A large-scale hack of German polticians has seen personal data, including credit cards, contact details and private conversations, exposed online.
The mass hack affects hundreds of German politicians, including Chancellor Angela Merkel. The only political party not to be affected is the far-right AfD.
For the German government, it is a highly embarrassing incident. Although exact details currently remain unclear, the large scale of the data breach suggests sub-par cybersecurity practices on the government’s part.
“For a country that holds individual privacy so dearly and has some of the region’s strictest data protection laws this is a very damaging attack, not least for the German government’s credibility to secure itself,” commented Matt Walmsley, EMEA Director at cybersecurity company Vectra.
Who is behind the mass hack of German politicians?
It is not clear who is responsible, although there are a number of potential culprits.
“Details are currently limited although initial reports say that members of the far-right Alternative for Germany (AfD) party hasn’t been affected so there may be a political motivation in this attack,” said Walmsley.
“We shouldn’t disregard the work of foreign state actors here either, particularly Russia who have been cited in multiple attacks and cyber-interference on foreign powers, and in 2015 were accused by the German domestic security services of hacking the German parliament.
“Germany’s BSI information security agency was also tipped off by America last month that China was targeting the country with “cloud hopper” attacks.”
More attacks on politicians to come?
The attack is relatively rare for its choice of target, but similar cyberattacks may follow.
“Releasing personal data on politicians is far more targeted than we usually tend to see,” commented Jake Moore, cybersecurity expert at ESET UK.
“However, officials in high powered positions must be all too aware of the associated risk and consequences of a breach.
“Luckily this stolen data is over a year old but assuming some credit cards are still active, I would suggest they take a few minutes to cancel the cards in question and add fraud protection before the hacking world takes advantage of this breach.”
The first of many major breaches in 2019
With the year barely started, this attack on German politicians represents the first of many major data breaches likely to hit over the next 12 months.
“This is just the first of many high-profile breaches we’ll see this year and it serves a powerful reminder that well-resourced, motivated and persistent attackers almost always succeed,” said Walmsley.
“There are no perfect defences, so we need to adopt a healthy paranoia of an ‘I’m already compromised’ mindset and focus on detection and responses to threats, and accept that something is trying, and invariably succeeding, to get inside our systems.”
“It is clear is that cybercrime is the method of choice for most criminals, whether they be trying to rob a bank, defraud members of the public, knock services offline, embarrass governments or share otherwise confidential information,” added Javvad Malik, security advocate at AlienVault.
“Unfortunately, there is no silver bullet solution to this growing challenge and it will require a mixture of technical controls, procedural controls, and perhaps more importantly, raised awareness among individuals in how to better identify and understand the threats that they face and how to protect themselves adequately.”