Hackers Leak Details of German Lawmakers, Except Those on Far RightJan. 4, 2019
Personal information about hundreds of German lawmakers was leaked by an anonymous Twitter account. None of those lawmakers were from the far-right party Alternative for Germany, or AfD.Fabrizio Bensch/Reuters
Personal information about hundreds of German lawmakers was leaked by an anonymous Twitter account. None of those lawmakers were from the far-right party Alternative for Germany, or AfD.Fabrizio Bensch/Reuters
BERLIN — After hackers, later determined to be working for Russia, broke into Parliament’s main computer network three years ago, the government vowed to fortify its cybersecurity. The authorities schooled lawmakers about changing passwords, using two-step identification and other measures to protect online data.
But on Friday, nearly 1,000 lawmakers and other prominent Germans, including rappers, journalists and internet personalities, awoke to find links to their street and email addresses, private chats from social media, bank account details and pictures of their children published on Twitter, in another major breach aimed at the country’s political establishment.
All those attacked had a history of criticizing the far right, whose politicians appeared to be spared, raising suspicion that the hacker or hackers were sympathetic to their agenda, though the authorities said they had no indication yet who was behind the attack.
The breach spread a fresh round of alarm in Germany, a country where citizens especially covet their privacy, and once again raised the disconcerting question of whether even the most vigilant and sophisticated individuals and governments can safeguard their computers and the valuable personal, financial and other sensitive information that resides there.
Even beyond Germany, the attack fit into a building pattern of breaches with the seeming aim of shaking confidence in the political establishment or undermining important players in it.
The weaponization of hacked information has become an increasingly common theme in politics, said Jonas Kaiser, a Harvard University expert who studies online misinformation.
“A lot of leaks and hacking campaigns have become a more normal part of the political discourse,” he said.
The most notable examples were emails from the Democratic National Committee that were stolen during the 2016 election in the United States and have become part of the investigation into whether Russia sought to tilt the vote in President Trump’s favor. On the eve of voting in France’s 2017 elections, hackers similarly made a public dump of what was presumed to be a mix of real and fake emails from the campaign of Emmanuel Macron, now the president.
This time, the leaks went on for more than a month as the hackers teased and dribbled out their bounty. It was only late Thursday, when the Twitter account of a popular German YouTuber, Simon Unge, who has some two million followers, was hijacked that the extent of the attacks finally came into fuller light.
Mr. Kaiser said the authorities would try to determine whether the attack was perpetrated by a state-backed group. The release of personal information by an individual or small group would generate a different response than one done by a government, he said.
Cybersecurity experts said the hacker or hackers appeared to have taken considerable effort to collect and spread the looted information across different servers in an attempt to make tracing them and taking down the data more difficult.
Angela Merkel’s government vowed a thorough investigation. “The German government takes this incident very seriously,” said Martina Fietz, a spokeswoman for the chancellor.
As the country’s main cybersecurity defense team called a crisis meeting to coordinate with domestic and foreign intelligence agencies early Friday, Twitter took down the accounts used by a hacker calling himself GOd that had been broadcasting links to the information since early last month.
The hacker released the information through links published on Twitter in the form of an Advent calendar, where a window is opened every day leading up to Christmas, revealing a picture or treat.
“The first window is for a very special beloved moderator who everyone knows,” read the entry for Dec. 1, which included links to private information from the comedian Jan Böhmermann, who several months ago had started an initiative to discredit a group of far-right internet trolls.
Starting on Dec. 20, Germany’s established political parties appeared, beginning with the Free Democrats and followed by the Left, the Greens and Social Democrats.
Dec. 24 — the final day in the calendar — was reserved for the conservative Christian Democrats and Christian Social Union. The published link led to servers hosting lists of personal information ranging from internal party documents to screen shots of private chat exchanges to images of a personal ID card, front and back.
Only the main opposition force in Parliament, the far-right Alternative for Germany, or AfD, was excluded. Stephan Brandner, a member of Parliament with the party responsible for justice affairs, condemned the hack. “Protection of private data goes for everyone, including politicians, regardless of which party they belong to,” he said.
Germans prize personal privacy — a legacy of abuses by the Nazi- and Communist-era secret police — and the country has long had some of the world’s strictest laws protecting personal information. Germany was the first country to force Google to allow individuals to blur images of their homes on its Street View mapping service, following outrage over the amount of data the company was collecting.
But German defenses have not caught up to German fears, rendering the country exceedingly vulnerable to attacks.
Although the Twitter accounts used for disseminating the information were taken down early Friday, several hours later, many of the servers hosting the information remained accessible.
Lukasz Olejnik, an independent cybersecurity and privacy adviser, said the attack showed deliberate planning. Dispersing the content among servers across the internet made it more likely the information would remain accessible even after Twitter shut down the account that initially published the links, he said.
“The attacker’s intent is not clear at this moment but it is clear that a considerable effort was put in,” said Mr. Olejnik, who is also a research associate at the Center for Technology and Global Affairs at Oxford University. “It was work intensive.”
Germany’s cybersecurity office said it was investigating whether the data was harvested in a central attack, a series of separate ones originating from different services, or in private communications.
“At this time, there is no indication that the government network was breached,” the office, known by its German initials B.S.I., said in a statement.
Beyond Germany, the hacking adds to concerns about the security of European parliamentary elections in May, which many officials fear are vulnerable to digital interference and disinformation campaigns by hackers or state-backed groups. Last month, European Union officials announced a plan to better coordinate responses to false messages around the elections.
Leading members of the Greens and the Social Democrats said they filed criminal charges against unknown individuals for illegally publishing their personal data. A spokesman for the Left party confirmed that the information of some of its members had been exposed, including that of Dietmar Bartsch, the leader of its caucus in the lower house of Parliament.
Mr. Böhmermann, the first person targeted in the leak, tried several months ago to organize opposition to the far-right group Reconquista Germanica, which spreads disinformation and harasses, provokes and belittles opponents.
The data, which included Mr. Böhmermann’s phone numbers, personal chats and photographs of his two young sons, was advertised as, “Nice things that you can have fun with.”
Germany’s main government network was breached by hackers in 2015, and the authorities worried that information obtained then would be used against politicians leading up to the 2017 election. Those fears were largely unfounded.
Hackers appeared to have again penetrated the German government’s main data network last March — a system that was supposed to be particularly secure and is used by the chancellor’s office, ministries and Parliament.
Luca Hammer, an independent German social media analyst who studies activity on Twitter, said that because no right-wing troll chat groups had picked up the leak, the hacker may have been a single individual.
“They had to get into a popular Twitter account to get noticed,” he said over Twitter. “Therefore I assume they acted alone. But I don’t know.”
The attack prompted warnings in German media about the need for greater vigilance by the government and of how individuals can better protect themselves online.
A commentary in Süddeutsche Zeitung drew a parallel between the cyberattack and terrorism. “Even if in this case nobody has been injured or killed,” the aim of the hack was to trigger “a diffuse fear” in German society at large.
“The question of whether public spaces are safe for the individual turns out to be the same for Facebook and the Outlook mailbox as it is for soccer stadiums and the Oktoberfest,” the paper wrote.
Adam Satariano contributed reporting from London.
Follow Melissa Eddy on Twitter: @meddynyt.
https://www.nytimes.com/2019/01/04/worl ... -leak.html 
