Hack leaks sensitive data from all German parties, except far-right AfD
A large hack affecting German parties across the political spectrum, notably excluding the far-right AfD, has resulted in the leak of sensitive data.
Internal political documents and personal details belonging to hundreds of German politicians have been published online. It affects parties represented in federal parliament, as well as politicians at the state level.
RBB Inforadio, a Berlin-area German public broadcaster, first reported the leak on Friday morning. The documents, however, were released in December from a Hamburg-based Twitter account in an Advent-calendar style.
How the data was obtained is yet to be discovered but a huge cyberattack was detected against Germany’s government in early-2018. Authorities said the hackers infiltrated sensitive networks, believed to be in the defense and foreign ministries.
German security agencies said they detected the breach and allowed it to continue in a 'controlled' manner while they monitored it.
Another cyberattack in November, by Russian hacker group ‘Snake,’ reportedly hacked email accounts of several German officials. Germany's domestic security service BfV said it was not clear if any data had been stolen.
A large proportion of the leaked data involved contact details such as addresses and cell phone numbers. Some politicians also had banking and financial details, ID cards, and even private chats released.
The exclusion of far-right Germany party AfD increases the likelihood the leaks were politically-motivated. An emphasis on leaking contact details of opponents is often used in what's called ‘doxxing’ to reduce their willingness to appear in public.
An emergency meeting of the National Cyber Defense Center was convened in the morning.
08/01/19 Update: A 20-year-old man has confessed he was behind the data breach. Using the pseudonym 'G0d' he posted the data under the Twitter username @_0rbit which has since been suspended. In his bio, he described himself as involved in "security research".
Police are still investigating seized computer hardware.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam to learn more.