NSA Aftermath German Firms Scramble to Boost Data Protection

German companies have long suspected China and Russia of trying to steal their secrets. But the NSA scandal has turned their attention west, forcing them to worry about prying American eyes and to rapidly bolster security measures.



Building No. 14 of SAP's service center in St. Leon-Rot seems as secure as Fort Knox. But, in the end, it isn't the exterior walls of meter-thick reinforced concrete that give off this impression. Nor is it the security cameras or the high-tech steel gate. In fact, the latter wasn't even working a few weeks ago, as can be seen from the handwritten note taped to it, saying: "Gate broken. Please open manually."

What really makes this building in southwestern Germany secure is a state-of-the-art fingerprint verification system. The computer center is filled with servers containing data on this German software giant and thousands of other companies, together making up a giant library of secret company information spanning much of Europe. To get into it, visitors must pass through five security control points, each equipped with its own fingerprint scanner. Only authorized fingers are given access, and only when they are still attached to living individuals. No one gets into the building with severed fingers.

In other words, it would be wrong to say that efforts aren't made to protect business secrets in Germany. On the contrary, the precautionary measures taken by German companies sometimes read like a chapter from a John Grisham novel -- or, in some cases, like pages from a medical textbook on paranoia.

When BMW managers fly to other countries, they leave their company-issued mobile phones at home in Munich. In their place, they are given disposable phones to be discarded upon return.

At the specialty chemicals giant Evonik, managers are required to store their mobile phones in cookie tins during meetings, the idea being that the tins will serve as Faraday cages that prevent anyone from listening in on the conversations.

Ferdinand Piëch, the chairman of Volkswagen's supervisory board, has conference rooms regularly swept for bugs, and the company even has its own airline, Volkswagen Air Services. The planes are registered in the Cayman Islands, but not in order to avoid paying taxes. Instead, the point is to make the aircraft less recognizable as VW planes so that passenger lists are not readily accessible.

At the aerospace group EADS, employees are not permitted to use iPads or iPhones at work. Only Blackberrys are allowed. Employees working in high-security areas are also not allowed to read work-related emails outside their sealed-off offices.

Heightened Worries about Data Abuse

After the revelations of large-scale data mining by the United States, German managers have become even more nervous about data security. EADS CEO Tom Enders and other senior executives have ratcheted up their defensive measures even further. "Many documents that used to be sent by email are now hand-delivered to the recipient," says an EADS official. He notes that the only documents that are now sent electronically are those that the company would have no objections to posting publicly or displaying "on the church door."

Enders and his fellow managers are not alone. Many German business executives are worried about what the NSA does with all the data it presumably collects on German companies, says Ulrich Brehmer, a member of the executive board of the German Association for Security in Industry and Commerce (ASW).

Brehmer is far from a conspiracy theorist, and he isn't trying to suggest that US intelligence services are deliberately poaching industrial know-how from Germany and channeling it to American companies. Instead, what worries him is that US intelligence agencies are working hand-in-hand with consultants from the private sector. "Who knows whether they might be selling information to interested parties here and there," says Brehmer, who assesses the risk of such data abuse as "high."

SAP founder Hasso Plattner also feels uneasy about the surveillance operations of American intelligence agencies. "It certainly is strange that much of the surveillance is centered on southern Germany," he says, "precisely where all the large and small technology companies are located."

This sense of anxiety has become widespread in Germany. "We are noticing that companies have become more sensitive in recent weeks," says Michael George, the head of the Cyber Alliance Center at the Bavarian State Office for the Protection of the Constitution, the state branch of Germany's domestic intelligence agency. "When it comes to industrial espionage, they had focused almost exclusively on the East. And now they're wondering whether the threat might not also be coming from the West."

Small and medium-sized businesses (SMEs), in particular, are contacting the experts at the state agency and asking some very basic questions: What about products made by US software companies, such as Microsoft, that are commonly used by German companies? Should managers still use Skype for meetings? In addition to hacker attacks from China, do SMEs now have to worry about industrial espionage originating in the United States?

'The Americans Are Pros'

German companies once had a lot of confidence in everything coming from the United States. But it's already clear that much of this has been lost.

Granted, to date, there are no known cases in which US agencies have tried to steal German know-how. But perhaps this is only because German authorities and companies haven't been looking hard enough. The victims of hacker attacks are usually kept in the dark, and it might be that American intelligence agencies are just better at covering their tracks.

In fact, they don't even have to gain direct access to German companies. What sometimes happens is that US intelligence agencies, while conducting their extensive searches on the Web, flush out packets of data from German companies "that don't belong there," says a senior official with the Federal Office for the Protection of the Constitution (BfV). Through data leaks, this information often reaches German authorities, who then notify the affected companies.

"The Americans are pros. They don't leave any tracks behind -- and if they do, they're the wrong ones," says Christopher Fischer of BFK, a consulting firm in the southwestern city of Karlsruhe. "It's always easy to act as if the attack were coming from China. And although they are very active at the moment, everything is now of course being blamed on the Chinese."

All companies know that they should protect themselves from the prying eyes of competitors. But, until now, it was commonly believed that threats of industrial espionage emanating from government entities primarily came from China and Russia, where it is common for intelligence services to spy on foreign economies.

Likewise, it has always been clear that Germany is a stomping ground for industrial spies. Dozens of cases have been publicized in recent years. The only real difference among them is that the spies were looking for different things. The Iranians wanted to know where in Germany they could secretly buy parts for their nuclear program. The Russians have an appetite for all things military. And China's product bootleggers are interested in everything from military technology to high-end record players.

The problem in fending off espionage is that many potential access points must be monitored at the same time. SAP alone sees about 3,000 attacks a month. Throughout Germany, the number of attacks is allegedly in the hundreds of thousands -- per day. "It isn't even necessary to have a great deal of expertise to attack small and mid-sized companies," says a senior BfV official.

Moreover, no one knows exactly where the attacks are coming from. Are they industrial spies? Intelligence agencies? Or just amateur hackers? It is clear, however, that there are entire armies of mercenaries roaming the web, ready to sell their services to the highest bidder. And they are good at what they do. "We have cases in which attackers played around in a company's computers for more than 100 days before being discovered," says Fischer, the BFK consultant. "When that happens, you can assume that nothing is secret anymore."

Discuss this issue with other readers!
13 total posts
Show all comments
Page 1
peskyvera 08/06/2013
1. optional
Germany finally realizing that 'Amerika' is not to be trusted??? Stop sucking up to the US!
4nd.you.know.this 08/06/2013
2. Pathetic Germany
"Granted, to date, there are no known cases in which US agencies have tried to steal German know-how. But perhaps this is only because German authorities and companies haven't been looking hard enough." No, it's because the United States doesn't need German technology. You Germans are acting like Americans can't do what you do – B.S! The United States is the world leader in science and technology. Our research and development is second to none and our Universities put yours to shame. We created the internet, GPS, and have an active presence on Mars! What's the last technological advancement that changed the world and came out of Germany, nothing lately. If the Americans are spying on German companies, it's because German technology always shows up in Iranian nuclear reactors. Stuxnet exploited software vulnerability in SIEMANS industrial controllers. You know, the ones used to enrich uranium for nuclear weapons! Stop acting like America cares about SAP (the only German software company by the way), or suspension systems from Volkswagen. It makes you look real pathetic.
plutocrat 08/06/2013
3. Finally it downed to Germans
I hope that now even the most blinded and brainwashed Germans including Angela Merkel and her advisers will understand that spying on the private phones and e-mails and other internet communications and data transmission was never real issue for NSA. Simply there would be too many data and 99,999% complete rubbish as far as intelligence is concern. It was my firm conviction that the real issue about GSHQ and NSA spying was to gather German industry and R&D institutes secrets. Reading what some companies are undertaking to protect their data I cannot not to laugh. It seames that some security advisers are still living in 20th century. Nowadays company might have 100 check points with security ready to kill and their data will be still fully unprotected. The only means of protecting data is to store them in computers which are not connected to any Internet or Intranet system and has no wireless or Bluetooth capabilities. Only physical separation from any kind of connectivity to Internet can save them.
alex.a 08/06/2013
4. Re: Pathetic Germany
@4nd.you.know.this Just to broaden yours horizons, many engineers, scientists and technicians came from Germany during and after WW2 to th U.S. One of the famous is Albert Einstein. First, this is one of the reasons why the U.S. is leading in technology today. Second, not only Americans teach at American universities.
rappelkiste 08/06/2013
5. Answer to Mr
Obviously you don't know much about the world. I guess you never heard about "Operation Paperclip" when the US confiscated all those German scientific achievements which significantly helped to turn the US into a military superpower after world war 2. Guess where the basics for your stealth-, and cruise missile technologies come from? Or what about the Germans who brought the US to the moon? Who was the father nuclear fission? A German. Who built the first working jet engine/aircraft? Germans. Just look up the list of the most important inventions of all time. It is filled with German names. It is nothing but a miracle that Germany still holds the 2nd most patents in the world with just a quarter of US population. Germany IS the most spied on country on the planet in terms of industrial espionage for a reason. Greetings from Berlin.
Show all comments
Page 1

All Rights Reserved
Reproduction only allowed with permission

Die Homepage wurde aktualisiert. Jetzt aufrufen.
Hinweis nicht mehr anzeigen.