Personal data of almost 1000 public figures, most of them German politicians (including Chancellor Angela Merkel), leaked in Twitter over the course of December, The Guardian reports. German security authorities revealed that the perpetrator of the massive breach – a 20-year-old man living in Hesse – has admitted to the police his responsibility of the crime.
Although the stolen information was being published in the social network for a period of about a month, it stayed unnoticed. Only on 3rd January one of the employees in the office of Andrea Nahles, leader of the center-left Social Democratic Party, found out about the leak and alarmed the security officials. Not surprisingly, the police authority was seriously criticised about the slow reaction which can have immense consequences.
Stolen data included photographs, scans of passports, personal documents, bills, telephone contacts and more. Representatives of the Germany’s cyber security agency (BSI) expressed opinion that victims’ accounts had been hacked over a number of years. They also suggest that data was collated quietly and also analysed.
The Twitter account, through which data was spread, was located in Hamburg and was set up in 2015. The local authorities blocked it on Friday. They are now working with data protection authorities in Dublin, where Twitter’s European base is located. Their efforts are towards ceasing the spread of the victims’ data.
The interior minister Horst Seehofer told reporters at a press conference on Tuesday evening:
“Bad passwords were one of the reasons he had it so easy. I was shocked at how simple most passwords were: ‘ILoveYou’, ‘1,2,3’. A whole array of really simple things.”
Seehofer predicted that such incidents will increase in frequency and encouraged everybody who uses internet to pay greater attention to their cybersecurity hygiene. He also announced that the German police force is in a process of strengthening itself. Hundreds of cybersecurity experts will be hired in the near future who, teamed with a round-the-clock IT crew, will help the prevention and early recognition of online attacks.
The hacker, who used the pseudonyms “G0t” and “Orbit”, was traced through digital tracks he left on the internet. He was arrested on Sunday after investigators searched his home where he lives with his parents.
Holger Münch, the head of Germany’s federal police, said:
“Based on our assessment so far, we believe he acted alone. He acted out of a general discontent with politicians, or journalists, or public figures, who he wanted to expose. That was his motive.”
Apparently, he did the attack alone, although the police authorities found encrypted communication with a 19-year-old man who was aware of the attack. Since the authorities did not find his behaviour connected to larger scale political conspiracy, they released him on the condition that he does not leave his parents’ house and continues to cooperate. The crimes he will be convicted of each carry a sentence of up to three years. However, due to his clear criminal record and the fact that he will be treated as a juvenile, most probably he will receive a much lighter sentence.
“The perpetrator profile was typical of that of a “growing generation of adolescents … or kinderzimmertäter [play-room criminals] who don’t have to step out the door in order to carry out their deeds. From the preventive point of view one needs to assume that young people in their bedrooms are not necessarily just playing”, Munch added.