by Bharat Mistry
Last week, hundreds of German celebrities, politicians and others were hit by what has been described as the biggest data leak of its kind in the country’s history. It has since emerged this week that a 20-year-old living with his parents has confessed to the authorities, claiming he acted alone. If nothing else, it should remind IT security bosses in the UK of the persistent threat from hacktivists, and the need to double down on best practice cybersecurity in 2019.
A lone wolf
The leaked data included a mix of personal and official political party information such as email addresses, mobile phone numbers, photos of identity cards, credit card info, private chat histories, and internal party communications, according to state broadcaster RBB. The doxing happened via a Twitter account, with local and Bundestag lawmakers affected, including chancellor Angela Merkel.
Russia was at first implicated in the attack, given it has been linked to previous political cyber raids in Germany including the Pawn Storm attacks documented by Trend Micro. However, the Hesse man suspected of the attack told the authorities he acted alone “out of annoyance over public statements made by the politicians, journalists and public figures concerned.”
Given the nature of the high-profile attacks and breaches seen over the past 12months, we’ve grown accustomed to reminding organisations about the threat from nation state hackers and increasingly well resourced, financially motivated cyber-criminals. These threats certainly remain, but this year’s events in Germany remind us that cyber-attacks can come from anywhere today, and poor security will be punished whoever is directing them.
A challenge for 2019
Data leaks like this can be hugely damaging to the individuals and organisations concerned. They may harm corporate reputation, convince customers to leave, and even lead to regulatory investigations and fines. There are also concerns that hacktivist activity is increasingly blurring with that of economically motivated cybercrime, as Trend Micro reported a year ago.
There are still question marks over exactly how the German suspect managed to get hold of the information that was subsequently leaked. Some of it was already in the public domain. But sensitive personal financial information, chat histories and political comms will have required more work to obtain. The challenge for organisations and individuals is that simple phishing techniques and password cracking/guessing tools have democratised cybercrime to the point where even technology novices can launch effective attacks today.
As we warn our 2019 predictions report, the number of phishing URLs blocked by Trend Micro has risen from just over eight million in 2015 to over 210m in 2018. Meanwhile, breached account credentials flood the cybercrime underground and we’re increasingly likely to see them used in conjunction with credential stuffing tools to crack open accounts en masse.
To mitigate this growing risk, individuals must become responsible digital citizens, educating themselves about phishing techniques, protecting PCs and devices with anti-malware and practicing good password management. But IT security managers must also play their part, by designing effective employee awareness programmes, enforcing strict security policies around account access and following layered security principles. If nothing else, it’s what GDPR and NIS Directive regulators are demanding.
Ultimately the authorities were able to apprehend the person responsible for this attack pretty quickly, despite efforts to hide his location with VPNs. More professional actors will not be so easy to catch as we head into a new year.