SINGAPORE - A conference call held by senior German military officials was intercepted by Russia and leaked to the public, raising questions about the security of Web conferencing tools, hotel phone lines and public Wi-Fi connections.

       Revealing the initial results of an ongoing investigation, German Defence Minister Boris Pistorius said on March 5 that a German military officer participating in the Singapore Airshow in February had used an unsecured line at a Singapore hotel to join the Webex call.

       The leaked audio features four high-ranking German air force officers discussing hypothetically how long-range cruise missiles could be used by Kyiv against invading Russian forces.

       The Straits Times spoke to cyber-security experts to find out how the leak could have happened and the precautions one must take to secure Web conferencing calls, which experienced a spike in popularity during the Covid-19 pandemic.

       Q: Are Web conferencing calls secure?

       A: Major Web conferencing platforms like Zoom and Webex offer end-to-end encryption, which means that anyone not authorised to listen in cannot make sense of the audio, visual and text transmission.

       Encryption makes it difficult to eavesdrop, said Mr Kevin Reed, chief information security officer at cyber-security firm Acronis.

       In Germany’s case, its military did not use an off-the-shelf version of Webex, but a specially certified one installed on servers owned by the military and located in its armed forces’ computing centres in Germany, Mr Pistorius said. This set-up offers the highest level of security.

       Get a round-up of the top stories to start your day

       Thank you!

       Sign up

       By signing up, I accept SPH Media's Terms & Conditions and Privacy Policy as amended from time to time.

       Yes, I would also like to receive SPH Media Group's SPH Media Limited, its related corporations and affiliates as well as their agents and authorised service providers.

       marketing and promotions.

       But these tools allow participants to dial in through regular telephone landlines, which have no encryption and may be tapped, said Mr Vitaly Kamluk, cyber-security firm Kaspersky’s Asia-Pacific director of global research and analysis.

       Web conferencing platforms provide this option to participants without Internet access, but it also allows people to eavesdrop.

       “When you dial in using a landline, a copy of the decrypted call is created, compromising the security,” said Mr Reed. To better secure such calls, users should disable the landline option, he added.

       Some speculated that Germany’s Brigadier-General Frank Grafe, who was here for the Singapore Airshow, had dialled in from a regular telephone line from the hotel.

       There was also speculation that Germany’s Webex server had been hacked. But Mr Reed does not think so.

       The strategic advantage of keeping this a secret would outweigh the benefits of leaking the contents of the call, he said. “Why would they alert Germany to patch any vulnerabilities? I think it was a random, one-time success.”

       Q: How else can Web conferencing calls be compromised?

       A: Web conferencing call invites contain a phone number and a call passcode. To enter the call, participants need to key in the call passcode. Sometimes, a personal identification number is also needed.

       Technically, anyone who receives the invite can join the call.

       More On This Topic

       How damaging are the revelations in German military intelligence leak?

       Kremlin says German military recording shows intent to strike Russia

       Kaspersky’s Mr Kamluk said that Germany’s Brig-Gen Grafe is a person of interest, and likely under surveillance.

       The Webex call details could have been compromised if Brig-Gen Grafe had forwarded the invite to his personal e-mail account.

       This theory follows media reports citing Mr Roderich Kiesewetter, a member of Germany’s Lower House of Parliament, who said there were indications that a Russian participant had dialled into the Webex call.

       However, Mr Pistorius dismissed the claim as speculation.

       Q: Will I compromise my data by using a hotel’s Wi-Fi network?

       A: Wi-Fi connections, such as those in hotels, are not secure.

       “Most public Wi-Fi networks require no authentication to establish a connection, which allows malicious actors to join the same network and position themselves between the user and the server,” said Mr Kamluk.

       Using such a network could allow malicious hackers to steal personal data and passwords, including those for accessing secret Web conference calls and online banking.

       To protect sensitive data, always use a virtual private network or VPN, which creates a secure tunnel over a public network, said Mr Dmitry Volkov, chief executive of cyber-security firm Group-IB.

       He also cautioned against downloading any software if a public Wi-Fi connection prompts individuals to do so. It could be malware, he said.

       More On This Topic

       Britain says allies’ unity unshaken by German army leak

       German officer’s error in joining call from S’pore hotel caused military leak

       Unlock unlimited access to ST exclusive content, insights and analyses

       ST One Digital - Annual

       $9.90 $4.95 /month

       Get offer

       $59.40 for the first year and $118.80 per year thereafter.

       ST One Digital - Monthly

       29.90 $9.90 /month

       Subscribe today

       No lock-in contract

       Unlock more knowledge, unlock more benefits

       New feature: Stay up to date on important topics and follow your favourite writers with myST All subscriber-only content on ST app and straitstimes.com Easy access any time via ST app on one mobile device

       Join ST's WhatsApp Channel and get the latest news and must-reads.

       Surveillance Germany Russia Cyber security

       Facebook Telegram More Whatsapp Linkedin Twitter FB Messenger Email Print Purchase Article Copy permalink https://str.sg/nebK

       Read this subscriber-only article for free!

       Just sign up for a free account and log in to continue reading.

       askST: Are Web conferencing tools, hotel Wi-Fi and landlines protected against eavesdropping?

       Sign up

       Already have an account? Log in.

       All done! This article is now fully available for you

       askST: Are Web conferencing tools, hotel Wi-Fi and landlines protected against eavesdropping?

       Read now

       Please verify your e-mail to read this subscriber-only article in full

       askST: Are Web conferencing tools, hotel Wi-Fi and landlines protected against eavesdropping?

       Resend verification e-mail

       The gift link for this subscriber-only article has expired.

       Get unlimited access to all stories at $0.99/month for the first 3 months.

       Subscribe now

       You have reached your limit of subscriber-only articles this month.

       Get unlimited access to all stories at $0.99/month for the first 3 months.

       Subscribe now

       Read and win!

       Read 3 articles and stand to win rewards

       Let's go! Terms & conditions apply

       Frequently asked questions

       Good job, you've read 3 articles today!

       Spin the wheel now

       Let's go! Terms & conditions apply

       Frequently asked questions