Targeting politicians with cyber-attacks is not new, cybercriminals, hacktivists and rival nations have been doing this for many years. In 2016, Russian hackers allegedly tried to interfere in the 2016 US presidential election. The British parliament was targeted in mid-2017 in an attempt to access the accounts of hundreds of MPs, Lords, aides and staff by the suspected Russia and North Korea. During July 2018, hackers stole 1.5 million accounts patient data in Singapore including those of Prime Minister Lee Hsien Loong.
This past week reminded us that every country, threat actor, or past victim is susceptible to being targeted again, just like Germany. When we look at Germany, we see that German politicians were already hacked in 2015. The threat actors attempted to install software that would have given them permanent access to computers used by staff of the German parliament and MPs. The German domestic intelligence agency pointed the finger at Russia.
In March 2018, hackers used highly sophisticated software to penetrate the German government’s main data network that is used by the chancellor’s office, ministries, and the German parliament. The attack was narrowly targeted, apparently seeking specific information. A Russian hacking group backed by the Russian government was the main suspect, most likely Snake, APT28, or Fancy Bear.
The Culprit of the Attack
When the latest hack hit the headlines a few days ago, Russian state-sponsored hackers became immediate suspects. As it turned out, incorrectly so. In fact, the major breach was committed by a 20-year old man using the pseudonyms “G0d” and “Orbit”. His motive was hacktivism - in this case anger at politicians. The Twitter account from which he had been leaking the messages or politicians’ data was hastily shut down, with a reported 18,000 followers.
The 20-year old purchased stolen credentials on the dark web (you can read more about the dark web shopping center in this blog), for which he is facing additional criminal charges in addition to the compromised email accounts of hundreds of politicians, including German Chancellor Angela Merkel and President Frank-Walter Steinmeier. He dumped the stolen data which included personal phone numbers and addresses, internal party documents, credit card details, private chats, ID cards, direct debit records and family photos in the style of an advent calendar on Twitter between December 1 and 24, 2018.
All of the main German political parties were hit, except the far-right Alternative for Germany (AfD). Possibly unrelated, one of the party members was brutally beaten up, , on the same week. All in all, 405 CDU-CSU politicians, 294 SPD politicians, 105 Greens, at least 82 Left party members and 28 FDP MPs were victimized. So, what about GDPR? It will be very important to see the consequences of the privacy aspects based on the GDPR regulation.
What Steps is Germany Taking to Prevent Future Attacks?
After the breach, the German government is taking action to improve its cyber defenses before the European parliamentary elections in May 2019. Some of the measures include hiring additional cyber experts despite the shortage, setting up a dedicated unit to monitor and prevent similar attacks in future, updating existing cybersecurity laws, and increasing cybersecurity awareness training for politicians and the general public.
It is especially important to be equipped to detect rapidly changing threats that are often able to avoid conventional cybersecurity solutions. With Cymulate’s Breach & Attack Simulation (BAS) platform, German or any other nation’s governmental agencies can continuously test their security framework and validate their security controls to better prepare to face new threat actors and sophisticated threats trying to compromise their systems. To learn more, click here.