What is meant by hacking wall

Attack on federal company - hackers penetrate the Ruag network

Jump to content
  1. News
  2. Switzerland
  3. Current article
content

Author: Nadine Woodtli and Nina Blaser

Anonymous hackers took a “tour” of Ruag Space a month ago. They document this with image and video material that they pass on to the “Rundschau”. You look around an inbox and show a briefing to the employees of André Wall, CEO of Ruag International.

International projects exposed

Much was blurred in the video. Still recognizable: the intruders scroll through an Excel file. With the stolen administrator rights, they could manipulate such files. A folder directory with international space projects becomes visible. For example «ExoMars_Rover». Ruag Space developed the computer for the Mars vehicle.

Another folder is called “Astranis”, like the US Internet provider of the same name, which sends satellites into orbit. Information about the planned NASA space station could be hidden behind “Cislunar”. The folders will not open. Apparently the burglars do not want to reveal any secrets.

Ruag: «No evidence of hack»

According to its own information, Ruag International has no knowledge of the attack in April. "Our systems are protected according to the latest findings," writes the media office on request. There is no evidence of a hack. Ruag International also states: “The images available to us are not conclusive evidence. The company is currently analyzing the clues in a task force and is reserving the right to file a criminal complaint. "

"We were not affected," says Nicolas Perrin, Chairman of the Board of Directors of Ruag MRO Switzerland. Most of the connections between Ruag International and Ruag Switzerland have already been cut.

Unprotected military data

In 2016, a major cyber attack on Ruag's military secrets became public. The Federal Council recognized that the data juggernaut poses a threat to national security. He split Ruag 2020 into a national and an international part.

The network is still vulnerable, insiders are now warning the "Rundschau". You want anonymity, but you no longer want to be silent: "There are hundreds of unattended servers," says one of the IT specialists. "In addition, hundreds of unknown connections from the Ruag network lead to foreign networks." That is dangerous. Ruag still lacks an overview of his data.

Statement from Ruag

Open the box Close the box

The Swiss part of Ruag, Ruag MRO and Ruag International respond with a multilateral opinion on the allegations of the "Rundschau". Here is a summary of the key answers:

About the cyber attack in April
"We have no evidence of unauthorized access."

Ruag International has a comprehensive protection concept to proactively monitor and ward off attacks.

For the security of the network
"Both Ruag MRO and Ruag International have a complete overview of all cross-connections to other networks".

Ruag MRO also has a complete overview of its own network and its data. The degree of protection corresponds to that of the army.

About Ruag International it says:
After the unbundling, "heavily invested in IT and information security" had been made. Measures have been taken to minimize the effects of an attack.

For the security of sensitive data
"All data from Ruag MRO in the Ruag International environment has been cleaned, deleted or permanently anonymized."

To unbundling
The VBS writes to the "Rundschau" that it was never claimed that the unbundling had been completed. If the whole project is meant by the unbundling, "there are still loose ends that have to be cleaned up."
Ruag emphasizes: “The unbundling has been completed in terms of business. It was always clear that there were still final theses. "

To maintain Ruag International's IT by Tech Mahindra
"Access to sensitive data is limited to a minimum and is subject to the highest security requirements, employees with remote maintenance access are regularly checked."
Ruag continues, "IT outsourcing has increased the level of security."

Read the full statement from Ruag here.

This is confirmed by the confidential report of the Swiss Federal Audit Office from February 2021, which is available to the “Rundschau”: “The lack of an overview of any backups and archives poses a considerable risk,” it says. If this data is not found and deleted, it cannot be ruled out that “military and confidential data will continue to be available to unauthorized persons”.

Uncompleted unbundling - a security risk

Open the box Close the box

Two independent and secure IT networks. One for the national part of Ruag and one for Ruag International. That is the intention of the split-up of the group. But as the "Rundschau" knows, the security-relevant elements of the split have not yet been completed:

1st problem:The Ruag Real Estate
Ruag Real Estate manages all electronic systems for building access, video surveillance and alarms for the Swiss part of Ruag. Also for mission-relevant buildings such as the FA / 18 hangar in Emmen. But the Ruag Real Estate IT network is still in the Ruag International IT landscape. Control over these important electronic systems is therefore not with the military part of the Ruag. According to experts, this is a significant security risk as there are still IT connections between the units.

Another problem: The Indian group Tech Mahindra has been maintaining the IT of Ruag International since April. Insiders say it cannot be ruled out that the Indian provider will have access to sensitive Swiss data and systems.

Ruag denies: "The real estate systems such as camera and access systems are located in separate network segments that only Ruag Real Estate employees have access to." The systems would be migrated to a completely new infrastructure at the end of 2021.

2nd problem:The technical-scientific infrastructure (TWI)
According to an internal report by Ruag from 2020, which is available to the “Rundschau”, there are at least 40 so-called technical and scientific infrastructures at 12 Ruag locations. This also includes military IT infrastructure. The so-called TWIs are an undocumented IT environment that has grown over the years (e.g. measurements in the wind tunnel in Emmen or environmental simulations). You are still in Ruag International's IT landscape and would have to be migrated.

The Swiss part of Ruag still has no control over the data and gateways of the TWIs. This is the conclusion of the Swiss Federal Audit Office in its report of February 2021. Accordingly, the TWIs were also used to "operate software not approved by Ruag or to create their own network gateways." That is according to IT experts a serious security risk, since uncontrolled network transitions represented a danger for the Swiss part of the Ruag and thus for national security.

Ruag replied that it had a complete overview of the TWIs and that they would be migrated to a completely new infrastructure by the end of 2021.

Unbundling not completed

The complete technical unbundling of the Ruag network should have brought more security. However, as research shows, it is not yet fully unbundled. Nevertheless, the Federal Council wrote in its short strategic report in March 2021: "The unbundling was largely completed." Ruag also stated several times: "Unbundling successfully completed."

As a result of the “Rundschau” research, the Green National Councilor Balthasar Glättli is now threatening a PUK: “If the serious allegations are not completely refuted within a short period of time, then the most brutal possible clarification is needed, because this is about trust in the Federal Council."

Statement by the DDPS

Open the box Close the box

The Federal Department of Defense, Civil Protection and Sport (DDPS) also commented in detail on the research carried out by the “Rundschau”. The central points in the DDPS reply are:

  • "The direct connections between Ruag MRO Switzerland and Ruag International have been cut."
  • "Thanks to the careful approach, no malware was migrated to the VBS."
  • "It is no longer the responsibility of the federal government to ensure that Ruag International is adequately protected against cyber risks."

Read the full one here Statement by the DDPS.

SRF Rundschau, May 19, 2021, 8:05 p.m.

  1. News
  2. Switzerland
  3. Current article
Shut down

Always well informed!

Receive all news highlights directly via browser push and always stay up to date. More

Push notifications are brief messages on your screen with the most important messages - regardless of whether srf.ch is currently open or not. If you click on one of the notes, you will be taken to the corresponding article. You can deactivate these notifications at any time. Fewer

Activate push notifications

You have already hidden this notice about activating browser push notifications several times. Do you want to hide this notice permanently or be reminded of it again in a few weeks?

Most read articles

Scroll left Scroll right

Social login

For the registration we need additional information about yourself.

{* #socialRegistrationForm *} {* firstName *} {* lastName *} {* emailAddress *} {* displayName *} {* mobile *} {* addressCity *} {* / socialRegistrationForm *}

Welcome back

Please log in to enter a comment.

{* loginWidget *} Use a different account

Login and register


Log In

{* #signInForm *} {* signInEmailAddress *} {* currentPassword *} Forgot your password? {* / signInForm *}

Simply log in with your social media account or your Apple ID

{* loginWidget *}

Create a new password

Enter the email address of your user account. We will then send you a link that you can use to create a new password.

{* #forgotPasswordForm *} {* signInEmailAddress *} {* / forgotPasswordForm *}

Create a new password

You will shortly receive an email with a link to renew your password.

Didn't get a message?

If you have not received an e-mail after 10 minutes, please check your SPAM folder and the details of your e-mail address.

Welcome back

Please log in to enter a comment.

{* #signInForm *} {* signInEmailAddress *} {* currentPassword *} Forgot your password? {* / signInForm *} Use a different account

Technical error

Oh oops! A technical issue occured. Please try again later or contact our customer service.

Confirm mobile number

So that you can enter a comment, we ask you to confirm your mobile number. We will send you an SMS code to the mobile number.

There has been an error. Please try again or contact our customer service.

Too many codes have already been requested for the mobile number. The function is blocked to prevent misuse.

Too many attempts. Please request a new code or contact our customer service.

Change mobile number

Too many attempts. Please request a new code or contact our customer service.

This mobile number is already in use. Please change your mobile number or contact our customer service.

Change mobile number

The maximum number of codes for the specified number has been reached. No more codes can be created.

Confirm email address

We have sent you an email at the address {* emailAddressData *} Posted. Please check your e-mail inbox and confirm your account using the activation link you received.

Didn't get a message?

If you have not received an e-mail after 10 minutes, please check your SPAM folder and the details of your e-mail address.

Adjust user data

{* resendLink *}

Register and login


to register

With an SRF account, you have the option of entering comments on our website and in the SRF app.

{* #registrationForm *} {* firstName *} {* lastName *} {* emailAddress *} {* displayName *} {* mobile *} {* addressCity *} {* newPassword *} {* newPasswordConfirm *} {* / registrationForm *}

Confirm email address

We have sent you an email at the address {* emailAddressData *} Posted. Please check your e-mail inbox and confirm your account using the activation link you received.

Didn't get a message?

If you have not received an e-mail after 10 minutes, please check your SPAM folder and the details of your e-mail address.

Adjust user data

{* resendLink *}

Your activation email has been sent

Please check your e-mail inbox. The activation email has been sent.

Verified email address

Thank you for verifying your email address.

user account

In this view you can manage your user data.

{* savedProfileMessage *} {* / editProfileForm *}

Change Password

Deactivate account

User data saved successfully

You can view your data at any time in your user account.


Adjust user data

Change Password

Define a new password for your account {* emailAddressData *}.

{* #changePasswordForm *} {* currentPassword *} {* newPassword *} {* newPasswordConfirm *} {* / changePasswordForm *}

Create a new password

Define a new password for your account.

{* #changePasswordFormNoAuth *} {* newPassword *} {* newPasswordConfirm *} {* / changePasswordFormNoAuth *}

Password saved successfully

You can now log in to the article with your new password.

Create a new password

We did not recognize the code to reset the password. Please re-enter your email address so that we can send you a new link.

{* #resetPasswordForm *} {* signInEmailAddress *} {* / resetPasswordForm *}

Create a new password

You will shortly receive an email with a link to renew your password.

Didn't get a message?

If you have not received an e-mail after 10 minutes, please check your SPAM folder and the details of your e-mail address.

Deactivate account

Your account will be deactivated and you will not be able to reactivate it. Recorded comments are not deleted.

Do you really want to deactivate your account?

{* deactivateAccountForm *} {* / deactivateAccountForm *}

Account deactivated

Your account has been deactivated and can no longer be used.
If you would like to register again for the comment function, please contact SRF customer service.

  • Comment from Markus Burkard (MarcusB.)
    If you read through the curriculum vitae (on wikipedia) of Mr. Dittli, you can only come to one conclusion: He is not the right man to accompany this transformation of Ruag. The man has no technical or scientific training whatsoever. But a long military career, he worked 19 years as a career officer. In order to support this transformation in a CONSTRUCTIVE way, it takes more than command, creating organizational charts, sitting out meetings, making demands ...
    Agree Agree to the comment Select answers to reply to the comment
  • Commentary by Peter König (Vignareale)
    I think the whole exercise is a very intense warning
    from concerned RUAG employees
    who have walked this path for fear of punishment
    Otherwise the meeting participants would not have appeared masked on the TV on Wednesday evening. The renovation can only be brought to the desired security with total IT. Technical data about
    Weapon systems do not have to be specially protected, these have long been known worldwide, but our CH army data
    Agree Agree to the comment Select answers to reply to the comment
  • Comment from Markus Burkard (MarcusB.)
    Ruag as part of our state infrastructure is certainly a destination of greater interest than other institutions.But if there is already so obviously slouching here and you should call the child by name: so much high-paid incompetence is on the road, the question arises, what about cybersecurity in other infrastructure areas, such as in traffic (public transport, e.g. SBB), road traffic, police and the large hospitals, at universities e.g. (ETH) ...
    Agree Agree to the comment Select answers to reply to the comment

Footer


Metanavigation