How Did the German Taurus Leak Happen?

By Stephen Bryen, WEAPONS AND STRATEGY       9 March 2024

Entrance to the Federal Ministry of Defense in Bonn.

Since the big leak of the German officer’s Taurus conversation, the German authorities have been trying to explain how it happened.  The official position is that the intercept of the conversation happened in Singapore, not Berlin.  There one of the call’s participants, who was attending the Singapore Air Show (February 19 to February 25) returned to his hotel room late at night, after attending a party and, maybe having a few drinks, and around midnight connected to the discussion using Webex.  The German statement said either it was caused by a cellular phone using the insecure hotel wifi, or it was caused by a cell phone internet connection on a cellular network.

The BBC swallowed the Singapore story whole.

The German government put the responsibility on bad communications security while one of the German officers was abroad.  The German Defense Ministry explanation (Bundesministerium der Verteidigung or BMVg) says nothing about particular vulnerabilities of their ministry in Germany, nor whether the others in the conversation were connected by a Ministry computer connection or also using cell phones.

BVMg has offices in Berlin and Bonn.  But German officers serve also at different military bases in Germany and also are seconded to government ministries and also act as trainers and inspectors.

Was it likely the conversation was intercepted in Singapore?  Singapore is a good candidate largely because Singapore is known to have an excellent intelligence service and extensive intercept capabilities.  The Russians, on the other hand, if they are running an intercept capability in Singapore, most likely are primarily focused on the United States and US-Singapore defense cooperation, especially as the new US F-35 stealth fighters are being added to Singapore’s air power.

If we assume that the intercept took place in Singapore, and we accept that it was a Singapore intercept, is it possible China got their hands on it?  The Chinese would have to then pass it to the Russians.

That suggests a rather difficult but not impossible route for handling such a sensitive intercept.

If we assume the intercept took place in Germany, it is more likely the Russians directly listened in to the conversation.

Hotel wifi connections are notoriously insecure and even tourists are warned to avoid hotel connections particularly as malware of different kinds can be introduced onto visitor’s phones without them knowing.  Many business people who travel abroad, especially to China, take “burner” phones with them, not their personal cellular phones.  They use the phones while they travel and then dump them.  Of course the burner phones can also get loaded up with malware and all conversations will be intercepted.

Malware is a big problem on cell phones.  But countries that control cell phone networks also have access to every transaction on a mobile phone connection, both voice and internet.

Graphic from ComSec LLC

In addition to malware, there is a little gem called an IMSI-catcher.  An IMSI-catcher emulates a cell tower.  Cellular phones seek out the strongest cellular signal automatically.  If the IMSI-catcher is relatively close to the targeted cell phone, the phone will understand it as the strongest cell tower signal and connect to it.  The IMSI-catcher acts as a recording device and a cellular phone forwarding system, transferring the signal to a legitimate nearby cell tower while also recording whatever goes through the device.  IMSI-catchers are popular spy stuff, since they can be operated from nearby locations, such as parking lots or adjacent buildings.  One of the reasons places like the Pentagon lock up cell phones before personnel can enter certain offices or attend certain meetings, is exactly this kind of threat.

From a practical point of view, unless the German officer in Singapore was openly tracked, it isn’t too likely an IMSI-catcher or malware explains the intercept, simply on the basis of access and convenience.  However, if the intercept took place in Berlin or Bonn, or at one of the numerous military bases and offices in Germany, then targeting is easier and the direct line to the Russians far more plausible.

In the past the Russians conducted intercepts either on their own or by hiring German hackers.  IMSI-catchers and malware are readily available and cheap.

Assuming that it is three times more likely an intercept took place in Germany than in Singapore (based on the fact that four people were in the conversation and three of them were in Germany) the question arises as to why the BMVg isn’t investigating leaks in Germany or why they were so quick to say it was a sort of stupid COMSEC error in Singapore?  There are a few possible explanations.  The first is that if an investigation took place in Germany then the Ministry would have to reveal that it was using commercial connections and cellphones for all kinds of sensitive conversations.  Obviously it had a WEBEX account, a service that can be accessed either from a computer or cell phone.  Was the German Defense Ministry routinely using commercial software and cell phones to carry on extremely sensitive conversations?  This connects to the second possibility, that the German Defense Ministry wanted to sweep this whole business under the rug as quickly as possible, otherwise there could be significant political fallout, not only about the contents of the leak, but about security in Germany.

Chancellor Merkel with her “secure” cell phone 2014

This is not the first time there have been serious compromises of security in Germany, especially when it comes to communications.  As I wrote in my book in 2016 (Technology Security and National Power) former Chancellor Angela Merkel’s cell phone was compromised, even after she was given a secure cellular phone that used encryption.  Similarly many others, such as Victoria Nuland, John Kerry, Recep Erdogan, Nicholas Sarkozy, got caught with compromised cellular phones.  In the Merkel case we know that the NSA broke into her phone, but probably others did too.  After all, it isn’t just the Russians and Chinese.

One hopes that the German government, even if secretly, cleans up its security practices.

 

March 10, 2024 | Comments »

Leave a Reply