not suitable for production use: "To make it convenient for developers, XAMPP is configured with all features turned on. [...] The default configuration is not good from a security point of view, and it's not secure enough for a production environment."

Consequently, the attackers managed to inject at least 42 trojans into the authority's systems. Talking to Focus Online, the BSI said that unauthorised accesses to the German Central Credit Committee's and the Federal Police's infrastructures that could be attributed to the No Name Crew began in autumn 2010.

(includes material from the German press agency dpa)

(ehe)