As of today we still use shared network drives for everything in major German company. We don’t use slack/irc/Skype/zoom/whatever. Phone calls and conferences(!) from the middle of open office is normal. Asana/Trello/Jira are not known at all. GitHub is paid for, but never used. I am single weirdo in multi department project using github ticket system. The code with prefix is copied for colleagues to project’s shared folder. PostIt tickets on the table works good enough for others. Talking about bugs is impossible since nobody knows what’s fixed and what’s not, the bugs have date in the best case. Everything else is done in Excel sheets using in house written scripts. They usually end in a mess since some people use German regional settings and other English ones. That’s state-of-art situation in very rich and big company today. I don’t see any possible changes in future. Old boy club fights all the time against proposed improvements. You can forgot topics like information security, phishing, being silent about work topics outside the office. Hackers are known from the American movies only.
On the other hand I also worked in opposite unhealthy paranoid environment. I was hired to design Ethernet camera, but Wireshark usage in their office was prohibited. Packet analysis was seen as the worst thing in the company. I quit after few months trying to explain, that I need to analyze the packets during design phase. I think, it’s very normal, that other countries abuse illiteracy of German industry.
The state of the German IT industry outside of a few select places (Berlin, mostly) is what makes me very pessimistic about the future of its car industry.
They (meaning the big 3: VW, BMW and Mercedes) apparently still think that building the best engines/transmissions and being the best at putting them all together is all it takes in order to make a modern car, unfortunately I think EVs will be more about software and the way said software can best manage the car's power resources. From far away Tesla looks like it's doing quite a nice job with its EV software, the Germans, not so much.
If it matters I've never worked in Germany but as an IT person/programmer living in Europe I've followed the German IT industry pretty constantly as Germany is one of the best countries in terms of quality of life (I know it's not perfect, but it sure beats my Eastern European country). Unfortunately for me its backwards IT industry (again, as seen from the outside) keeps me away from it.
Germany's tech illiteracy is a self-inflicted consequence of its pitiful salaries in this field, treating IT like a cost center that has to be outsourced to wherever is cheaper and companies' tradition of rewarding management incompetence over technical competence.
Consequently, Germany's most brilliant tech minds leave for The Valley, Zurich or London.
I think there's a pretty big gap between "software first" companies and engineering driven ones (car companies, "Maschinenbau" etc.). Sometimes the cultural gap is pretty shocking to me. I made a career decision to avoid engineering driven companies for software related jobs because the situations are usually similar to your scenario.
That's not just in Germany. The €3bn Dutch energy company I've worked for was glued together with a shared network drive. It was effectively their poor man's event bus. Pure anarchy, a house of cards of excel sheets and legacy software writing to and consuming from it. Controlling serious infrastructure like the major power plants of the 18th largest economy of the world in 2012 [1]. The result of IT managers who failed to see how the world was changing and came and go, to do things like "agile transformations" instead. I've learned valuable but painful lessons there.
In my major German company, mostly living off hardware, we seem to be at least living with a decent stack (though mostly using the MS copycats of Slack, Jira and Github). Interesting that it seems to be different at other companies. However, describing the automotive companies of being unaware of the need for more software devs is simply false - living in Munich, all the companies are doing is investing in software devs (car media, autonomous driving, electric cars, digital business models, apps, car sharing,...)
England checking in, that all sounds strangely familiar even down to the network shares.
Honestly security at this point is a myth, we can't close the door after the horse bolted as the barn is currently on fire and the horse has been gone so long it's settled down and raised a family.
We're hiring for software at Stenon, we make a portable soil analysis device for real time agricultural nutrient analysis [0][1]. Based in Potsdam, Brandenburg (30 minutes on the train from Berlin), and yes, we use git :)
This is a recurring flawed observation when young grads enter industry and expect continuous integration, test-driven development and $buzzword framework. What you describe is simply the reality in a vast majority of companies, Germany or elsewhere.
>> Packet analysis was seen as the worst thing in the company
Wow, that is just insane... "We want you to put a nail in that board but, by god do not even think of using a hammer". That must be the worst case of "security" by obscurity I have ever heard. Was this one of the bigger companies or a smaller firm? I wonder what kind of decision making process leads to such policies.
This group of german companies founded their own security group [German Cyber Security Organization (DCSO)]. That speaks a lot about their trust in their public services.
The only time I've been involved in a hacking attempt (it was ransomware) the company I work for contacted the CCN-CERT. I wonder if US companies contact NSA/Other gov agencies or deal with it themselves with security companies.
Also, while I understand the care and concern they put into securing their networks, many german companies basically gift their tech to china, like Deutsche Bahn, or being bought and transfered there, like it happend with Kuka. So be it by hacking into your network or "partnering", they'll copy your tech and kick you out of their market sooner or later.
> This group of german companies founded their own security group [German Cyber Security Organization (DCSO)]. That speaks a lot about their trust in their public services.
> The only time I've been involved in a hacking attempt (it was ransomware) the company I work for contacted the CCN-CERT. I wonder if US companies contact NSA/Other gov agencies or deal with it themselves with security companies.
In the US, most large companies that have suffered breaches contact the FBI.
Probably because when it comes to anything cyber-related, the German government, like most big companies there, is a dinosaur, greatly inferior to it's British and Swiss counterparts.
"Modern-day espionage operations have one big advantage: Instead of painstakingly planting agents in companies, digital spies are simply sending prepared emails."
We face this threat in my business - daily fishing attempts or schemes to get employees to open files. It never stops.
This is a primary reason when we started designing our new web app at bomquote.com a few years ago, we first focused on communication tools which reduce our use of email both internally and in our dealings with our customers.
Sure, there will be attempts to hack our app servers, but from my view we can deal with that easier than preventing our accounting admin from clicking on a well crafted email.
If I'm understanding the article correctly, the hackers are using a easily reversed cypher for storing configuration data for their malware, which was reversed by assuming the presence of the string "C:\Windows\System". In the following decrypted data the name of the respective company targeted was found.
Yes I suppose it would be easily faked if the faker had performed a similar analysis on the malware...
Good article. I am not so bothered by the effects, I think they complement the article well. I sure like that what may seem like decoration to some readers is actually real - I find it very interesting to find out that they find the malware using nmap.
Now where do I get that script? More detail would of course always be nice.
> Winnti is a highly complex structure that is difficult to penetrate. The term denotes both a sophisticated malware and an actual group of hackers.
Hacking groups are corporations and spread risk away from indictable individuals just as efficiently, with a separation of liability and actions and knowledge
What are your specific criticisms? A blanket dismissal is not very helpful and additionally sort of off-topic.
For what it’s worth I found the presentation to be excellent. Extremely well readable, clear focus on text presentation and typography, tasteful illustrations that stay back and give the text the center stage but are still for the most part helpful, extremely well done and tasteful animations. (I read this on my phone so I don’t know how this looks on a wider viewport.)
Not really sure what is so obnoxious about this. The whole article is made up like the NYTimes interactive articles are. Quite a high design standard to compare to and they're doing pretty well. No idea what you are talking about.
[+] [-] lnsru|6 years ago|reply
On the other hand I also worked in opposite unhealthy paranoid environment. I was hired to design Ethernet camera, but Wireshark usage in their office was prohibited. Packet analysis was seen as the worst thing in the company. I quit after few months trying to explain, that I need to analyze the packets during design phase. I think, it’s very normal, that other countries abuse illiteracy of German industry.
[+] [-] paganel|6 years ago|reply
They (meaning the big 3: VW, BMW and Mercedes) apparently still think that building the best engines/transmissions and being the best at putting them all together is all it takes in order to make a modern car, unfortunately I think EVs will be more about software and the way said software can best manage the car's power resources. From far away Tesla looks like it's doing quite a nice job with its EV software, the Germans, not so much.
If it matters I've never worked in Germany but as an IT person/programmer living in Europe I've followed the German IT industry pretty constantly as Germany is one of the best countries in terms of quality of life (I know it's not perfect, but it sure beats my Eastern European country). Unfortunately for me its backwards IT industry (again, as seen from the outside) keeps me away from it.
[+] [-] ChuckNorris89|6 years ago|reply
Consequently, Germany's most brilliant tech minds leave for The Valley, Zurich or London.
You reap what you sow.
[+] [-] kriro|6 years ago|reply
[+] [-] rollulus|6 years ago|reply
[1]: https://en.wikipedia.org/wiki/Economy_of_the_Netherlands
[+] [-] sveme|6 years ago|reply
[+] [-] noir_lord|6 years ago|reply
Honestly security at this point is a myth, we can't close the door after the horse bolted as the barn is currently on fire and the horse has been gone so long it's settled down and raised a family.
[+] [-] L_226|6 years ago|reply
[0] - https://stenon.io [1] - https://stenon.io/en/career/
[+] [-] stefan_|6 years ago|reply
[+] [-] iserlohnmage|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] bigred100|6 years ago|reply
[+] [-] maze-le|6 years ago|reply
Wow, that is just insane... "We want you to put a nail in that board but, by god do not even think of using a hammer". That must be the worst case of "security" by obscurity I have ever heard. Was this one of the bigger companies or a smaller firm? I wonder what kind of decision making process leads to such policies.
[+] [-] iagovar|6 years ago|reply
The only time I've been involved in a hacking attempt (it was ransomware) the company I work for contacted the CCN-CERT. I wonder if US companies contact NSA/Other gov agencies or deal with it themselves with security companies.
Also, while I understand the care and concern they put into securing their networks, many german companies basically gift their tech to china, like Deutsche Bahn, or being bought and transfered there, like it happend with Kuka. So be it by hacking into your network or "partnering", they'll copy your tech and kick you out of their market sooner or later.
[+] [-] vageli|6 years ago|reply
> The only time I've been involved in a hacking attempt (it was ransomware) the company I work for contacted the CCN-CERT. I wonder if US companies contact NSA/Other gov agencies or deal with it themselves with security companies.
In the US, most large companies that have suffered breaches contact the FBI.
[+] [-] ChuckNorris89|6 years ago|reply
[+] [-] bobjordan|6 years ago|reply
We face this threat in my business - daily fishing attempts or schemes to get employees to open files. It never stops.
This is a primary reason when we started designing our new web app at bomquote.com a few years ago, we first focused on communication tools which reduce our use of email both internally and in our dealings with our customers.
Sure, there will be attempts to hack our app servers, but from my view we can deal with that easier than preventing our accounting admin from clicking on a well crafted email.
[+] [-] mehdix|6 years ago|reply
[+] [-] mtgx|6 years ago|reply
https://krebsonsecurity.com/2018/07/google-security-keys-neu...
[+] [-] ga-vu|6 years ago|reply
[+] [-] janekm|6 years ago|reply
Yes I suppose it would be easily faked if the faker had performed a similar analysis on the malware...
[+] [-] solarkraft|6 years ago|reply
Now where do I get that script? More detail would of course always be nice.
[+] [-] yorwba|6 years ago|reply
The nmap script was written by ThyssenKrupp's security division and can be found here: https://github.com/TKCERT/winnti-nmap-script/blob/master/win...
[+] [-] jamesmadison66|6 years ago|reply
[+] [-] logari|6 years ago|reply
[+] [-] rolltiide|6 years ago|reply
Hacking groups are corporations and spread risk away from indictable individuals just as efficiently, with a separation of liability and actions and knowledge
This needs to be understood
[+] [-] tobiasu|6 years ago|reply
[deleted]
[+] [-] arrrg|6 years ago|reply
For what it’s worth I found the presentation to be excellent. Extremely well readable, clear focus on text presentation and typography, tasteful illustrations that stay back and give the text the center stage but are still for the most part helpful, extremely well done and tasteful animations. (I read this on my phone so I don’t know how this looks on a wider viewport.)
[+] [-] akuji1993|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]