Merkel Warned of Wirecard Link in Cell-Phone Software

(Bloomberg) -- The German government must ensure its communications systems are secure following the emergence of a link between a provider of encryption services and the fugitive former Wirecard AG executive Jan Marsalek, according to lawmakers.

At a parliamentary hearing Friday into the 2020 collapse of the payments company, Fabio de Masi, a lawmaker from left-wing party Die Linke, said that the main shareholder in software company Virtual Solution AG has a connection with Marsalek, citing an unnamed aide to the former Wirecard executive.

De Masi asked Chancellor Angela Merkel if she was aware of the use of software by Virtual Solution in government communication devices -- including her own -- and of a link between the company and Marsalek. “I’m not familiar with Virtual Solution; I do have such a phone,” she said.

Marsalek is wanted by Interpol in connection with the collapse of the payments company last year. The previously unknown link between him and the company raises questions about the security of Germany’s government communications at a time of heightened scrutiny into failings by the authorities to unearth what became one of the biggest corporate fraud cases the country has ever seen.

“The federal government must ensure that there is no security risk for Germany,” said de Masi. “It needs to review the trustworthiness of its provider and ensure that the communication system of the government and its institutions does not pose any security risk,” de Masi said.

Lawmaker Jens Zimmermann, a member of the coalition government’s Social Democrats, also raised concern at the hearing that state information systems could be linked to Marsalek. “The security system of the government should be reviewed, as a possible proximity between Marsalek and the software provider has been revealed,” Zimmermann said.

Merkel Testimony

Virtual Solution is certified by the Federal Office for Information Security and there is no indication the software has ever been compromised, a representative for the company said.

Finance Minister Olaf Scholz was challenged by lawmakers on Thursday over a potential security risk he may have caused by sending emails related to Wirecard from a personal account. He responded to de Masi’s allegations regarding Virtual Solution by saying the information “can’t be ignored.”

Marsalek fled in June last year shortly before Wirecard filed for insolvency and after the company admitted that 1.9 billion euros ($2.3 billion) in funds probably never existed. Marsalek’s whereabouts are currently unknown and he is the subject of an international arrest warrant.

The security of Merkel’s digital communication has been compromised at least twice in the past decade. In 2013, it became public that Merkel’s mobile phone had been tapped by the U.S. National Security Agency, and last year the chancellor accused Russia of mounting what she called an “outrageous” cyberattack on her email account in 2015.

Those incidents prompted the government to beef up its cyber-security systems in recent years. Virtual Solution has been approved by the federal information security agency to provide a mobile communication system for classified information since 2017, the government said previously in a response to a written question from de Masi. That includes financial regulator BaFin, which has been heavily criticized for its role in the Wirecard affair, for failing to spot the fraud and the allegation that it attempted to shield the firm from the attacks of short-sellers.

No Knowledge

Emails seen by Bloomberg News show that BaFin officials such as Raimund Roeseler, executive director of banking supervision, use the software solution.

A BaFin spokesman declined to comment on the matter. While BaFin rejects the view that it took Wirecard’s side, saying its actions were to protect the wider market, the watchdog’s top leadership resigned this year after a series of missteps.

BaFin itself now faces a criminal probe into how it oversaw Wirecard’s activities in the payment services business, and whether some of the agency’s staff illegally traded the stock.

The government, and the agency for information security, BSI, said in response to de Masi that they have no knowledge about a link between the company representative and Marsalek.

The security agency added that it sees no reason to review the business relations or the communication system on the basis of an undefined close relationship with Marsalek alone without further findings by the security authorities.

©2021 Bloomberg L.P.