Hackers Dump Data on Merkel, Politicians in Giant German Leak

Data was leaked over the past weeks via a Twitter account calling itself “G0d”.

Hackers Dump Data on Merkel, Politicians in Giant German Leak
Angela Merkel, Germany’s chancellor, gestures while speaking during the Europa Quo Vadis conference in Cologne, Germany. (Photographer: Krisztian Bocsi/Bloomberg)

(Bloomberg) -- Hackers have released private data linked to Chancellor Angela Merkel and hundreds of other German politicians in the biggest data dump of its kind in the country.

The information includes email addresses, mobile phone numbers and personal chat transcripts, according to a review by Bloomberg News on Friday. The data were leaked over the past weeks via a Twitter account called “G0d” that identifies itself as based in Hamburg and describes itself using the words “security researching,” “artist” and “satire & irony.”

It looks like the hackers got the passwords to Facebook accounts and Twitter profiles and worked their way up from there, said Simon Hegelich, a political scientist at Munich’s Technical University who has studied the manipulation of social networks.

“It’s a very elaborately done social engineering attack,” he said Friday by phone. “It’s a lot of data that’s been dumped.”

The German government is taking the attack “very seriously,” spokeswoman Martina Fietz said at a briefing with reporters on Friday.

Victim’s Tale 

Torsten Schweiger, a lawmaker for Merkel’s CDU party, said the hackers spilled data including his mobile phone number as well as photos of his ID card and diplomatic passport:

  • Criminals hacked his website as well as his Facebook, Twitter and Dropbox accounts in August
  • Schweiger at the time alerted police, who investigated without ever identifying a perpetrator
  • “There’s strong reason to suspect that last summer’s attack and the current one are connected. The files leaked now were in those hacked accounts”
  • The 50-year-old says he’s learned his lesson: “I’ve reduced the data that I store online to a minimum”

The country has seen a range of intrusions in recent years. Hackers tried to infiltrate computers of think tanks associated with the governing CDU and SPD parties in 2017. A year earlier, scammers set up a fake server in Latvia to flood German lawmakers with phishing emails.

In 2015, attackers breached the network of the Bundestag parliament and stole 16 gigabytes of data. Security firm Trend Micro Inc. has linked the Bundestag attack and others to Pawn Storm, a group with ties to Russia -- whose government has repeatedly denied it’s hacking foreign powers.

Bundestag Breach

There was never any information leaked from the Bundestag breach despite its severity: hackers roamed the network for more than a week before they were detected. The Bundestag’s entire IT system had to be taken down for several days to fix the problem. The German government has since bolstered its technology protections, setting up a cyber-defense unit in 2017 staffed by thousands of soldiers and IT experts to protect military networks and key infrastructure such as power plants and hospitals.

Germany’s Federal Office for Information Security, known as BSI, is heading the investigation into the data dump at its cyber defense center. So far the agency has no indication that government networks have been affected, the BSI said on Twitter. Germany’s domestic intelligence agency BfV is reviewing the data and can’t yet comment because of the volume, a spokeswoman said.

‘Erode Trust’

“The perpetrators want to erode trust in our democracy and in our institutions,” German Justice Minister Katarina Barley said, according to news agency DPA. “Criminals and their backers must not be allowed to dictate debate in our nation.”

It’s unclear at this point whether the data release is linked to the 2015 Bundestag hack, and how significant it is. It includes two email addresses and a fax number the perpetrators link to Merkel, and a letter by SPD lawmakers sent to the chancellor in 2016 that criticizes her handling of the refugee crisis. The data connected to Merkel was not considered sensitive, Fietz said.

The data, which Germany is trying to remove, also includes what appears to be chat transcripts from Economy Minister Peter Altmaier. More mundane material includes rental-car contracts and letters, some of them several years old. The attack appears to have affected all major German political parties with the exception of the populist Alternative for Germany.

‘No Kids’

The leaks were coordinated by four Twitter accounts that appear to be linked to the political right, Hegelich said. For now, there’s no evidence pointing to Russia or the Bundestag hack from 2015, he said.

“This hack is different from breaching the Bundestag networks -- which required a much higher level of sophistication,” Hegelich said. “But they’re no kids either. It’s people that know about IT security.”

--With assistance from Iain Rogers and Patrick Donahue.

To contact the reporter on this story: Stefan Nicola in Berlin at

To contact the editors responsible for this story: Rebecca Penty at, Chris Reiter, Andrew Blackman

©2019 Bloomberg L.P.