German politicians’ data leak shows need for global action

Germany has been hit by the country’s largest personal data breach to date, affecting hundreds of politicians, including chancellor Angela Merkel, federal president Frank Walterand and Greens party leader Robert Habeck.

Some German journalists and celebrities such as TV satirist Jan Böhmermann have also been affected, but the German information security agency (BSI) said no government networks were affected and a government spokesperson said no sensitive data from the chancellor’s office had been leaked.

The hacked data, comprising about 1,000 records, includes contacts’ email addresses, private chats, mobile numbers, photographs and credit card details, which were published on Twitter in November, but German officials were made aware of the breach only this week.

The data was leaked on a Twitter account called “G0d” that claims to be based in Hamburg and describes itself using the words “security researching”, “artist” and “satire & irony”, according to Bloomberg News.

Figures from every political party except the far-right AfD are affected, which some commentators say could indicate a political motivation for the breach.

According to Germany’s Bild newspaper, the stolen data dates back to before October 2018, but it was not clear when it was stolen.

It is still unknown how the data was stolen, but security analysts have said it is possible that the hackers exploited email weaknesses to steal passwords that had be re-used for social media accounts.

The scale of this hack will add urgency to international efforts to fight cyber crime, according to Kirill Kasavchenko, principal security technologist at Netscout.

“Regardless of the true motivations for this particular attack, all too often it is still too easy for hackers to access and exploit sensitive information,” he said.

As a consequence, Kasavchenko believes 2019 will be the year when western governments devise policy-driven initiatives that put the right security infrastructure in place, and provide government and law enforcement agencies with the means to combat criminal or nation-state cyber attacks.

Javvad Malik, security advocate at AlienVault, said that although it not clear how the attacks were perpetrated, it is clear is that cyber crime is the method of choice for most criminals.

“Whether they are trying to rob a bank, defraud members of the public, knock services offline, embarrass governments or share otherwise confidential information,” he said.

Although there is “no silver bullet” solution, Malik said this growing challenge will require a mix of technical controls, procedural controls and raised awareness among individuals in how to better identify and understand the threats they face and how to protect themselves adequately.

Picking up on the theme of education, David Emm, principal security researcher at Kaspersky Lab, said it is clear that across all organisations, the importance of securely storing and sharing information remains an ongoing education process as data is seen as increasingly valuable by those hoping to exploit it.

“It is vital that organisations regularly review their information security processes and educate staff on how to keep their own, and others’, information secure when communicating both inside and outside of an organisation,” he said.

For a country that regards individual privacy highly and has some of the region’s strictest data protection laws, this is a very damaging attack, not least for the German government’s credibility to secure itself, according to Matt Walmsley, European director at Vectra.

“There may be a political motivation in this attack, but we shouldn’t disregard the work of foreign state actors here either, particularly Russia, which has been cited in multiple attacks and cyber interference on foreign powers, and in 2015 was accused by the German domestic security services of hacking the German parliament,” he said.

Walmsley noted that Germany’s BSI information security agency was tipped off by the US last month that China was targeting the country with cloud hopper-style attacks that target organisations through managed service providers.

“This is just the first of many high-profile breaches we will see this year and it serves as a powerful reminder that well-resourced, motivated and persistent attackers almost always succeed,” he said.

“There are no perfect defences, so we need to adopt a healthy paranoia of an ‘I’m already compromised’ mindset and focus on detection and responses to threats, and accept that something is trying, and invariably succeeding, to get inside our systems.”

In light of the fact that hunting for, and responding to, the stealthy progress of advanced attackers inside an organisation is a painstakingly slow and arduous job, Vectra is focusing on automation powered by AI (artificial intelligence).

According to Walmsley, this approach takes over the “heavy lifting” to work at a speed and scale that human security teams alone cannot achieve.

“This means that security teams can wrestle back the advantage and get ahead of attacks before they become full-blown security incidents like we’ve seen today in Germany,” he said.