German politicians' data published online in massive breach

Personal data and documents on hundreds of German politicians and others have been posted online, and German cyber-defence experts were trying to figure out Friday how the information was obtained.

Breach hit politicians at all levels, including European, German and state parliaments

German Chancellor Angela Merkel speaks in the German parliament last year. Personal data and documents on hundreds of German politicians and others have been posted online. (The Associated Press)

Personal data and documents on hundreds of German politicians and others have been posted online, and German cyber-defence experts were trying to figure out Friday how the information was obtained.

The data breach hit politicians at all levels, including the European, German and state parliaments as well as those in city governments, said Martina Fietz, a spokesperson for Chancellor Angela Merkel.

"The German government takes this incident very seriously," she said Friday, adding that the country's cyber-defence centre was investigating the breach.

Interior Minister Horst Seehofer said an initial analysis suggests that the material was obtained from cloud services, email accounts or social networks. He said there was no indication that federal government or parliament computer systems were compromised.

No method to what was posted

Fietz told reporters that "it appears, at first sight, that no sensitive information and data are included in what was published, including regarding the chancellor."

Public broadcaster RBB, which first reported on the issue Friday morning, said there appeared to be no method to how the breached data was shared via a Twitter account.

German Interior Minister Horst Seehofer said the material appears to have been obtained from cloud services. (Michael Dalder/Reuters)

Although the data reportedly include information such as cellphone numbers, addresses, internal party communications and in some cases personal bills and credit card details — some of it years old — RBB said there appeared to be no politically sensitive documents.

The German news agency dpa reported that the information included a fax number and email address belonging to Merkel and several letters to and from the chancellor.

Data on about 1,000 people

The Twitter account in question — which was still online early Friday with about 17,000 followers, but was later suspended — had been active since mid-2017.

The links it posted suggested that information on politicians from all parties in parliament except the far-right Alternative for Germany had been shared in daily batches before Christmas along with data on YouTubers and some other public figures. The last post was on Dec. 28.

The head of Germany's IT security agency, Arne Schoenbohm, said authorities had been aware of individual cases in December but material was posted online on a large scale Thursday evening. He said the agency believes data on about 1,000 people were involved, and confirmed that one party in parliament wasn't affected — though he wouldn't name it.

Schoenbohm said there had been "a high two-digit number of attacks which were very successful" in which accounts were infiltrated and data and documents, such as copies of ID cards, extracted.

'Other data could be tapped'

"Via this infection, it seems that other data could be tapped, such as first and last names but also cellphone numbers," he added.

In many cases, he said, the information was limited or already available publicly. Schoenbohm's agency was still working to figure out how the attack started and who was behind it.

Arne Schoenbohm, president of Germany's national cyber-defence body, said checks on some of the information shared in this case showed it was genuine. (Wolfgang Rattay/Reuters)

Schoenbohm said checks on some of the information shared in this case showed it was genuine, but authorities couldn't rule out fake data having been mixed in.

Germany has seen cyberattacks on government and parliament computer systems in recent years in which Russian-backed hackers were suspected. Berlin has been a leading backer of sanctions against Russia over its actions in Ukraine.

Hallmarks of Russia-backed hackers

German officials didn't comment Friday on whether there were any indications foreign intelligence services were involved, citing the ongoing investigation.

Tom Kellermann, the chief cybersecurity officer of Carbon Black, said the latest hack had all the hallmarks of Russian state-backed hackers.

It's in Russia's best interests for the far-right politicians to be successful- Tom Kellermann, cybersecurity expert

He said it made perfect sense that none of the targets in this hacking campaign was from Germany's far right, and that it appeared aimed at "undermining the German political process and essentially stoking fires of the mob."

"It's in Russia's best interests for the far-right politicians to be successful," Kellermann added.