German cybercops aware of 'dodgy' online activity in Dec

Twitter took down the accounts used by the hacker calling himself GOd following a mass hacking attack on hundreds of German politicians.
Twitter took down the accounts used by the hacker calling himself GOd following a mass hacking attack on hundreds of German politicians.PHOTO: EPA/EFE

Under-fire watchdog says it could not link activity to other data breaches till last week

BERLIN • Under fire for a mass hacking attack on hundreds of German politicians, including Chancellor Angela Merkel, the country's cyber security watchdogs said yesterday that they were contacted by a lawmaker in early December about suspicious activity on private e-mail and social media accounts, but could not connect this to other data breaches until last week.

"Only by becoming aware of the release of the data sets via the Twitter Account 'GOd' on Jan 3, 2019, could the BSI in a further analysis on Jan 4, 2019, connect this case and four other cases that the BSI became aware of during 2018," the Federal Office for Information Security (BSI) said in a statement, Reuters reported.

BSI president Arne Schoenbohm told broadcaster Phoenix that his team "had already held corresponding talks very early in December with certain Members of Parliament who were affected", and launched a "mobile incident response team".

The BSI has been slammed by politicians and critics for not notifying the Federal Crime Office till last Friday about the leak. News agency DPA and newspaper Bild reported that the security office was aware of the cyber intrusion as early as December.

Left-wing Die Linke party parliamentary head Dietmar Bartsch called the secrecy "completely unacceptable" and asked if the office had "something to hide".

Nearly 1,000 lawmakers and other prominent Germans, including rappers, journalists and Internet personalities, woke up last Friday to find links to their street and e-mail addresses, private chats from social media, bank account details and pictures of their children published on Twitter, in another major breach aimed at the country's political establishment.

Only the main opposition force in Parliament, the far-right Alternative for Germany, or AfD, was excluded, reported The New York Times. All those attacked had a history of criticising the far-right, raising suspicion that the hacker or hackers were sympathetic to their agenda, though the authorities said they had no indication yet who was behind the attack.


The breach spread a fresh round of alarm in Germany, a country where citizens especially covet their privacy, and once again raised the disconcerting question of whether even the most vigilant and sophisticated individuals and governments can safeguard their computers. Even beyond Germany, the attack fit into a building pattern of breaches with the seeming aim of shaking confidence in the political establishment or undermining important players in it.

Cyber security experts said the hacker or hackers appeared to have taken considerable effort to collect and spread the looted information across different servers in an attempt to make tracing them and taking down the data more difficult.

Dr Merkel's government has vowed a thorough investigation.

As the country's main cyber security defence team called a crisis meeting to coordinate with domestic and foreign intelligence agencies early last Friday, Twitter took down the accounts used by the hacker calling himself GOd, which had been broadcasting links to the information since early last month.

A version of this article appeared in the print edition of The Sunday Times on January 06, 2019, with the headline 'German cybercops aware of 'dodgy' online activity in Dec'. Print Edition | Subscribe