Hundreds of German politicians including Chancellor Angela Merkel have had personal detailshackedand published online, reports say. Contacts, private chats and credit card details were put out on Twitter which belong to figures from every political party except the far-right AfD.
Experts comments below:
Tim Erlin, VP at Tripwire:
“There are more questions than answers about this incident so far. Whether the questions can be answered quickly is yet to be determined.
While the data leaked is concerning, the unknown data that may have been accessed, but not yet leaked, is also a problem. It’s clear that the attacker had access to sensitive personal data, but without knowing the sources and methods, the extent of that data remains an open question.
This attack appears to have a political end, so it makes sense to look at political motivations for potential attackers as well.”
Sam Curry, Chief Security Officer at Cybereason:
“Doxing is a form of assault and is tantamount to digital sniping. Journalism, editorials and debate are not the same thing at all because these come from an established position and research and exposes in that world make it clear the voice and position of the source, but standing back and publishing information with malice is harassing and disruptive, even when it comes to public figures. Saying that the public has a right to know when it comes to politicians is not an excuse for the practice because it is almost always aimed at discrediting and destabilizing the target and not simply for the betterment of debate or discourse.
What matters in these cases is who’s voice is being used: why are they publishing? Is what they are saying factual? What agenda do they further? Is it truthful? Are they committing crimes?
Finally, never underestimate the possibility of false flag operations. We live in a multi-polar world where Clausewitz’s famous description of war being the continuation of politics by other means now has a cyber and a digital dimension. There are multiple states, criminal organizations, corporations and political groups that could have an agenda that it furthers by noise, fear, government becoming more inefficient and simple distraction. As in all these cases, wait for the source to become known, deal with facts as they appear and turn your head away from what amounts to the ongoing digital soap opera that is uncredited doxing.”
David Emm, Principle Security Researcher at Kaspersky Lab:
“The first data breaches of 2019 aren’t slow in being revealed, with the news today that numerous information on Germany’s politicians has been leaked online. The reports conclude that none of the information was of a highly sensitive political nature, but the data included banking and financial details, ID cards and private chats, that in the wrong hands could easily be put to all kinds of nefarious uses – especially when considering the sensitive nature of politicians’ jobs. We don’t know what the motivation is but it’s unlikely to be purely financial and more likely a hacktivist hoping to cause trouble. What is clear, is that across all organisations, the importance of securely storing and sharing information remains an ongoing education process as data is seen as increasingly valuable by those hoping to exploit it. It’s vital that organisations regularly review their information security processes and educate staff on how to keep their own, and others, information secure when communicating both inside and outside of an organisation.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.