German cyber officials defend handling of mass data attack
Germany's cybersecurity authority has defended its handling of a mass data attack on hundreds of politicians, after criticism it did not tell the police about the breach for weeks.
The agency says it was not aware of the full extent of a systematic leak of information until Thursday night.
Journalists, celebrities and politicians, including Chancellor Angela Merkel, are among those whose personal data was published online.
It is unclear who was responsible.
The attacks took place throughout December, but did not become public knowledge until Friday.
- Hacking of German ministries 'ongoing'
- Russia 'behind German parliament hack'
- Data: 'The end of truth as we know it?'
The contacts, private chats and financial details of figures from every political party – except the far-right AfD – were posted on Twitter.
The interior ministry says there is no evidence that parliamentary or government systems have been compromised – and it is not clear whether the attack was the result of hacking – or someone with access leaking the data.
Who knew what, when?
The Federal Office for Information Security (BSI) came under fire after it emerged that they knew about the leak since December, while the Federal Crime Office was only notified on Friday.
BSI president Arne Schoenbohm told broadcaster Phoenix that his team "had already held corresponding talks very early in December with certain members of parliament who were affected", and launched a "mobile incident response team".
On Saturday however, the BSI said in a statement it had only known about five isolated cases for weeks, and could not connect the dots until Thursday.
Earlier, Dietmar Bartsch, parliamentary head of the left-wing Die Linke party, had called the perceived secrecy "completely unacceptable" and asked if the office had "something to hide".
Meanwhile, lawmaker André Han said: "It makes me unbelievably cross that yet again I've found out about such things from the media – even though I'm a member of the parliamentary monitoring group… the federal government's duty to keep parliament informed still applies between Christmas and the new year."
Who exactly was targeted?
National and local political figures as well as some TV personalities had their details stolen:
- Chancellor Angela Merkel: her email address and several letters to and from the chancellor appear to have been published
- The main parliamentary groups including the ruling centre-right and centre-left parties, as well as The Greens, left-wing Die Linke and FDP. Only AfD appears to have escaped
- Greens leader Robert Habeck, who had private chats with family members and credit card details posted online
- Journalists from public broadcasters ARD and ZDF as well as TV satirists Jan Böhmermann and Christian Ehring, rapper Marteria and rap group K.I.Z, reports say
The true extent of damage caused by the leak is not yet known although Justice Minister Katarina Barley said it was a "serious attack".
"The people behind this want to damage confidence in our democracy and institutions," she said.
It is not clear who was behind the attack, although suspicion has fallen on right-wing groups in Germany, as well as Russia.
Russia has been accused of cyber-attacks in Germany before, including an attack on the government's IT network last year.
- How sextortion scammers targeted a BBC reporter
- Hot tub hack reveals washed-up security
- Celebrities 'hacked' to spur Twitter fix