Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Germany IT Watchdog Knew for Weeks of Mass Cyber Theft

BERLIN – Germany’s cyber crime watchdog said Wednesday it learnt last month of the mass theft of 16 million digital identities through a criminal probe but needed weeks before alerting the public.

BERLIN – Germany’s cyber crime watchdog said Wednesday it learnt last month of the mass theft of 16 million digital identities through a criminal probe but needed weeks before alerting the public.

The website of the Federal Office for Information Security (BSI) had buckled Tuesday under an onslaught of requests by millions of worried online users soon after the warning was issued.

By Wednesday morning, with the site working again, the BSI said it had handled over 12 million online queries and informed 884,000 affected users, reported national news agency DPA.

Cyber criminals stole email addresses and matching passwords, which could also compromise linked social media, shopping and other online services, said the office.

The mass theft was uncovered in a probe by criminal investigators and researchers of so-called botnets, networks of hijacked computers whose users are usually unaware their infected “zombie computers” are themselves sending out spam and malware.

“The data was discovered by criminal investigators,” a BSI spokesman told AFP, saying the theft was “of exceptional magnitude”, but without specifying which judicial authority had conducted the probe.

BSI president Michael Hange defended the time lag in issuing the public alert, saying the office had needed time to set up a website where online users could securely check whether they had fallen victim to the theft.

“Setting up a process that complies with data protection laws and can handle such a large number of requests needs preparation time,” Hange told public broadcaster Bayerischer Rundfunk.

Interior Minister Thomas de Maiziere praised the BSI’s “well-prepared operation”, saying the mass theft showed the extent of the cyber threat and that the state had a duty to ensure online security.

Those affected have been advised to clean their computers using anti-virus software and to change their passwords, using complex combinations of letters, numbers and symbols.

About half of the affected accounts had email addresses with Germany’s domain-name ending .de, while many others were from other EU states, suggesting an international network was behind the spectacular data theft, Hange told DPA.

The BSI’s German-language website sicherheitstest.bsi.de allows Internet users to check whether their accounts are affected by entering their email address and then checking an email reply from the office, marked with a unique security code.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.