Germany has sought assistance of Irish data protection officials and US intelligence after a "very, very serious" hack of digital communications of German journalists and its politicians from state, federal and European parliaments – including chancellor Angela Merkel.
Senior German intelligence officials confirmed on Friday the theft of at least 1,000 data sets, including telephone and credit card numbers as well as the contents of emails, text messages and chat transcripts from leading political figures.
The information was leaked slowly online, including via Twitter and YouTube, and a government spokeswoman in Berlin said it was “still not clear” who was behind the hacking or when the data was stolen.
A government spokeswoman added that the information leaked so far was authentic and appeared to have been collected over a considerable amount of time and included “relatively up to date as well as older data tranches”.
“Those behind this want to damage trust in our democracy and its institutions,” said Katarina Barley, Germany’s federal justice minister of what she called a “serious attack”.
Federal security officials say most data appears to have been stolen in a so-called “spear-fishing” attack via the Outlook email programme.
About 30 Bundestag employees clicked on an attachment or were prompted to enter a password on a fake site, allowing backdoor access to their – and other – network accounts.
Interior minister Horst Seehofer added that other breaches took place through cloud services and social network log-ins and promised an expedited search for Germany’s “data thief”.
Years of hacks
Officials at Germany’s cyber security agency (BSI) suggested accounts had been hacked over a number of years, data collated quietly and analysed.
The agency has made contact with those affected so they can take appropriate measures and insisted there was “limited” blackmail potential from the data known to have been stolen so far.
“We had contact with individual MPs at the start of December,” said Arne Schönbohm, president of Germany’s federal security office (BSI).
According to reports, among the data stolen were photographs, scans of passports, personal documents, bills and telephone lists.
The same officials indicated they had no indication the hack took place via an external breach of the government network but declined to comment on speculation of insider involvement.
Other the far-right Alternative für Deutschland, members of all political parties in the Bundestag were affected, with Dr Merkel's Christian Democratic Union (CDU) – and her cabinet – heaviest hit. Included in the data: two email addresses and a fax number for Dr Merkel's office.
Additional hacking victims included President Frank Walter Steinmeier, leading satirists and 33 public television reporters – including Hajo Seppelt, a key journalist on doping in sport.
Intelligence sources say they are investigating the possible involvement of several states, including Russia and China.
The Twitter account used to spread the data – apparently located in Hamburg and set up in 2015 – was blocked on Friday.
Authorities in Hamburg said they were working with data protection authorities in Dublin – home to Twitter’s European base – to stop the spread of German politicians’ data. The Twitter account used to spread personal data has been deleted, but city officials were on Friday waiting for Twitter to delete a list of short links to other platforms where the data also resides.
“We don’t know what hasn’t been published yet,” said Dr Sandro Gaycken, a cyber security specialist at Germany’s Chaos Computer Club, a leading IT and hacker association. “The interesting question is always what was taken but not publicised, and to what ends it will be used.”
He suggested that the lack of leaked information from the AfD could be a false flag to suggest involvement of the far-right and/or Russia.