After the cyber attack at the end of December, the Potsdam city administration was offline for around six weeks. Only about a week ago, the online services of the town hall gradually went online again.
There had been criticism within city politics for taking the services offline for so long, but the hacker and IT security expert Carl Fabian Lüpke, aka “Flüpke” from the Chaos Computer Club, assessed the city’s reaction positively: “Looking back, it was it makes sense to go offline quickly.” By cutting the connection, it is very likely that further damage was prevented at the expense of availability.
Praise for constantly checking the systems
“When in doubt, being offline for a few weeks is the lesser evil,” says Lüpke. “Compared to what happened in Bitterfeld in Anhalt, that’s manageable.” The district in Saxony-Anhalt fell victim to a cyber attack in 2021 and then needed a year and a half to completely reinstall its systems. The municipality had declared a disaster at the time.
When in doubt, being offline for a few weeks is the lesser evil.
Carl Fabian Lüpke aka “Flüpke” from the Chaos Computer Club
“They are still suffering from the consequences there today,” says Lüpke. “For example, the municipality lost an environmental database that stored information about pollutants in the soil. We are a long way from that in Potsdam.”
It was right that Potsdam took the time to examine the IT for a long time and thoroughly: “The monitoring of the systems made a lot of sense.” Since 3,700 computers and 260 servers had to be checked for malware after the cyber attack, the long offline Duration understandable.
“It was also good that Potsdam gradually switched individual services back online instead of taking everything back online at once,” says Lüpke. “We may actually have a positive example of how a municipality deals with a cyber attack.”
Lüpke also welcomes the fact that the city is now working with two-factor authentication. When logging into a system, you are not only asked for a password, but also for confirmation in another way – for example with an SMS or a reaction in an app.
According to experts, virus scanners alone do not help
However, Lüpke cannot judge whether the attack could have been prevented: he has too little information about the status of the systems before the attack. Potsdam had already been the victim of a cyber attack in 2020 and then strengthened its security precautions.
According to the hacker, other municipalities could learn from the current case to react to indications early and, if in doubt, to go offline rather than risk greater damage. He doesn’t think much of antivirus programs that are additionally installed to make municipal IT more secure: “In the end, virus scanners and the like are just a patchwork for systems that are already insecure,” says Lüpke. It is crucial that the systems are built securely from the outset.
Warning before sending Office documents
For example, you should refrain from sending Word, Excel or Powerpoint files back and forth by email within the administration: “Such Microsoft Office documents can contain macros, i.e. program code that is executed when you click on them and, in case of doubt, cause damage can,” says Lüpke. “It’s a popular attack vector for cybercriminals looking to break into corporate networks.”
It is also possible to set up your systems in such a way that macros are not allowed to be executed. Another useful method is the cryptographic signature of emails to ensure that a mail sender is really who he claims to be.
Expert: Don’t base security on gut feelings
Such and similar strategies are much more effective than asking administrative staff to look out for suspicious emails: “This makes IT security dependent on the gut feeling of the officials,” says Lüpke. You can never completely avoid the fact that people make mistakes: “One wrong click shouldn’t ensure that an entire city goes offline,” says Lüpke.
On December 29, 2022, after indications of a cyber attack, the administration took all of its IT systems offline. Shortly thereafter, it became apparent that the attack on the servers of the Potsdam city administration was part of a large-scale cyber attack by the criminal hacker network “Hive”. Authorities in Germany and the USA finally smashed the global hacker network. The IT systems have not yet fully restarted.
To home page
