Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

German IT Security Agency Defends Response in Hacking Case

Germany’s IT security agency on Saturday defended its response to the leaking of hundreds of politicians’ private information, after lawmakers accused it of failing to inform them quickly enough.

Germany’s IT security agency on Saturday defended its response to the leaking of hundreds of politicians’ private information, after lawmakers accused it of failing to inform them quickly enough.

Politicians from several parties questioned why the Federal Office for Information Security, or BSI, didn’t alert Parliament about the suspected hacking case when it first came to light in December.

In a statement, the agency acknowledged it was approached by one lawmaker about suspicious activity on his private email and social media accounts in early December, but said it believed at the time his experience was a one-off case.

“The BSI took this case very serious and took it up with the National Cyber Defense Center,” the agency said in a statement, adding that it wasn’t aware of the planned mass online leak of data that occurred Thursday via Twitter.

“It was impossible to foresee at the start of December 2018 that there would be further cases,” the BSI said.

The statement appeared to contradict comments by BSI chief Arne Schoenbohm, who told public broadcaster Phoenix on Friday his agency had spoken to “individual lawmakers who were affected by this very early on in December.”

As many as 1,000 German politicians and celebrities are believed to have been affected by the breach of data that includes private addresses, cellphone numbers, chat records and credit card numbers.

Authorities are still investigating who was behind the theft and publication of the information, which didn’t include any data on lawmakers from the far-right Alternative for Germany party.

The information, while potentially embarrassing to some lawmakers, doesn’t appear to have revealed any major political scandals. The leak has once again sparked debate about cybersecurity in Germany.

German news agency dpa reported the country’s federal police agency wasn’t alerted to the data breach until Thursday night.

Manuel Hoeferlin, a lawmaker with the Free Democratic Party, was quoted telling dpa the BSI should “critically examine” its procedures.

Social Democratic Party lawmaker Jens Zimmermann told the Handelsblatt daily newspaper it was “extremely unsatisfactory” some parliamentarians only learned of the hack through the media.

A German YouTube star whose Twitter account, @unge, was hijacked last week to disseminate links to the stolen material, said Saturday it appeared human error was to blame in his case.

Simon Unge, whose real name is Simon Wiefels, said the perpetrator first gained access to his email account and then convinced a Twitter employee to disable a second security check required to take control of his account on the social networking site.

Twitter didn’t immediately respond to a request for comment and it wasn’t clear how many of those affected by the leak had such “two-factor authentication” enabled for their email or social media accounts, and whether the hacker similarly managed to bypass it.

The BSI said it currently believes government networks weren’t compromised.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...