“If one were to capture this system, there would be a potential way from outside to the inside,” expert Kristian Köhntopp told the Süddeutsche Zeitung (SZ) on Thursday.
Köhntopp had earlier posted an analysis of the Bundestag's domain names [web addresses] showing that “the boxes [computers] all have one foot in the internet and one in the [internal parliament] intranet”.
By accessing computers belonging to the different party groups in the Bundestag, an attacker could potentially worm his way through their public-facing internet presence into internal, private – or even classified – information.
He calls the way the MPs' computers are set up an “ideal bridgehead” which could be used by attackers to scan the Bundestag network and identify weak points.
Once such a vulnerable spot is found, the hackers could work their way from computer to computer through the system until they acquired administrator rights, granting them wide-ranging powers over the machines and their data.
There is no suggestion that the method discovered by Köhntopp was used by attackers in a recently-unmasked hacking attack on the parliamentary network which has baffled IT security experts.
'A 17-year-old could take over completely'
Köhntopp told the SZ that he himself hadn't tried using the method to penetrate the Bundestag network.
“This isn't effortless, it's particularly time-intensive,” he said. But “a 17-year-old nerd with generous free periods at school has total potential to take over the place completely” – never mind foreign intelligence services.
“A successful attacker from the internet potentially has access to the internal network and to the internal content offered by the server there,” Chaos Computer Club press spokesman Linus Neumann confirmed.
But he also agreed with Köhntopp's assessment that it would be a challenging project to use the weak points to break into the internal network.
“If the system looks so prone to failure from the outside, how does it look inside the internal network,” Köhntopp wondered.
The Bundestag refused to respond to questions from the SZ about the potential entry point for hackers, saying that “we can't give any information about this question for IT security reasons.”
And they completely refused to answer a question asking whether the Bundestag shouldn't have especially high security.