UPDATE (9 January): The Guardian reports that Germany's federal police agency (BKA) has apprehended a 20-year-old student who has confessed to being behind the incident that affected around 1,000 people, some 950 of which are politicians. The suspect, per the report, said that he was driven by his annoyance at statements made by the victims of his attacks. Meanwhile, Germany's Interior Minister Horst Seehofer said that many of those hacked used extremely simple passwords – including ‘ILoveYou’, ‘1,2,3’ and the like – to access their online accounts, making such break-ins easy even for attackers with little technical chops.
German authorities are investigating a major cybersecurity incident that saw the personal information of hundreds of German politicians, as well as a number of TV personalities and journalists, dumped online in serial fashion, according to Euronews and other media outlets.
The data, which goes back to before October 2018, was disseminated via a now-suspended Twitter account – seen, for example, in this screenshot – that linked to the dumps on anonymous-sharing sites almost daily between December 1 and 24, wrote Politico. On December 28, one more link was posted.
And yet, the data dump – or, in fact, a long series of data dumps – didn’t really come to light until Thursday night, before the news of it ‘exploded’ on the internet on Friday. It’s unclear how the information was stolen, what the motivations behind the theft(s) are or, indeed, who is behind the entire incident.
The smorgasbord of leaked data includes the politicians’ credit card details, banking and financial information, addresses, mobile phone numbers, photos of ID cards, personal chat histories, as well as their respective parties’ emails, memos and letters. Representatives of all but one party in the country’s federal parliament were impacted. Chancellor Angela Merkel and President Frank-Walter Steinmeier are also among the victims.
But as regards the Chancellor’s office, Euronews quoted a government spokesperson as saying that no truly sensitive information appears to have been stolen.
In addition, deputy government spokesperson Martina Fietz told Politico that Merkel’s office didn’t know about the issue until Thursday night. Similarly, a number of German parliamentarians lamented the fact that they’d learned about it from ‘outsiders’, rather than from the country’s security apparatus.
Meanwhile, the BBC quoted the German national cybersecurity authority (BSI) as saying that government networks were not impacted, “as far as it was aware”. The Defense Ministry also said it wasn’t affected, as per Deutsche Welle.
As is often the case with developing stories, early reports differ from each other in some important details. However, there is a common thread here in that no political bombshells have, as of yet, been dropped courtesy of the dump, as it doesn’t appear to contain any explosive information in this regard. That’s not to say that it won’t change as the data is examined in detail, however.
Which engenders the question: is (all) the data authentic? For example, Florian Post, a member of Germany’s Federal Parliament and one of the leak’s victims, said that at least one document is fake, but admitted that much of what relates to him is indeed genuine.