Germany races to boost cyber defences after breach

The German government is seeking to improve its cyber defences in the wake of the country’s largest data breach of its kind, which exposed the personal data of hundreds of politicians.

The move comes after it was revealed that an unnamed teenager was responsible for the breach, which affected German chancellor Angela Merkel, federal president Frank Walterand and Greens party leader Robert Habeck.

The hacked data, comprising about 1,000 records belonging to celebrities and journalists as well as politicians, included contacts’ email addresses, private chats, mobile numbers, photographs and credit card details. However, the German information security agency (BSI) said no government networks were affected and a government spokesperson said no sensitive data from the chancellor’s office had been leaked.

The breach data was published on Twitter in November 2018 and several cases of suspicious activity on email and social media accounts were reported, but these were not immediately linked and German officials were made aware of the extent of the breach only in the first week of January.

The scale of the breach ahead of European parliamentary elections in May raised concerns about foreign powers seeking to influence the outcome of the vote. In 2017, data was leaked from Emmanuel Macron’s French presidential campaign just ahead of his election and in 2016, hackers accessed and stole data from the US political computer networks before the presidential elections.

The fact that the latest data breach in Germany was the work of a 20-year-old student has added urgency to efforts to improve cyber security and raise awareness, reports Reuters. The student had been linked to previous attempts to steal personal data in 2017, but had not been placed under surveillance.

Germany officials are concerned that if a student is able to access politicians’ personal data, well-resourced foreign powers seeking to influence the elections will be able to do the same and more.

In response, Germany reportedly plans to hire additional cyber experts for the federal police force and the BSI, set up a dedicated unit to monitor for, and prevent, similar attacks in future, update existing cyber security laws, and increase cyber security awareness training for politicians and the general public.

The latest breach has raised concerns that not much has changed in Germany’s cyber defence capabilities since the theft of data from the Bundestag lower house of parliament in 2015 that was blamed on Russian hackers and prompted warnings that cyber attacks were becoming the first weapon of choice for countries in conflict.

In March 2017, the UK’s National Cyber Security Centre (NCSC) announced that it would run special seminars to educate UK politicians on cyber threats to democracy.

NCSC chief executive Ciaran Martin also wrote to political parties warning them of the “potential for hostile action against the UK political system”.

Martin warned that databases of voters’ views and personal information, as well as internal emails, could be at risk, promising seminars to educate politicians about the threat. “You will be aware of the coverage of events in the United States, Germany and elsewhere, reminding us of the potential for hostile action against the UK political system,” he said.