Cyberattack on Senator: “In Berlin, some work is carried out with gross negligence”

One day after a suspected Iranian hacker attack on Berlin's Justice Senator Felor Badenberg (CDU) became known, questions about the German capital's IT security are coming to the fore: How could this happen? How safe are high-ranking representatives of the state of Berlin and their families? How can such attacks be thwarted in the future? And when can the Justice Administration's staff unit return to full capacity?

On Tuesday, a report in Der Spiegel revealed that Badenberg had been the victim of an apparently targeted cyberattack against the leadership of the justice administration. Apparently, one of the senator's employees clicked on a link in a so-called phishing email addressed to Badenberg. This likely infected a computer with malware. An anonymous sender then used a false identity to initiate an email exchange with the senator's staff office.

According to the justice administration, the attack apparently began some time ago. Weeks after the senator had a chance encounter with a high-ranking representative of the Central Council of Jews at an event hosted by a Berlin foundation, an email allegedly from this man arrived in Badenberg's office. The senator responded, and the exchange went back and forth several times. After some time, no further response was received from the man. When, shortly thereafter, the Central Council was unable to confirm an appointment supposedly made with Badenberg, her team was clear: There had never been any email exchange with that Central Council representative—but with another, unknown partner.

In particular, access to personal data and calendar information demonstrates how serious the threat of cyberattacks is. Badenberg expressed concern, "especially with regard to the safety of my family."

Felor Badenberg herself – born in Tehran in 1975 and emigrated to Germany with her parents as a teenager – suspects the Iranian secret service was behind the cyberattack. Apparently, the regime, which as a matter of principle does not revoke anyone's citizenship, viewed her as an opposition figure. In fact, Badenberg had participated from Germany in the protests following the death of Mahsa Amini in Iran in 2022 , which called for more women's rights, freedom, and an end to oppression. At that time, she was not yet a politician.

The Berlin State Office for the Protection of the Constitution repeatedly lists Iranian intelligence services in its annual reports—most recently in the report for 2023. It states: "One of the MOIS's primary tasks in Germany is spying on Iranian opposition groups. Furthermore, individuals who have exposed themselves as regime critics are the focus of Iranian intelligence services." According to the Office for the Protection of the Constitution, the MOIS, the Ministry of Intelligence of the Islamic Republic of Iran, is one of the "central Iranian intelligence services."

The Berlin Office for the Protection of the Constitution declined to comment on the specific case when contacted by the Berliner Zeitung on Wednesday. However, it is known that, in the course of the investigation into the cyberattack, approximately two dozen computers from Badenberg's staff office were confiscated. These are being further investigated. This means that Badenberg's office is severely limited in its ability to work. It is unclear whether the remaining approximately 325 computers in the justice administration will also need to be inspected.

Hacker attack on Justice Senator: Bad report for Berlin's IT security

But the attack on the Senator of Justice is already giving the Berlin administration's IT security network a very poor report card.

The ITDZ, the IT Services Center, is responsible for cybersecurity in the Berlin administration. However, this responsibility applies only in principle. In reality, the ITDZ only works with those Berlin state administrations that have commissioned it – and pay for it. Currently, these are: the Senate Chancellery – in particular the area headquartered by Martina Klement, Berlin's Chief Digital Officer and State Secretary for Digitalization and Administrative Modernization; the Senate Department for Economic Affairs, Energy and Public Enterprises; the State Office for Refugee Affairs (LAF); and parts of the Senate Interior Administration. All others muddle along independently with more or less autonomous IT security.

This also applies to the judicial administration—with the exception of the civil and criminal courts. Background: In September 2019, a cyberattack using Trojans paralyzed the Berlin Higher Regional Court. The court, which had previously been committed to autonomy, signed a contract with the ITDZ, which then equipped the courts with so-called judicial PCs. Since then, everything has been quiet, according to the ITDZ.

According to the ITDZ, the consequences include, among other things, the following: It has now installed up to 3,000 so-called Berlin PCs for its customers. These are computers that guarantee the greatest possible protection against hackers. All the other approximately 100,000 computers of the other authorities, administrations, and departments of the state of Berlin are not equipped accordingly – and this in an increasingly digitalized world in which cyberattacks are likely to continue to increase internationally. The ITDZ has its own interpretation: "In Berlin, some work is carried out with gross negligence."