January 4, 2019
Hundreds of German politicians, including Chancellor Angela Merkel, have had personal details stolen and published online.
Contacts, private chats and financial details were put out on Twitter which belong to figures from every political party except the far-right AfD.
Data from celebrities and journalists were also leaked.
It is unclear who was behind the attack, which emerged on Twitter in the style of an advent calendar last month.
How extensive was the attack?
The true extent of damage caused by the leak is not yet known although Justice Minister Katarina Barley said it was a “serious attack”.
“The people behind this want to damage confidence in our democracy and institutions,” she said.
A government spokeswoman said no sensitive data from the chancellor’s office had been published. MPs, Euro MPs and MPs from state parliaments were affected, said Martina Fietz.
She said the government was not yet certain that the data had been stolen by cyber-hackers. Some reports suggested a lone leaker may have had access to sensitive data through their work.
A cyber analyst told the BBC there was speculation that hackers may have exploited weaknesses in email software to get hold of passwords that those targeted had also used on social media accounts.
Germany’s federal office for information security (BSI) said government networks were not affected, as far as it was aware.
Although nothing politically explosive is known to have been leaked, the sheer volume of personal data involved suggests the consequences could be considerable, says RBB reporter Michael Götschenberg, who researched the attack.
The now-suspended Twitter account, identified by German media as @_0rbit, was followed by more than 17,000 people and appeared to be operated from Hamburg.
Although documents had been posted on the account from 1 December to 28 December, it was not until Thursday evening that officials became aware of the theft.
Bild newspaper said all the data stolen in the attack dated back to before October 2018 but it was not clear when it began.
Russia ‘behind German parliament hack’
Hacking of German ministries ‘ongoing’
Who was targeted?
National and local political figures as well as some TV personalities have had their details stolen.
Data appeared as Advent calendar-style daily releases on Twitter. The first “doors” at the start of December featured TV presenters, then rappers and from 20 December it focused on politicians.
Among those targeted were:
Chancellor Angela Merkel: her email address and several letters to and from the chancellor appear to have been published
The main parliamentary groups including the ruling centre-right and centre-left parties, as well as The Greens, left-wing Die Linke and FDP. Only AfD appears to have escaped
Greens leader Robert Habeck, who had private chats with family members and credit card details posted online
Journalists from public broadcasters ARD and ZDF as well as TV satirist Jan Böhmermann, rapper Marteria and rap group K.I.Z, reports say
Another TV satirist, Christian Ehring, is said to have had 3.4 gigabytes of data stolen and posted online, including holiday photos. Last year he won a court case brought by AfD leader Alice Weidel, who complained when he called her a “slut” on his TV show.
Centre-left SPD MP Florian Post said he felt “quite shocked” by the leak of account statements and other details online, but he added that at least one file that had been posted was fake.
Who was behind attack?
Immediate suspicion fell on right-wing groups in Germany as well as Russia.
German cyber-security analyst Sven Herpig said Russia was a suspect, first because of the method used but also because Germany was facing four state elections in 2019 as well as elections to the European Parliament.
However, the fact that no right-wing politicians were targeted while prominent figures who had criticised them had been, suggested domestic right-wingers may also have been responsible, he told the BBC.
Russia has been accused of cyber-attacks in Germany before.
In 2015, data was stolen from computers in the Bundestag. And last year the government’s IT network came under attack amid reports that Russian hackers were also to blame.
UK-based expert Graham Cluley said the breadth of the latest hack suggested it was a co-ordinated effort involving a determined group over many months.
“This hack clearly isn’t about extortion or financially motivated. This is about attempting to destabilise Germany society,” he told the BBC.