Germany’s Federal Office for IT Safety (BSI) said on Saturday that it had only become aware of a massive data breach affecting hundreds of lawmakers on Friday, several weeks after a lawmaker had told BSI officials about suspicious activity on their personal accounts.
“Everybody assumed it was an isolated case,” the BSI said. “Only by becoming aware of the release of the data sets via the Twitter Account ‘G0d’ on January 3, 2019, could the BSI in a further analysis on January 4, 2019 connect this case and four other cases that the BSI became aware of during 2018,” it added.
BSI head Arne Schönbohm said on Friday that the agency had spoken with “some lawmakers” affected by the breach in early December. The statement prompted outrage among other hacking victims, who assumed BSI had known about the issue and failed to inform them.
Read more: Six hack attacks that shook the world
Anger at BSI
“I am outraged that I am learning about the data leak from the media, even though I am a member of the parliament’s Intelligence Oversight Committee and Home Affairs Committee,” Left party lawmaker Andre Hahn told the media group Redaktionsnetzwerk on Saturday.
Günter Krings, a conservative lawmaker from the Christian Democrats, also criticized authorities. “The obligation of the federal government to inform parliament also applied between Christmas and New Year,” he told the Rheinische Post newspaper.
Massive security breach
The security breach, uncovered by journalists on Thursday, targeted all of Germany’s political parties currently represented in the federal parliament, except for the far-right Alternative for Germany (AfD). It also impacted the European, German and state parliaments as well as municipal officials and celebrities.
Read more: Germany detects new cyberattack targeting politicians, military
Data published on Twitter starting in early December included mobile phone numbers, contact info, and credit card details from members of Germany’s major parties. The leak also included banking and financial details, ID cards and private chats.
Among the apparent targets were Chancellor Angela Merkel and President Frank-Walter Steinmeier. Merkel’s successor at the head of the CDU party, Annegret Kramp-Karrenbauer, was also targeted.
German movie star Till Schweiger and comedian Jan Böhmermann were also hit by the hacking attack, along with several other celebrities.
BSI: Not our responsibility
But a preliminary review of the documents discovered no sensitive information was released and government networks were not accessed, according to the BSI.
The agency also said it was not responsible for protecting the data that had been compromised. “The BSI can only act in an advisory capacity and provide support when it comes to securing party or private communication between lawmakers,” it said.
Most of the data stems from private and personal accounts of the victims, according to the agency.
Berlin was now looking into tougher security regulations for software manufacturers and internet platforms, Germany’s Justice Minister Katarina Barley told Die Welt newspaper.
‘Alarming,’ but not surprising
Social Democrat parliamentarian Helge Lindh was one of the victims of the attack. He told DW that although the hack was “alarming,” he was not surprised it happened.
“There is evidence of a number of phishing attacks and data leaks collected over a sustained period of time,” he said. “It is shocking that politicians are so vulnerable, and it is our task to improve security.”
The documents were posted online as early as December by a Hamburg-based Twitter account that released them in an Advent calendar style. The Twitter account describes itself with labels such as security research, artist and satire. The account has since been suspended.
The authenticity of the leaked data could not be immediately verified and no discernible pattern could be detected to the leaked documents. There is currently no known suspect or motivation.
kw/amp (dpa, Reuters, AFP, AP)
Article source: http://www.dw.com/en/german-cyber-defense-body-defends-itself-over-massive-breach/a-46965314?maca=en-rss-en-ger-1023-xml-atom