A large number of German politicians have been affected by a hacking incident.
Politicians from Germany’s far-left Linke party were the first to confirm they had been affected, but then it snowballed as details from almost all parties were found to have been leaked.
“I can confirm that there has been an incident”, the Linke spokesman said, adding that Dietmar Bartsch, leader of the party’s group in Germany’s lower house of parliament, was personally affected.
Public broadcaster ARD television said earlier on Friday that hackers had posted personal data from hundreds of German politicians from major parties, including credit card details and mobile phone numbers.
Deutsche Welle reported that all political parties have been targeted apart from the far right AfD party.
Euronews contacted AfD who said they are not responsible for the hack.
“Are you kidding?” was their exact response.
And, as far as they can tell, the information of AfD members have not been exposed. However, the party says “we did not check the files yet”.
The Green party were one of the organisations affected.
Michael Kellner, Business Manager of Bündnis 90/DIE GRÜNEN said in a statement that the party were letting hacked members know about the incident and “recommends that all persons concerned file criminal charges.”
The statement also expressed irritation that the party learned about the breach through internal channels and “not through the relevant security agencies.”
How did this begin?
A twitter account with 17.7 thousand (currently) followers released personal information in an ‘advent calendar’ style – one dump of hacking ‘goodies’ every day until Christmas Eve.
The final door on the 24th was reserved for the centre-right alliance CDU/CSU.
The account was active until late Friday morning and is now suspended.
In a statement sent to Euronews by Twitter, the platform said:
“Posting a person’s private information without their permission or authorisation is a direct and serious violation of the Twitter Rules. We also recently updated our Rules to prohibit the distribution of any hacked material that contains private information, trade secrets or could put people in harm’s way.”
Whether the information will be in any way compromising remains to be seen and we are reaching out to those affected to asses their fears, although in a presser this morning, the German government stated that nothing sensitive had been released.
The German Federal Office for Security in Information Technology tweeted that they are “intensively examining the case in close cooperation with other federal authorities.”
“The National Cyber Defence Centre has taken over the central coordination. According to the current state of knowledge there is no concern of the governmental networks,” the tweet continued.
Euronews telephoned a number of German politicians using numbers that were found in the leaked documents. One of whom, Jana Schimke of the CDU, said she didn’t even know she had been hacked, but realised that since our journalist had been able to make such a call, it suggested that she had.
Patrick Sensburg, also of the CDU, confirmed his office had been the victim of a phishing attack.
Just after midday CET, the CDU told Euronews the following: “Research so far has shown, that the information was not taken from our database.”
How sophisticated was the attack?
James Chappell, founder and Chief Innovations Officer for digital risk company Digital Shadows told Euronews that it was “definitely on the more sophisticated end.”
What can organisations do to prevent these attacks?
“The types of protections really have to be quite broad, if you look at the attacks on the UK parliament last year we saw a lot of personal advice going out to MPs about how they can protect themselves, certainly that’s going to happen in this case although it’s kind of closing the stable door after the horse has bolted,” says Chappell.
“It’s all about educating people on how to be secure, and I’m sure the BSI in Germany will focus a lot of efforts in trying to minimise the impact of this.”