The 500 judges and several other employees of the Berlin Chamber Court have been working in emergency mode for months. Less than five months after an attack with the Emotet malware, the court is to be reconnected to the Berlin state network.
As a report by T-Systems had already suggested, a new network architecture was set up under the roof of the IT Service Center Berlin (ITDZ) in parallel with the ongoing operations. "With the newly procured desktop PCs and notebooks to be connected as well as a few other technical measures, according to our planning at the end of March, with the exception of a few hopefully fewer IT applications for sub-areas, working in the higher court will be possible, the latest technical requirements and the highest security standards equivalent " said the President of the High Court, Bernd Pickel.
The 370 new desktop computers and 150 laptops are now to be connected to the national network. "While the desktop PCs remain in the service rooms, the notebooks are intended for everyone who – like the judges – also works outside the office building", the court writes. Previously, employees in the home office had worked on their private computers and exchanged the data via USB stick. Not only a lax handling of IT security, but also a highly questionable undertaking under data protection law – after all, it is a court that has to do with sensitive information.
The malware Emotet could have entered the court's network either via USB sticks or an e-mail, the opinion could not clarify this. However, it showed that Emotet had already loaded the Trickbot malware, which uses various modules to read access data from the affected systems and send them to the command-and-control server. In this respect, there was also an outflow of data that was initially excluded. In addition, an attacker was most likely able to exfiltrate the entire data of the Chamber Court, the experts write.