German missiles 'hacked by foreign source'

A German missile system stationed on the Turkish-Syrian border was reportedly hacked by a "foreign source" and carried out "unexplained commands".

The Patriot missiles, stationed on the Turkish side of the border under the Nato pact, were briefly taken over by an unidentified hacker, according to German civil service magazine Behörden Spiegel.

The magazine does not give details about what these orders were or when they were carried out, but suggests hackers may have gained access to the missile system through a computer chip which guides the missiles, or through a real-time information exchange which allows the missiles to communicate with their control system.

Experts say that such a hack could lead to the battery failing to intercept incoming missiles or even firing at an unauthorised target.

A spokesman for the German Federal Ministry of Defence has since denied the allegations, telling German newspaper Die Welt that there is no evidence for such a hack taking place.

Patriot missiles have been in US army service since 1984 and were first used in operation in the 1991 Gulf War.

Germany recently announced it would be spending several billion euros to replace its Patriot system with a next-generation missile system designed by the US and Italy, with the replacement due to be completed by 2025.

The missile system has been stationed on the Syrian border for two years after Turkey asked its Nato partners for support in light of the Syrian civil war, which is still raging the other side of Turkey's border.

The missiles are owned and operated by the Bundeswehr, the German army. According to Die Welt, the battery consists of six launchers and two radars.

Ewan Lawson, a cybersecurity expert at defence think tank RUSI, says that hacks of military missile systems may be more common than realised but go unreported for security reasons. He says that only nation-states would have the capacity to hack such a system.

"This is unlikely to have been a fortunate amateur hacker. If it has happened it would have been a focused effort on behalf of someone," says Lawson.

He cites Russia, China, the US, the UK, Israel and potentially Iran as the only nations with the capacities to infiltrate a stand-alone missile battery, but adds that the Patriot technology is old and needs to be updated.

The media report suggests two possible reasons for infiltrating the system: to remotely operate the missiles or to steal sensitive data from the system.

Caroline Baylon, cybersecurity research associate at Chatham House, says the results of such a hack could be catastrophic.

"You could imagine the missile not launching in response to incoming missiles that it's supposed to defend against, you could imagine it launching at the wrong target," says Baylon. "Missile systems have the same vulnerabilities that exist in critical infrastructure."

Reports of cyber attacks on military or industrial infrastructure are rare. Last year, Germany suffered a damaging cyber attack when the control systems of an unnamed steel mill were hacked, leading to parts of the plant failing and the blast furnace not being shut down properly.

The most famous example of such a cyber attack was the Stuxnet worm, which disabled centrifuges in Iranian nuclear power plants and was blamed by Tehran on the US and Israel.