Arrest in mass data attack in Germany

http://www.bbc.co.uk/news/world-europe-46793116

A photograph of a screen shows tweets by twitter user @_0rbit in German, mentioning the SPD political partyImage copyright
EPA

Image caption

User @_0rbit tweeted new information every day in December

Police have arrested a suspect over a large-scale data breach which saw the personal details of hundreds of German politicians stolen and posted online.

The 20-year-old man was arrested during a search of his apartment in Hesse.

Chancellor Angela Merkel was among those who had their data published, while the leak also affected celebrities and journalists.

Private chats, contact information and financial details were all published on Twitter in the leak.

The far-right AfD appeared to be the only mainstream political party to escape attack.

The suspect has confessed, according to security sources cited by Germany’s DPA press agency. He has been in detention since Sunday.

However, police have not confirmed the confession and were scheduled to announce further details at a press conference on Tuesday.

The data was published on a Twitter account belonging to user named @_0rbit, which has since been suspended. The biography of the account described itself as involved in “security research”.

Each leak was published in a “advent calendar event”, with a new set posted daily in December – but the breach only came to mainstream attention late last week.

Who was targeted in the breach?

Almost 1,000 politicians, celebrities and journalists were affected by the leak – including some 50 attacks that were “more serious”, involving private correspondence or photos.

Image copyright
Getty/Reuters

Image caption

Angela Merkel, Greens leader Robert Habeck and TV satirist Jan Böhmermann have all been targeted by the attack

Among those affected are:

  • Chancellor Angela Merkel: her email address and several letters to and from the chancellor appear to have been published
  • The main parliamentary groups including the ruling centre-right and centre-left parties, as well as The Greens, left-wing Die Linke and FDP. Only AfD appears to have escaped
  • Greens leader Robert Habeck, who had private chats with family members and credit card details posted online
  • Journalists from public broadcasters ARD and ZDF as well as TV satirist Jan B√∂hmermann, rapper Marteria and rap group K.I.Z, reports say
  • Another TV satirist, Christian Ehring, is said to have had 3.4 gigabytes of data stolen and posted online, including holiday photos. Last year he won a court case brought by AfD leader Alice Weidel, who complained when he called her a “slut” on his TV show.
  • Centre-left SPD MP Florian Post said he felt “quite shocked” by the leak of account statements and other details online, but he added that at least one file that had been posted was fake.

The fallout has created widespread alarm politically. Robert Habeck, leader of the Greens, deleted both his Twitter and Facebook accounts on Monday after being affected by the data breach.

Germany’s Interior Minister Horst Seehofer was scheduled to address reporters on Tuesday about the fallout from the data breach.

How did the data breach happen?

On Friday, German information security officials said it was unknown whether the data was taken from a single attack on a central repository, or though multiple attacks on private communications.

But on Saturday the BSI information security agency said that a member of German parliament had reported suspicious activity on their email account in early December.

It was assumed to have been an isolated case at the time, the agency said in a statement – and was linked to the @_0rbit leaks only when the account’s existence became known.

Image copyright
EPA

Image caption

The German Federal office for Information Security revealed it learned of one breach in early December

A cyber analyst told the BBC there was speculation that hackers might have exploited weaknesses in email software to get hold of passwords that those targeted had also used on social media accounts.

German officials also said there was no evidence to suggest that government systems had been compromised.

Nonetheless, the scandal has prompted calls for action to improve cyber-security practices.

Leave a Reply

Your email address will not be published. Required fields are marked *