“You can crack everything,” says Sandro Gaycken, a security consultant for government institutions and businesses. “Above all, the hardware and software used by German parties is not as well-protected as the high-security CIA computers.” As the director of the Digital Society Institute (DSI) at the European School of Management and Technology (ESMT), he is considered to be one of the leading specialists for IT high security in Germany. He says that even the federal government is not in good enough shape to withstand cyberattacks. “It is quite easy and little effort is needed. A system of 1,000 bots (automatic robots) that can flood a social network system like Twitter would not even cost me 30 euros,” explains Linus Neumann from the Chaos Computer Club (CCC) in Berlin. Since the 1980s, the organization has been dealing with the weaknesses of computer systems.
Passwords are the key needed to get past a computer’s firewall. This is where spear phishing is used. “Nearly all cyberattacks use a ploy to take advantage of human weakness,” Neumann explains. It all begins with a simple email with a great deal of correct information about its recipient, their work field and employer. Then, the recipient is asked to change their password because it has apparently not been done for a while; otherwise, Internet access would be denied.
A link to reset the password is also sent. When clicked, it shows a page that looks like a company page, including the company logo. This is followed by a request to enter the old password again. But the page is a fake. Do people fall for it or not?
Yes, they do. That is how cyber attackers gained access to former White House chief of staff and Hillary Clinton campaign chief John Podesta’s confidential emails. The information was later obtained by whistleblower website WikiLeaks. Among other things, the emails revealed Clinton’s conflicts of interest and became a significant source of controversy during her election campaign. Germany’s parliament, the Bundestag, was the target of a similar cyberattack in 2015.