Hackers have published cellphone numbers, credit card data and private communications belonging to members of nearly every German political party, in a sweeping breach last month that reportedly also affected German Chancellor Angela Merkel.
The far-right Alternative for Germany (AfD) is the only main party whose members were spared from the attack, according to RBB Inforadio, a Berlin-based public broadcaster that broke the story.
In the days before Christmas, hackers quietly posted online the data of some of Germany’s most powerful leaders “in a kind of Advent calendar,” RBB reported.
Some of the stolen information was years old, and it seems the data dump does not include any political bombshells. Instead, it seems intended to embarrass officials — and inflict personal damage by exposing private chats and financial details.
“The hackers published Merkel’s fax number, email address and several letters written by and addressed to her,” Deutsche Welle reports, citing the DPA news agency.
“With regard to the Chancellery it seems that, judging by the initial review, no sensitive information and data have been published and this includes (from) the chancellor,” a government spokeswoman said, as translated by Deutsche Welle.
The data was spread via two Twitter accounts named @_0rbit and @_0rbiter, according to security researcher Luca Hammer.
The main account belonged to someone who described themselves as being involved in both security research and satire, Deutsche Welle said. The account had previously published private data belonging to celebrities; the two Twitter accounts and a related blog page are now suspended.
The stolen information was freely available online for days, even weeks, before it gained wide notice. Several artists and journalists also were targeted — hackers hijacked the Twitter account of German YouTube star Simon Unge, and it was that act that caused interest in the breaches to spike.
YouTube producer Tomasz Niemiec, who says he knows the person who took over Unge’s account, told news outlet T-online.de that the attacks are the work of a sole hacker — and that the man’s goal is to gain attention for himself. In that widely cited interview, Niemiec said he knew the hacker strictly through online communications, and that the man has spent years collecting data and hacking YouTube accounts. Niemiec said he communicated with the hacker on Thursday and urged him to release Unge’s account. He did not speculate about the political aspect of publishing the stolen information.
Along with Merkel and her Christian Democratic Union party, the hacking targets included German President Frank-Walter Steinmeier and the Social Democratic Party of Germany, along with the Free Democratic Party and the Green Party.
“The enormous range of stolen data and documents is striking,” German public broadcaster ARD reports, “which makes it unlikely that they were captured at one point.”
Germany’s government deems the mass exposure of sensitive data a “serious attack,” according to Justice Minister Katarina Barley, who was quoted by ARD saying that the hackers “want to damage confidence in our democracy and their institutions.”
Germany’s Federal Office for Information Security says it is investigating, along with the National Cyber Defense Center. It added that government networks are not at risk.
Fallout from the attack has also prompted some finger-pointing in Germany, with security experts accusing politicians of using lax password and privacy practices — and politicians asking why federal authorities seemingly weren’t aware of the data leak until a famous YouTuber went public.
Because of the attack’s surprising reach, the story was dominating German news sites on Friday, with dozens of stories devoted to the hacking attack (in German, Hackerangriff — a term that quickly began trending online).