A TEST OF
CYBER RESILIENCE IN GERMANY
Privacy-Conscious Germany Is Reeling from One of the Biggest Cyber-Attacks in the Country’s History
Personal details of around a thousand politicians, plus journalists, public figures, and celebrities, have been leaked. Fingers are pointing angrily. Why did the authorities react so slowly, only a month after the leaked material was first published? And who is behind it?
These are good questions to ask, not least in other countries whose political systems are also gapingly vulnerable to the hacking and leaking of private material. Answers are scant. The attack was not technically adept: it seems to have involved breaking into a dozen or so private e-mail accounts, and then harvesting details from address books and old messages. There is no suggestion that government or official networks were breached—at least on this occasion. The data involved is mostly boring. In countries such as Sweden and Finland, politicians’ mobile phone numbers are practically public knowledge—they put them on their websites and on their business cards. Abuse is surprisingly rare. Other elements of the leak involved genuinely private material, such as family photos, but with no direct political significance.
The most potentially important data was private messages on social media platforms, and other communications. These could, perhaps, show politicians saying unpleasant things about their party colleagues, conspiring to further personal agendas and trying to raise money.
We don’t know, because the German media so far, with commendable responsibility, has not republished the leaked data. This is in sharp contrast, readers will remember, to the headless-chicken approach of the U.S. media during the 2016 presidential election campaign, when journalists seized gleefully on the embarrassing material leaked from the Hillary Clinton campaign and Democratic National Committee, giving little thought to the motives of the attackers.
The German response is much closer to France, where the media ignored supposedly scandalous material exposed in the broadly similar hacking-and-leaking attack on Emmanuel Macron’s presidential campaign, (the so-called “MacronLeaks” affair of 2017). Julian Reichelt of Bild, Germany’s biggest-selling tabloid, says that an enormous quantity of data has been deliberately published, with the aim of depicting politicians as corrupt, behaving improperly or otherwise vulnerable. Journalists will sift and assess the material, but only to see if it reveals bribery, illegal deals or other potentially criminal behavior.
The main point for Germany is not that politicians are committing politics, but that their country is under attack. And from whom? The German authorities detained (and have since released) a suspect who confessed to "acting alone in spying and illegally publishing the data," motivated by of anger towards the targeted politicians, media, and celebrities. However, it cannot be ruled out that the suspect could be acting under a foreign intelligence service’s direction, perhaps unwittingly, or for money.
Another wrinkle is that the German cyber-security authorities seem to have been caught on the hop by the affair. Given the hysteria in Germany in recent years about the supposedly nefarious and unaccountable activities of the NSA, the American electronic-intelligence and cyber-security agency, exposed by the defector Edward Snowden, it is interesting to note that it was to their U.S. partners that the Germans first turned to help when the full scale of the attack became public. Germans may now wish to reassess other aspects of the transatlantic relationship, and the virtues of transparency campaigners who feed on others’ privacy.
But the big message is about resilience. Hacking-and-leaking stunts work chiefly by exploiting weaknesses in the target country’s media system. It is this test that Germany now faces.
Europe's Edge is an online journal covering crucial topics in the transatlantic policy debate. All opinions are those of the author and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis.
08 January 2019