Several German politicians, journalists, and entertainers were targeted in a massive data breach that emerged on Twitter in the form of an advent calendar last month.
Chancellor Angela Merkel, Greens leader Robert Habeck, TV satirist Jan Böhmermann, rapper Marteria, the rap group K.I.Z. and main parliamentary groups including the ruling center-right and center-left parties, as well as The Greens, left-wing Die Linke and FDP were among those targeted in the breach, according to the BBC.
The full scope of the breach is still unknown but contacts, private chats and financial details from every political party except the far-right Alternative for Germany (AfD) party were exposed. A government spokeswoman told the publication no sensitve data from the chancellor's office had been breached.
It is unclear how the attackers gained access to the information but some German cybersecurity pros have speculated the threat actors exploited a weakness in email software to steal passwords that may have also been used on social media accounts.
Officials haven’t stated who was behind the attack, however speculations have raged from Russian threat actors to domestic right-wingers.
Matt Walmsley, head of EMEA marketing at Vectra, told SC Media this is a very damaging attack for a country that holds individual privacy so dearly and has some of the region’s strictest data protection laws.
“Details are currently limited although initial reports say that members of the far-right Alternative for Germany (AfD) party hasn’t been affected so there may be a political motivation in this attack,”Walmsley said. “We shouldn’t disregard the work of foreign state actors here either, particularly Russia who have been cited in multiple attacks and cyber-interference on foreign powers, and in 2015 were accused by the German domestic security services of hacking the German parliament.”
Walmsley added that last month America tipped off Germany’s BSI information security agency that China was targeting the country with “cloud hopper” attacks and went on to say the attack is just the first of many high-profile breaches we will see this year.
While finding the motivation and the perpetrators behind the attack are important, some researchers stressed the importance of not jumping to conclusions it can be next to impossible to determine the specific motivation behind a political attack.
“While it may be easy to assume this is the work of an AfD operative, it is perhaps equally possible that an external actor could have perpetrated this attack to stir up controversy and distractions,” Craig Young, a computer security researcher for Tripwire’s VERT team, told SC Media.
“While there does not appear to be any tremendous damage from the released data so far, it may ultimately contribute to eroding confidence in the German information security office.”
Young pointed out that the last year has been difficult for BSI’s reputation as it was revealed that the Russian hacking group APT28 had managed to penetrate the highly sensitive “Informationsverbund Berlin-Bonn” (IVBB) network.