Hack and publication of private data of German politicians and celebrities 2018/2019

from Wikipedia, the free encyclopedia

When hacking and publishing private data of German politicians and celebrities in 2018/2019 , private data of 994 people were published on the Internet through so-called doxing , and 50 even to a larger extent. These include politicians from all parties represented in the German Bundestag except the AfD and other public figures . Between December 1 and 28, 2018, the data was published in parallel on a number of different online platforms, including the blogging service Twitter , in the form of an “ Advent calendar ”.

After the stolen information had been online for weeks, the broadcaster RBB reported in detail on the publications on January 4, 2019. On the same day, the clues to the perpetrator who under the account name "_0rbit" for several years compacted YouTube channels and accounts from their operators chopped . The federal intelligence services , the Federal Criminal Police Office and the National Cyber ​​Defense Center were able to identify a 20-year-old suspect in the Central Hesse region who confessed to having published the data within two days . As a motive he gave "anger at politicians".

The case sparked a broad discussion about the security of private and public data on the Internet and calls for specific measures.

Publications

Affected

In total, almost 1,000 public figures, politicians and celebrities, were affected by the hacking attack.

The publications ( Doxing ) began in July 2017 with private data from Jan Böhmermann . Nothing was published between August 2017 and August 2018. From December 1, 2018, data was published daily, like in an Advent calendar, for around 100 people such as presenters , journalists from ARD and ZDF , YouTubers , actors , rappers and bands ; Christian Ehring , Til Schweiger , LeFloid and Sido , among others, were affected .

From December 20, 2018, hundreds of public figures, including politicians from the parties FDP , Left , Greens , SPD , CDU and the CSU, were also affected, but not politicians from the AfD parliamentary group. Those spied on included members of the Bundestag, the European Parliament and state parliaments as well as local politicians . Datasets of almost the entire CDU parliamentary group and individual politicians from the Left, SPD and Greens were published from Brandenburg, including Prime Minister Dietmar Woidke . as well as the SPD chairwoman Andrea Nahles Bündnis-90 / Die-Grünen party chairman Robert Habeck and Chancellor Angela Merkel .

Among other things, 3  gigabytes of data were published by the satirist Christian Ehring, who had won a case against Alice Weidel (AfD) in 2018 because of a controversial statement about her political language use. The journalist Rayk Anders , who had been targeted by right-wing extremists in the months before, is also affected . He had published a documentary about right-wing trolls and the secret propaganda network " Reconquista Germanica " on the Internet.

Data sources and authenticity

The data collected comes from many sources, some of which are publicly available. Some of the data are considered current and authentic, others are neither current nor truthful, according to the politicians concerned.

Federal Interior Minister Horst Seehofer (CSU) said the data came from hacked e-mail accounts, social media accounts and cloud applications . None of the data would come from the Bundestag's intranet or government networks (including the information network of the federal administration ).

In at least one case, the data was verifiably tapped through social engineering , i.e. social manipulation . The hacker had gained access to a victim's Skype account, wrote to their contacts and asked that they send him their cell phone numbers.

Publications

In almost all cases, the private e-mail addresses and mobile phone numbers of those affected were disseminated, many of them also bank details, home addresses and identification documents. In several cases, private chats with family members, which were sent via Facebook Messenger , were spread. Letters and vacation photos of those affected were also collected. The most recent information was from October 2018. The very different data were arranged and summarized in thematic blocks for publication. Further documents, e.g. pictures, are linked.

Dissemination of the data

The central publication channel was the Twitter user account "@ _0rbit", active since 2015, with more than 17,000 followers at the end, which originally belonged to YouTuber Dezztroyz and was hijacked by a hacker in May 2016. The process only received media attention on January 3, 2019, when the hacker took over the Twitter account of the web video producer Simon Unge , via which he forwarded his owner's private data to his two million followers. It was only from this point in time that the “cyber defense center” of the Federal Ministry of the Interior became aware.

The hacker stored the data on multiple servers and platforms. He created and posted videos of the documents on several websites. After the deletion of the Twitter user account and the associated blog by the respective operator, various copies of the data were still available on different servers. Exchange platforms included PrivateBin or Blogspot , which make an anonymous exchange possible, so that the data was difficult to delete.

As of December 28, 2018, no further data was published. The Twitter user account used was blocked on January 4, 2019.

Investigations

Since March 2018

At least five politicians reported the hack of their data to the police and the Federal Office for Information Security (BSI) from March 2018 , including the Bundestag member Helge Lindh (SPD): his Facebook and Twitter accounts and his AOL email address were accepted. Lindh's private documents can be found in the now published bundle. Lindh assumes that the documents were copied from his emails. The authorities saw no connection between the cases and were unable to produce any results in the investigation.

According to media reports on January 4, 2019

A trainee from Bad Oldesloe found the telephone number of the former candidate for Chancellor Martin Schulz (SPD) on Twitter and informed him about it. The Federal Office for Information Security (BSI) then began its investigations.

The investigations are coordinated in the National Cyber ​​Defense Center ; the federal prosecutor's office examines the case. The Central Office for Combating Internet and Computer Crime , a special unit of the Public Prosecutor's Office in Frankfurt am Main, has started investigations. In its own research, T-Online came closer to the person responsible for the leak, who was "an old friend" from the YouTube scene.

YouTuber Tomasz N. contacted the hacker, asked him to unblock Unge's account, and finally got access back. The hacker is said to have indicated that he found access to the Unge account through a bug in the two-factor authentication .

The account, which had more than 18,000 followers by then, was blocked on January 4, 2019. It was categorized as "security researching" and "satire and irony" and had specified Hamburg as the location . The Hanseatic City of Hamburg worked with the Irish data protection authority (Office of the Data Protection Commissioner ) to reach the European headquarters of the company Twitter, which did not respond.

The federal chairman of the Greens Robert Habeck and his party colleague Konstantin von Notz filed criminal charges for the publication of their and other data.

Main witness

On January 6, 2019, BKA officials searched the apartment of a 19-year-old in Heilbronn who had contact with "0rbit", confiscated his computer and questioned him as a witness . The person working in the IT sector was initially suspected of having published the information. The screenshot of a conversation with the perpetrator shows that "0rbit" intends to destroy his computers and other technical equipment. In the meantime, he would have deleted his account with the messenger service Telegram , through which he had previously communicated in encrypted form.

In an interview in the ARD political magazine Kontraste , the main witness stated that he knew the time of an earlier police measure through a chat, which contributed significantly to the identification of the alleged perpetrator. He also described his possible political motives as “right-wing, but not right-wing extremist”. For example, the perpetrator had repeatedly "made abysmal negative comments about refugees" and also "negative about Islam [...] that they were all terrorists". In the meantime he has “obviously another goal” and referred to right-wing populist statements by the AfD. This rejected the thesis that the perpetrator had deliberately spared her because of his right-wing attitude.

Suspected perpetrator

On January 6, 2019, the police searched the apartment of the 20-year-old student Johannes S. from Homberg (Ohm) in Central Hesse . He had already been noticed by the police two years earlier: The Giessen public prosecutor had initiated three investigations against him, among other things on suspicion of spying on data and falsifying evidence-relevant data, without any punishment. His IP address , name and home address were known to the authorities. The statements of a witness contributed to his quick exposure in the present case.

The suspect has been arrested and has fully confessed. Before that, he had tried to hide the data on cloud storage ; he overwritten his hard disk 32 times and disposed of it at a recycling yard, where it was however recovered and confiscated for analysis . Since neither risk of blackout nor risk of flight is assumed and there are higher barriers to pre-trial detention in juvenile criminal law , which may be applied to him because of his age , he was released after the interrogation . So far, the investigative authorities - in the lead, the Public Prosecutor's Office in Frankfurt am Main and the Federal Criminal Police Office (BKA) - assume a single perpetrator, but the sole perpetrator has been checked. because on the basis of interrogations by the Federal Criminal Police Office it was suspected that the suspect did not have the knowledge necessary for the act to circumvent a two-factor authentication and that the single perpetrator thesis was therefore questionable. For the investigators, the perpetrator is still the only accused. The perpetrator works with the investigators. The investigation is expected to be completed in mid-2019.

Reactions

The Chaos Computer Club (CCC) suspected a right-wing political background to the action because of the type, selection and commentary on the leaked data sets. The main account “@ _0rbit” took part in extreme right-wing discussions on Twitter channels and is networked with right-wing online activists. Furthermore, CCC spokesman Linus Neumann stated that the perpetrator had disclosed a lot of information about himself. His "approach was simply very careless, there was a chat with those affected , details of the procedure were disclosed ". The attacker also had a “need for recognition that was far too great”, since he had regularly boasted that he had lured certain people into traps and took over their accounts.

politics

Criticism of the actions of the authorities

According to its own account, the Federal Criminal Police Office was only made aware of the leak on January 4, 2019. The President of the Federal Office for Information Security (BSI), Arne Schönbohm , said on January 4, 2019 that his office had already spoken to individual MPs in December 2018 and taken countermeasures. In addition, a so-called “Mobile Incident Response Team” of the BSI had already been dispatched at that time to “warn certain people”. Schönbohm justified the procedure by stating that the publication of the stolen material would not pose a threat to the federal government , as no confidential data was included. The users concerned should pay more attention to their security rules for their private data.

Politicians from the FDP and the Left expressed their anger about the information policy of the BSI. André Hahn (left) said that it annoyed him that he heard about the incidents "repeatedly from the media", although he was a member of the parliamentary control body and the interior committee of the Bundestag. “The federal government's duty to inform the parliament also applies between Christmas and New Year.” Both the coalition partner SPD and the opposition called on Interior Minister Horst Seehofer to deal with the case and demanded a better clarification from the ministry.

persecution

Thorsten Frei (CDU), deputy chairman of the Union parliamentary group in the German Bundestag, said the state should "hack back". "This is no longer just about defensive data protection, but about the possibility of an active counterattack, which can also lead to the active destruction of servers abroad that store the data that has been tapped." Markus Reuter from Netzpolitik.org wrote over Freiss Statements as the "most useless reactions from politics." The government announced that it intends to strengthen cyber defense in the future. A “cyber defense center plus” should go into action, said the parliamentary interior state secretary Stephan Mayer (CSU).

The chairman of the Union parliamentary group Ralph Brinkhaus called for stricter penalties and criticized the fact that the penalty for " data theft " is lower than for simple theft . In addition, there are apparently criminal liability gaps in cyber crimes . The member of the Greens / Alliance90 Konstantin von Notz called the incident an “attack on democracy”, which is why it is worthwhile “to think about [...] reacting to such attacks with particular severity.” Federal Justice Minister Katarina Barley proposed a representative action by those affected as a model declaratory action against companies such as Twitter or Facebook. A head of the security department at Deutsche Telekom has also criticized the previous case law and court practice. Interior Minister Horst Seehofer announced in mid-January 2019 that the BSI would be given more powers to delete content on platforms such as Facebook. In mid-February 2019, the CSU spoke out in favor of significantly tightening the penalties for hacker attacks.

See also

Individual evidence

  1. a b c d The hacker is an old friend. In: rbb24. January 6, 2019, accessed January 6, 2019 .
  2. Suspect names anger with politicians as a motive for data theft. In: m.tagesspiegel.de. January 8, 2019, accessed March 16, 2019 .
  3. Mayoress on the hacker attack: "There is a certain pride that it was someone who comes from here" , Spiegel Online , January 9, 2019
  4. Massive hacker attack on hundreds of politicians and celebrities , Donaukurier, January 4, 2019
  5. a b tagesschau.de: Cyber ​​attack - what is known so far. Retrieved January 4, 2019 .
  6. a b c Markus Reuter: Everything except AfD: What we know about the big data leak. In: netzpolitik.org. January 4, 2019, accessed on January 4, 2019 (German).
  7. What is known about data theft. Retrieved January 4, 2019 .
  8. FOCUS Online: Berlin: Nahles dismayed by the publication of her private address .
  9. Hackers published personal data from Angela Merkel and hundreds of German public figures online , cnbc.com , January 4, 2019
  10. Mass data attack on German politicians . In: BBC News . January 4, 2019 ( bbc.com [accessed January 4, 2019]).
  11. n-tv news: "We have not yet experienced this extent". Retrieved January 4, 2019 .
  12. tagesschau.de: Who is behind the attack? Retrieved January 6, 2019 .
  13. a b c Patrick Beuth, Markus Böhm, Sonja Peteranderl, Marcel Pauly: Data from politicians and celebrities leaked: What we currently know about perpetrators and victims. In: Spiegel Online . January 4, 2019, accessed January 5, 2019 .
  14. The Associated Press: German Politicians' Data Posted Online, Govt Probes Source . In: The New York Times . January 4, 2019, ISSN  0362-4331 ( nytimes.com [accessed January 4, 2019]).
  15. a b c By Julia Klaus, Henrik Merker and Zacharias Zacharakis: Data theft: What we know about the data leak and its originator. In: Zeit online January 4, 2019. Accessed January 6, 2019 .
  16. Nadine Schmidt, Lauren Said-Moorhouse: Germany: Politicians, public figures hit by massive data leak - CNN. In: edition.cnn.com. January 4, 2019, accessed January 5, 2019 .
  17. Justin Huggler: Hundreds of German politicians hacked in massive data leak . In: The Telegraph . January 4, 2019, ISSN  0307-1235 ( telegraph.co.uk [accessed January 4, 2019]).
  18. a b Politician and celebrity hack: Former Twitter account of a YouTuber abused , heise.de, January 4, 2019
  19. a b Marlon Sander, Malte Kreutzfeld: Caught cold . die tageszeitung, p. 3 5./6. January 2019
  20. tagesschau.de: Hacker attack on hundreds of German politicians. Retrieved January 4, 2019 .
  21. By Kai Biermann, Julia Klaus, Henrik Merker and Karsten Polke-Majewski: Datenklau: The long unrecognized serial act. Retrieved January 7, 2019 .
  22. NDR: How do hackers get sensitive data? Retrieved January 5, 2019 .
  23. Response to data theft: Attorney General Barley examines stricter security requirements for providers. In: Spiegel Online . January 5, 2019, accessed January 5, 2019 .
  24. This is how the hacker justifies his action. Retrieved January 5, 2019 .
  25. Josie Le Blond: German politicians' personal data leaked online. In: theguardian.com. January 4, 2019, accessed January 5, 2019 .
  26. German politicians' data published online in massive breach . In: Reuters . January 4, 2019 ( reuters.com [accessed January 4, 2019]).
  27. heise online: Politician and celebrity hack: Police searched apartment in Heilbronn. Retrieved January 7, 2019 .
  28. Conversation minutes in contrasts of the rbb from January 10, 2019; accessed on January 17, 2019
  29. This is how the investigators found "0rbit" ; In: Tagesschau.de from January 10, 2019; accessed on January 10, 2019
  30. Björn Vahle: Data leak: This is what people say who had contact with the hacker. Retrieved January 7, 2019 . In: Neue Westfälische January 7, 2019
  31. Martin Knobbe, Marcel Rosenbach, Sven Röbel: Data leak: Public prosecutors have already investigated three times against suspects . In: Spiegel Online . January 11, 2019 ( spiegel.de [accessed January 11, 2019]).
  32. Anke Domscheit-Berg in: Maybrit Illner , ZDF, January 10, 2019 , YouTube .
  33. Data theft: Student probably has no connections in the right-wing extremist scene . January 8, 2019.
  34. ^ Echo Newspapers GmbH: After data theft from politicians: arrest in Central Hesse - Echo Online. Retrieved January 10, 2019 .
  35. Hard drive erased 32 times: Young hacker wanted to cover up traces , n-tv, January 10, 2019
  36. Roman Lehberger, Sonja Peteranderl: Data Leak: So 0rbit wanted to cover his tracks. In: Spiegel Online . January 10, 2019, accessed April 30, 2020 .
  37. ^ Echo Newspapers GmbH: After data theft from politicians: arrest in Central Hesse - Echo Online. Retrieved January 10, 2019 .
  38. Didn't Homberger data thief act alone? hessenschau .de from January 16, 2019; accessed on January 16, 2019
  39. Data theft - but not a lone perpetrator? , rbb-inforadio January 16, 2019.
  40. Investigators evaluate data: Hacker attack on politicians: Comprehensive analysis to clarify the perpetrator's motivation , fnp.de , March 13, 2019
  41. a b The Hacker von Homberg cooperates with investigators , Allgemeine Zeitung , March 13, 2019
  42. Federal government is under pressure after massive data theft ; Neue Westfälische from January 7, 2019; accessed on January 13, 2019
  43. Nico Fried Berlin: Seehofer promises full transparency on data hack . In: sueddeutsche.de . January 6, 2019, ISSN  0174-4917 ( sueddeutsche.de [accessed January 7, 2019]).
  44. ↑ Hacker attack: SPD demands clarification from Seehofer . In: Spiegel Online . January 6, 2019 ( spiegel.de [accessed January 7, 2019]).
  45. Norbert Wallet and Siri Warrlich: CDU vice parliamentary group leader calls for the right to digital counter-attack. In: Stuttgarter Zeitung.de January 4, 2019.
  46. Telekom and politicians want tougher penalties for hackers ; Golem.de of January 13, 2010; accessed on January 14, 2019
  47. ^ After a hacker attack: Seehofer makes a promise , merkur.de , February 4, 2019
  48. CSU wants to significantly increase the penalty for hackers , Handelsblatt , February 14, 2019