In the wake of our own minor disaster involving the Luas website getting hacked, German authorities have come forward to Irish data protection commissioners asking for help involving a “very, very serious” hack of digital communications of German journalists and politicians from all levels of parliament. The extent of the breach was such that even Chancellor Angela Merkel had some of her own personal data stolen.
The news emerged on Friday as German officials confirmed the theft of at least 1,000 datasets, including phone numbers, credit card details, and the contents of emails from top political figures.
Despite the information being leaked on platforms such as Twitter and YouTube, which you might expect to leave a digital trail of some sort, a German government spokeswoman reaffirmed that it was still unclear as to who was behind the attack, or when it occurred.
German authorities have confirmed that the information leaked so far is indeed accurate, but, interestingly, appears to have been collected over a lengthy period of time. This could possibly suggest that the hack was not one big vulnerability being exploited, but instead a series of smaller-scale ones.
In turn, this implies that the problem stemmed not from the software side of things, but from the people using the software. This was confirmed by federal security officials, who stated that the majority of data appears to have been stolen via a “spear-fishing” attack, conducted using the Outlook email program. Users clicked on an attachment or followed a link that lead them to a fake website prompting them to enter a password or some other form of sensitive information.
It is estimated that this happened to about 30 Bundestag employees. This gave attackers backdoor access to the employees’ network accounts. From here, they were able to hop to other network accounts, giving the breach a greater scope. The Bundestag is the German equivalent of the Dáil, so this attack gave the perpetrators direct access to sensitive information on high-ranking German politicians.
German authorities have been working closely with officials here in Ireland as Twitter has its European HQ here in Dublin. The European data protection commission also has its headquarters here in Ireland.