Bundestag President Julia Klöckner, Federal Education Minister Karin Prien, Federal Construction Minister Verena Hubertz – they are all said to have been affected by a phishing attack that has been causing unrest in political Berlin for two months. Signal itself has not been hacked – despite headlines in popular media to the contrary. The attackers took advantage of something else: naivety, ignorance and a peculiarity of political reality.
Read more after the ad
While Bundestag President Julia Klöckner attaches great importance to her social media presence, there is no record of a comparable commitment to IT security. And there is no known increased awareness of the problem among other politicians and other actors now affected. The process is a classic Layer 8 attack: humans are the target. Which is why almost every company that has more than two employees now has phishing attacks simulated. And phishing has also been anything but an unknown quantity in the Bundestag since the 2021 ghostwriter campaign.
Falk Steiner is a journalist in Berlin. He works as an author for heise online, daily newspapers, specialist newsletters and magazines and reports, among other things, on digital policy in the federal government and the EU.
The world of politics is full of secrets, big and small. Small agreements that no one should know about beforehand, considerations about changes to laws relevant to the stock market, upcoming and non-existent horse-trading, personal relationships of politicians and third parties. This applies especially to those who belong to governments, who, as relevant representatives, belong to government factions, who hold office or participate in policy-making. Be it as an employee, as an employee in ministries, as a civil servant in authorities or in the Bundestag administration.
And politics is something else: a goal. From economic espionage, political espionage, to find kompromat against actors in order to gain a knowledge advantage for negotiations. Knowing what others know but which they do not know that the other side knows: an essential factor in politics since ancient times. In times when it cannot be ruled out that Germany could also become involved in a war, it would be all the more important to maintain radio discipline, as high-ranking members of the Bundeswehr had to learn two years ago.
Loose clicks sink ships
Yes, mistakes cannot be completely avoided. Politicians, ministers, departments, employees and the rest of the environment are not IT security gods either. And yet this case is different: In an environment in which warnings are sometimes made in shrill tones about IT security problems, about attack scenarios and about the threat of war, there is a part of the IT infrastructure that can be used far beyond all professional security standards. And that has something to do with the organization of politics.
Because on the one hand, those responsible like Julia Klöckner, President of the Bundestag, are exactly that: parts of a structured organization. It almost doesn’t matter whether it is a ministry, the Chancellery, the Bundestag or another. There are IT security requirements and guidelines everywhere.
Read more after the ad
Bring your own device als Default
And then there is the second reality: that of politics as parties. These are associations of many individual people who believe that they want to change something together and want to take part in forming the political will for it. From an IT organizational point of view, this primarily means: Everyone brings their own device to the party – and interoperability is only achieved through tools.
When the Federal Chancellor, the President of the Bundestag, the CDU General Secretary and their party leadership colleagues have something to clarify with each other, actors from dozens of different infrastructures are connected – via a messenger on their device. And because signal is by no means permitted in every infrastructure and party politics is not allowed to be carried out with funds from the parliamentary administration or government departments at the federal and state levels – even if this is often not possible to handle with such precision in reality – this usually means that private telephones are used instead of crypted, secure environments.
This alone does not mean that the institutions have been compromised. However, this phone is not secured according to any BSI standard. And its integrity depends entirely on two things: the security awareness of users – and their consistent behavior. To put it bluntly: Who would hire Julia Klöckner as an admin for their IT security infrastructure?
A lack of awareness among politicians is not a software problem
Now the problem itself is not news at all. Not in 2026. And not for top politics. Anyone in charge who declares the country’s defense capability to be essential must act accordingly themselves. At the moment, however, those affected are sending clear signals: top German politicians are only willing to defend themselves to a very limited extent when it comes to IT security.
No matter how good the technical solutions are: Of course, people as a gateway are and remain a core problem. And Signal could probably enable even better security mechanisms than the ones it currently offers. But providers cannot solve the problem in front of the screen if it is not interested in the principles of IT security.
Read also
(NO)
