Since the big leak of the German officer’s Taurus missile conversation, German authorities have been trying to explain how it happened. The official position is that the intercept of the conversation about the long-range missile’s use in the Ukraine war happened in Singapore, not Berlin.
There, one of the call’s participants who was attending the Singapore Air Show (February 19-25) returned to his hotel room late at night after attending a party and, maybe having a few drinks, around midnight connected to the discussion using Webex.
The German statement said either it was caused by a cellular phone using the insecure hotel wifi, or it was caused by a cell phone internet connection on a cellular network. The BBC swallowed the Singapore story whole.
The German government put the responsibility on bad communications security while one of the German officers was abroad.
The German Defense Ministry explanation (Bundesministerium der Verteidigung or BMVg) says nothing about particular vulnerabilities of their ministry in Germany, nor whether the others in the conversation were connected by a ministry computer connection or also using cell phones.
BVMg has offices in Berlin and Bonn. But German officers serve also at different military bases in Germany and also are seconded to government ministries while also acting as trainers and inspectors.
Was it likely the conversation was intercepted in Singapore? The Southeast Asian city-state is a good candidate because it is known to have an excellent intelligence service and extensive intercept capabilities.
The Russians, on the other hand, if they are running an intercept capability in Singapore, most likely are primarily focused on the United States and US-Singapore defense cooperation, especially as the new US F-35 stealth fighters are being added to Singapore’s air power.
If we assume that the intercept took place in Singapore and we accept that it was a Singapore intercept, is it possible China got its hands on it? The Chinese would have to then pass it to the Russians.
That suggests a rather difficult but not impossible route for handling such a sensitive intercept. If we assume the intercept took place in Germany, it is more likely the Russians directly listened in to the conversation.
Hotel wifi connections are notoriously insecure and even tourists are warned to avoid hotel connections as malware of different kinds can be introduced onto visitor’s phones without them knowing.
Many business people who travel abroad, especially to China, take “burner” phones with them rather than their personal cell phones. They use the phones while they travel and then dump them. Of course, the burner phones can also get loaded up with malware and all conversations will be intercepted.
Malware is a big problem on cell phones. But countries that control cell phone networks also have access to every transaction on a mobile phone connection, both voice and internet.
In addition to malware, there is a little gem called an IMSI-catcher, which emulates a cell tower. Cell phones seek out the strongest cellular signal automatically. If the IMSI-catcher is relatively close to the targeted cell phone, the phone will understand it as the strongest cell tower signal and connect to it.
The IMSI-catcher acts as a recording device and a cell phone forwarding system, transferring the signal to a legitimate nearby cell tower while also recording whatever goes through the device.
IMSI-catchers are popular spy stuff since they can be operated from nearby locations such as parking lots or adjacent buildings. One of the reasons places like the Pentagon lock up cell phones before personnel can enter certain offices or attend certain meetings is exactly this kind of threat.
From a practical point of view, unless the German officer in Singapore was openly tracked, it isn’t too likely an IMSI-catcher or malware explains the intercept, simply on the basis of access and convenience.
However, if the intercept took place in Berlin or Bonn, or at one of the numerous military bases and offices in Germany, then targeting is easier and the direct line to the Russians far more plausible.
In the past, the Russians conducted intercepts either on their own or by hiring German hackers. IMSI-catchers and malware are readily available and cheap.
Assuming that it is three times more likely an intercept took place in Germany than in Singapore (based on the fact that four people were in the conversation and three of them were in Germany) the question arises as to why the BMVg isn’t investigating leaks in Germany or why they were so quick to say it was a sort of stupid COMSEC error in Singapore?
There are a few possible explanations. The first is that if an investigation took place in Germany, then the ministry would have to reveal that it was using commercial connections and cell phones for all kinds of sensitive conversations.
Obviously, it had a WEBEX account, a service that can be accessed either from a computer or cell phone. Was the German Defense Ministry routinely using commercial software and cell phones to carry extremely sensitive conversations?
This connects to the second possibility, that the German Defense Ministry wanted to sweep this whole business under the rug as quickly as possible, otherwise there could be significant political fallout not only about the contents of the leak but about security and surveillance in Germany.
This is not the first time there have been serious compromises of security in Germany, especially when it comes to communications. As I wrote in my 2016 book “Technology Security and National Power” former Germany chancellor Angela Merkel’s cell phone was compromised, even after she was given a secure one that used encryption.
Many others, such as Victoria Nuland, John Kerry, Recep Erdogan, Nicholas Sarkozy, similarly got caught with compromised cellular phones. In the Merkel, case we know that the US NSA broke into her phone but probably others did too. After all, it isn’t just the Russians and Chinese.
One hopes that the German government, even if secretly, cleans up its security practices.
Stephen Bryen served as staff director of the Near East Subcommittee of the Senate Foreign Relations Committee and as a deputy undersecretary of defense for policy. This article was first published on his Weapons and Strategy Substack and is republished with permission.