Kampagne gegen Signal-App: Den Köder geschluckt
www.jungewelt.de
Ranghohe CDU-Funktionäre fielen offenbar auf Phishingangriffe per Signal-App herein. Geheimdienste und Medien machen Russland verantwortlich • Foto: Michael Kappeler/dpa

The Federal Government and the EU Commission are still making every effort to enable their secret services and police to read all the chats of the population legally and technically. One obstacle is end-to-end encrypted messenger apps. “I use Signal every day,” Edward Snowden, a whistleblower, said in a statement in November 2015. More than ten years later, the messenger service, supported by a non-profit foundation, is still popular with whistleblowers, dissidents, journalists and also political officials and military officials.

So popular that since the end of 2024 at the latest, tricksters apparently want to systematically facilitate such people around their access data to the signal user account. In order to warn users even more clearly than before about the digital grandchild tricks and to raise awareness of the dangers, the operator of Signal announced new functions for the app on Monday. If you are contacted by non-personally verified signal users, several warnings should be displayed. “Signal will never send you a message and ask for your registration code, PIN, or recovery key,” reads a note. In addition, the so-called phishing (“password fishing”) or other scams is warned. Russian traces

In order to establish contact with signal users, you need the mobile phone number or the user name or the user name selected by the target person himself or. QR code. The fraudsters of the recent wave of attacks pose as a signal support team and claim that the victim must communicate security codes, as the own account may be compromised. The IT security researcher Donncha Ó Cearbhaill, who works for Amnesty International in Berlin, made such a fraud attempt on 8. May on X public. In January, he was contacted by an alleged “Signal Security Support Chat-Bot.” The message claims a “suspicious activity on your device.” The sender also claimed that attempts had been noticed to gain access to “private data in signal” – followed by the request to reveal the personal verification code.

Ó Cearbhaill was able to look behind the scenes. So he was the target number 13.730 in the database of the perpetrators. “The automated system that governs the campaign” is called “ApocalypseZ” by the operators. The source code and the user interface are written exclusively in Russian. The attackers also translated the communication with the victims into Russian.” This assignment should fit the Cold War concept into this “security authorities”.

On 6. In February, the Federal Office for Information Security (BSI), which is subordinate to the CSU-controlled Ministry of the Interior, and the Federal Office for the Protection of the Constitution responsible for counterintelligence, had published a security notice on “phishing via messenger services”. In it, there is talk of a “probably state-controlled cyber actor” who carries out attacks via apps such as Signal. “The minor technical hurdles of this campaign of attack” therefore allow the conclusion that “non-state actors, in particular of cybercriminal groups” could also be responsible. However, the official assessment ends with the verdict: “In view of the high-profile target area, in the currently known cases, a state-controlled cyber actor is likely to be assumed to be the originator.”

Within the following months, it was practically clear for high-reach media: Russia was. On the 9. In March, the Reuters news agency reported on “Russian-backed hackers.” The media house Correctiv reported on 29. April that “the digital traces of the campaign would actually lead to Russia.” More specifically: to “a group that categorizes IT security experts from Google as ‘UNC5792” – whereby the “UNC” stands for unambiguously assigned actors or attacks. Correctiv further claimed that it had “established a connection to previous phishing campaigns against targets in Ukraine and the Republic of Moldova.”

There has been particular excitement since Der Spiegel reported that the phishing attack, often incorrectly referred to as a “hack”, was not only successful for “NATO members” but also for several members of the federal government and the Bundestag. On 22. April, the newspaper had reported that Bundestag President Julia Klöckner (CDU) was one of the victims. The domestic intelligence service had even become present to the chancellor. “In virtually all political groups” there are concerned MPs. According to the SPD group, Spiegelthere were “a few” there. Likewise with the Left Group. The Union Group did not wish to provide any information. Finally, the Attorney General has begun investigations at the Federal Court of Justice on suspicion of intelligence agent activity. The magazine later reported that Education Minister Karin Prien (CDU) and Building Minister Verena Hubertz (SPD) were also said to have gone on the glue to the fraudsters. Should this be true, the perpetrators may have gained access to various Bundestag, government and party-internal chat groups.

In one on 8. Spiegel, published online in May, criticized Signal’s president, Meredith Whittaker, for publicly denigrating the politicians affected by the phishing attack for their alleged incompetence. Whittaker urged better funding for the messenger service in the face of the wide spread of signal among senior officials and secrets. He lives on donations. Arms startups like Helsing would get “billions for their promises,” she criticized. “We operate with Signal an already functioning critical infrastructure and are not supported accordingly.” This is “a serious mismatch.” Those who use Signal as intensively “as apparently NATO representatives or the federal government could think about how they can contribute,” she suggested.

In any case, the victims were manipulated by so-called social engineering in order to make the mistake of revealing their security codes. This can happen in any messenger service, the Signal President explained. When asked by Vice-President Andrea Lindholz (CSU) for a signal ban, Whittaker reacted with incomprehension. “All platforms of this magnitude are vulnerable.” The problem will be followed by migrant users “on all other services, and many of them are considerably more insecure per se.” “It is completely foreign to demand the prohibition of a single secure messenger service, while others remain completely unmentioned,” criticized the Left MP Donata Vogtschmidt on 29. April in a joint communication with her group colleague Sonja Lemke. The prohibition proposal distracts “from the real problem.” Lemke referred to inattentive behavior of app users that “no one can exclude.” Commercial competition

Lindholz has also called for the complete switch to apps from the manufacturer Wire. At the end of April, “via the Bundestag” this software had already been “pushed”, the left-wing politicians said. “Currently, it is the only messenger service that can be easily installed on the devices of the Bundestag,” explained Lemke. The company behind it has been lobbying »for years at the Bundestag«. It was heard in the Digital Committee that Wire was seeking to integrate its own product into the so-called Germany app.

The portal Heise Online had on the 28th. April reports on a letter from Klöckner, in which the President of the Bundestag recommended to all deputies the use of the Wire service. The report speaks of “an urgent appeal.” The BSI had also already granted the product »Wire Bund« the approval for data of the secrecy level »observed matter – only for service use« at that time. Previously, the mirror had on 24. April reports that the Union faction is said to have already campaigned to use the messenger service Wire against its deputies in February after a warning letter from the constitutional protection.

In Berlin, the software provider apparently operates the technical development of the instant messenger through its Wire Germany GmbH. For the year 2023, it recorded a profit of around 270,000 euros, according to the annual financial statements. At 298,956 euros, the profit was slightly higher in the previous year. The company is 100 percent owned by Wire Group Holdings GmbH. Its managing director Benjamin François Schilz was named 9, according to the company. February 2024 brought on board as CEO to drive the “international expansion of Wire”. Schilz is also Managing Director of Wire Swiss GmbH, based in Zug. Wire has moved there after the seat in the USA was probably problematic mainly for image reasons – US companies are legally obliged to cooperate with intelligence agencies. Wire was originally founded by former employees of Apple, Skype, Nokia and Microsoft.

Wire had on the 11th. April 2024 his “strategic partnership” with the Schwarz Group announced. The goal: to drive “secure communication and data sovereignty in Germany and Europe”. The Schwarz Group includes the retail brands Lidl and Kaufland. The digital division is bundled in the Schwarz Digits KG. Commercial register entries show that as of 21. January, among others, Schwarz New Ventures GmbH is 26.4 percent, but also Roland Berger Industries GmbH, based in Munich, with 3.3 percent stake in Wire Group Holding. Zeta Holdings Luxembourg SA holds a further 10.2 percent. Wire Germany registered before the 1. January 2025 under Zeta Project Germany.

The two Left MPs suspect that the Wire push from Union circles “is also due to further lobbying of the Schwarz Group, which wants to place its product and which markets itself as a pioneer of digital sovereignty in Europe.”