The different security services and internal intelligence tried this Friday to locate the hacker or group behind the massive attack, discovered by the authorities on Thursday night and advanced by the regional channel RBB Info radio , but which began at the beginning of last December with data from some artists before launching those of hundreds of state, federal and European Parliament politicians. In the account profile of the social network used to give access to the stolen information appeared the description of “security researcher”, “artist” and “satire”. Twitter blocked the account on Friday.
The Minister of Justice, Katarina Barley, denounced a “serious attack” and said without specifying more to those who “want to sabotage confidence in democracy and its institutions.” “These criminals and those who support them should under no circumstances dictate the terms of any debate in our country,” he added.
In an attempt to restore calm to the impact of the event in the German political world, the deputy spokesman of the Executive, Martina Fietz, assured that no “sensitive” information of the chancellor had been compromised. Their phone numbers or email addresses were authentic, but some information was obsolete. “After the first inspection it was found that the publications did not contain sensitive information and data, but the published ones must be handled with great caution because some authentic documents could have been infiltrated with falsified data,” Fietz said.
“The first analyzes imply that the data was recovered through the fraudulent use of passwords for access to storage services in the computer cloud, email accounts and social networks,” he said. Interior Minister Horst Seehofer in a statement. The ministry confirmed that the main German parties were victims of the attack, from the CDU of Merkel to the Greens, going through the Social Democrats and the Liberals. The leader of the parliamentary group of Die Linke (The Left), Dietmar Bartsch, also affected, said he was “deeply shocked” by this “serious attack on democracy”.
This is not the first time that German politics suffers a massive data theft. On May 8, 2015, the authorities revealed that the Bundestag’s computer network was being attacked and that the downloading of data could lead to the collapse of the service. Hans Georg Maasen, then head of German internal espionage, pointed out months later as responsible to Moscow. In May 2016, it was made public that a Russian group had also attempted to hack the Chancellor’s Christian Democratic Union (CDU), Angela Merkel.
In 2017, the same cyber-espionage group, known as APT28, successfully accessed the foreign and defense ministries, as well as the data network of the German government and the secret services, as confirmed by the German news agency. DPA. The same hackers are also considered responsible for numerous cyber attacks, including the one that in 2016 affected the computer systems of the United States Democratic National Committee. To the cyber attacks against institutions and parties over which the shadow mainly plans of Russian interference, others have been added directed against international companies.
Thus, in May 2017, malicious software that encrypted the data was spread on Windows computers that were not updated. This virus, called WannaCry, of the ransomware variety cyber attacks that hijack data and demand a ransom to free the system – affected computers in more than 170 countries.
The servers of at least 16 hospitals and health centers in the United Kingdom -especially the radiology services of this centers, factories of the Renault-Nissan automobile company in France, Slovenia and Romania -which suspended production during a period of week or the teams at Telefónica headquarters in Madrid were attacked by this malware. The Department of Justice of the United States accused a North Korean citizen of being behind this attack.
At the end of June of last year, Petya, a more sophisticated virus than WannaCry, affected the computer systems of institutions and large global companies, mainly in Ukraine. The only exception was the far right AfD formation. At the moment, it is unknown if the data leaked from this training has been deliberately avoided or if the hackers planned to publish it at another time.
Hundreds of victims, including German President Frank-Walter Steinmeier, have revealed personal documents, private messages, mobile phone numbers, credit card information, addresses, letters and invoices, among others. Some of the information is old. Merkel’s fax number, e-mail address and several letters have been disseminated.
Information has also been published on journalists from the two public television channels, ZDF and ARD, where there are dozens of people affected, including professionals from various news programs. Another objective has been the journalist Hajo Seppelt, who uncovered the scandal of systematic doping in Russia. The serious data leakage has targeted several artists, such as the humorist Jan Böhmermann, which generated diplomatic tensions at the time for a satire against the Turkish president, Recep Tayyip Erdogan.
After being informed and assess the extent of the attack, the Government activated the so-called “cyber alarm”, a measure designed to discover the origin of the attack and involving the Federal Office of Information Security (BSI), the Police Criminal (BKA), the Federal Intelligence Service and the Federal Office for the Protection of the Constitution. “We have been dealing with this issue since Thursday night and are taking care to inform our people,” said a spokesman for the Social Democrats of the SPD, the government coalition partner led by Merkel. “This is a matter for the competent authorities. We are in contact with them, “he added.
The first investigations led to detect a platform whose operator could be in the city of Hamburg, although several German media did not rule out that the attack was from Russia or China. According to a spokesman for the Ministry of the Interior, the exact time and place of the attack is unknown, although security authorities would have already established that the data packages were relatively recent.