Wide-Ranging German Doxxing Incident Hits Hundreds of Politicians

It’s not clear why the data release wasn’t noticed earlier.

Hundreds of German politicians, including Chancellor Angela Merkel, have been doxxed in a puzzling incident, with their private information and political documents dumped online. At least one local reporter is claiming the information is explosive.

According to a report from German public broadcaster RBB, the victims hail from all major parties — except the far-right Alternative for Germany (AfD). The information released includes emails, cell phone numbers, physical addresses, private chat conversations, pictures of their ID cards and even bank details and debit authorizations. The data also included internal party documents, according to RBB, as well as “very personal data” such as conversations with family members.

Links to the data were tweeted out by a Twitter account @_Orbit in the form of an Advent calendar leading up to Christmas – but no one took notice of it until Thursday night. It’s unclear why the tweets didn’t attract attention until now – the same account (now suspended) has been doxxing people, according to the report, since the summer of 2017 and had amassed more than 16,000 followers.

German newspaper Bild said that the entire German cabinet was victimized, along with various German musicians and comedians. While early reports said that there was nothing politically sensitive amongst the data, Julian Röpcke of Bild tweeted that he had found “shocking” details related to nepotism, and that the data stretches back to 2009. He also speculated that more compromising material may be in the offing:

German Justice Minister Katarina Barley told the BBC: “The people behind this want to damage confidence in our democracy and institutions.”

“For a country that holds individual privacy so dearly and has some of the region’s strictest data protection laws this is a very damaging attack, not least for the German government’s credibility to secure itself,” said Matt Walmsley, head of EMEA Marketing at Vectra, via email.

Germany’s intelligence agencies have met to coordinate a response – and so far, no one knows who’s behind the attack or where the data was siphoned from – only that the Twitter account was registered to a user claiming to be in Hamburg. Internal government networks have not been breached, according to Germany’s federal office for information security (BSI).

Walmsley had some theories, however. “Initial reports say that members of the far-right Alternative for Germany (AfD) party hasn’t been affected so there may be a political motivation in this attack,” he said. “We shouldn’t disregard the work of foreign state actors here either, particularly Russia who have been cited in multiple attacks and cyber-interference on foreign powers, and in 2015 were accused by the German domestic security services of hacking the German parliament. Germany’s BSI information security agency was also tipped off by America last month that China was targeting the country with ‘cloud hopper’ attacks.”

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.