Expert: It’s Embarrassing that 20-Year-Old Hacked Data of German Politicians

Last week several German politicians and prominent personalities were targeted by a cyber-attack. Yesterday, the German police confirmed that the culprit of the data breach has been found and arrested by authorities. Sputnik spoke about it to cybersecurity expert Pierluigi Paganini.
Sputnik

Sputnik: Who's the person who made German high-profiles tremble?

Pierluigi Paganini: He's 20-year-old hacker. It is embarrassing, but a young and annoyed man stole and leaked personal data belonging to hundreds of German politicians. According to the authorities, the youngster is still studying and lives with his parents. He also confessed to have acted because he was annoyed about the politicians' discussions.

German Hacking Attack Didn't Compromise Chancellery, Merkel's Sensitive Data
Sputnik: Although the young man has been released, he is accused of several offences: spying, leaking data and the unwarranted publication of personal data. So, what will happen to the young man now?

Pierluigi Paganini: We have to consider that the investigation is still ongoing. It is crucial in this phase to understand how this hacker has acted and if he has done it alone. Another aspect to investigate is the real motivation: the head of cyber-security in Germany, the head of the German Federal Police Office told journalists that it was too soon to be sure to know whether the young man was acting out of far-right sympathies.

I remind you that he targeted deputies of all parties in the Bundestag, with the exception of the representatives of the far-right Alternative for Germany, which is the main opposition group in the country. Anyway, because of his young age, he will be judged according to German law, in Germany. This means that the charges — in the case he acted alone and without a specific motivation, will be reviewed and the penalty will be less severe.

READ MORE: 20-Year-Old Man Arrested Over Politicians' Hacked Data in Germany — Reports

Sputnik: German Interior Minister Horst Seehofer said he wants to tackle potential future threats by boosting the recruitment of cybersecurity experts to embed within the police force, and by setting up a round-the-clock IT crew that will use an early warning system software capable of both preventing and recognising this kind of attacks. But will these measures be enough to protect Germans from these sorts of incidents?

Sensitive Personal Data of 100 German Politicians Hacked & Leaked Online
Pierluigi Paganini: There are several things that we have to clarify: I believe that any investment in cyber-security today is crucial for the defence of the state itself and of its citizens. Threats are rapidly changing and it's important to be prepared to face new threat actors and sophisticated threats. Unfortunately, nothing is totally secure. We can improve cyber-security and the steps announced by the government are welcome.

But specialised groups could help governments in recognising malicious activities, anomalous patterns associated with ongoing attacks, and other necessary countermeasures. We must do much more. In this case, it was only a youngster, but I tell you: imagine that outside, in the cyberspace, there are so many persistent attackers and malicious threat actors — and believe me, this kind of actors can do much more.

READ MORE: 'Public Will Know': Seehofer to Disclose How German Officials' Data Was Hacked

Sputnik: Speaking of APT Groups, many experts consider them the most dangerous kind of hackers. Who are they? And why should states protect them cells from their attacks?

Germany, UK May Slap More Sanctions on Russia Amid Hacking Accusations
Pierluigi Paganini: APT Groups are an advanced persistent threat. Usually, it is a very skilled group of attackers, and in most cases, these attackers work for a government. This means that they have huge skills, but also that they are well funded — they have a huge economic resource, and also the number of members within this kind of units is very huge: these units are composed by a large number of a type of security experts, and in many cases they work also for some governments and for the foreign intelligence of some governments.

And that's why I tell you, 'Imagine the power of these units and imagine what they can do with the information that has been leaked by the youngster.' That's why such kind of incidents are very dangerous because a threat actor could use this information, for example, to move a specific spear phishing attack or, for example, to gather information, gather intelligence about specific people inside the government of another state.

The views expressed in this article are those of the speaker and do not necessarily reflect those of Sputnik.

Discuss