Angela Merkel’s data leaked

Massive cyberattack targets politicians, celebrities, and journalists in Germany

The personal information and correspondence of hundreds of German politicians, celebrities, journalists, and public figures has reportedly been leaked on Twitter since early December 2018. German media reports that the leaks were first discovered late on January 3 and that German Chancellor Angela Merkel is among the targets.

The targeted leaks “[look] like a clear attempt to disrupt German politics,” said Ben Nimmo, an information defense fellow in the Atlantic Council’s Digital Forensic Research Lab (DFRLab).

While recent history and political context may cause some to point fingers quickly at the far-right or Moscow, Nimmo cautioned that “attribution of cyberattacks is a complex task, so it may take some time. The exclusion of the far right is curious, but it would be reckless to jump to conclusions.”

According to Der Spiegel, all of Germany’s major parties were affected, except for the Alternative für Deutschland (AfD), a right-wing party known for its fierce opposition to immigration and controversial ties to Moscow.

“If foreign actors, such as in Russia, or right-wing extremists—the two lead suspects among the media at this stage—are found to be behind the hack, centrist parties may try to use the incident to isolate the right-wing, populist AfD,” said Jörn Fleck, an associate director in the Atlantic Council’s Future Europe Initiative.

The AfD’s office in the eastern Saxony town of Döbeln was hit by an explosion in the evening of January 3, part of a growing string of anti-AfD vandalism.

“While the attack has not yet been attributed to a particular group,” Graham Brooke, director and managing editor of the DFRLab, said, “one of the most interesting outstanding questions is what wasn’t released. The only political party to not have any information released was the far-right AfD. While correlation is not causation, the fact remains highly suspect.”

“As a reminder from German elections in 2017,” Brookie explained, “DFRLab observed multiple examples of AfD spreading fake imagery in campaign related material and a notable amount of foreign amplification of AfD campaign content. The specter of leaks hung over the election process, but never really came to fruition.”

According to the DPA news agency, Merkel’s e-mail address, fax number, and a select number of letters either addressed to or written by the chancellor were leaked through the Twitter account in question. In addition to Merkel, government spokeswoman Martina Fietz reported that German members of parliament, German members of the European Parliament, and members of Germany’s individual state parliaments were all affected by the leaks.

Alongside politicians, the leaks have included information on journalists, public broadcasters, musicians, and comedians. Leaked information has included e-mail addresses, credit card numbers, bank account statements, private online chats, and even family photos.

The sheer volume of information on politicians from across the political spectrum makes it “hard to imagine that [the leaks’] contents won’t be instrumentalized by populist forces in the European election campaign and several [German] state contests in 2019,” said Fleck.

“At the same time,” Fleck argued “the informal consensus among mainstream parties not to use such material, which was forged during the 2017 federal elections, is likely to hold.”

Brookie warned that “for journalists and researchers covering the event as it unfolds, we must be extremely careful to not give oxygen to the bad actors by amplifying their messages, as well as not amplifying the places online where the personal data—including addresses and financial information—exists. The ethical balance covering this topic must hedge toward security of the exposed information.”

The disclosure of so much private information—not just government or industrial secrets—is likely to further spook a German public that has already been worried about the availability of personal data online. Germany has some of the world’s most stringent online data protection provisions and this latest disclosure will likely harden support for greater protection in German and European law. “It will also certainly touch a raw nerve among the public,” Fleck explained, as Germany’s “traditionally high privacy concerns further elevated since the 2013 Snowden revelations and other digital scandals since, including the Cambridge Analytica scandal in relation to the 2016 US presidential elections.”

At the same time, according to Fleck, “some among the public may feel some schadenfreude that this time not your average Internet user or online account holder but Germany’s political and media elites are impacted.”

Germany’s lower house of parliament, the Bundestag, was the subject of a hack and data leak in 2015. German authorities would eventually attribute the 2015 attack to a Russia-linked hacker group which allegedly tried to infect malware on parliamentarians’ computers in order to gain permanent access to government systems. Russian-linked hacking group Fancy Bear also infiltrated the German government’s computer systems in early 2018, setting up malware in the foreign ministry and defense ministry.

David A. Wemer is assistant director, editorial at the Atlantic Council. Follow him on Twitter @DavidAWemer.

Related Experts: Ben Nimmo, Jörn Fleck, and Graham Brookie

Image: German Chancellor Angela Merkel looks at her mobile phone during a session of the Bundestag, German lower house of parliament, at the Reichstag in Berlin September 12, 2012 (REUTERS/Tobias Schwarz)