German security officials contacted the National Security Agency following a data breach that resulted in private data about many German politicians, including Chancellor Angela Merkel, being publicly published, according to German media outlets.
Germany sought help from the NSA after a Twitter account began distributing phone numbers, addressees, chat histories and vacation photos belonging to politicians, journalists and celebrities, German newspaper Bild reported. Germany asked the NSA to pressure Twitter to shut down accounts that were spreading the hacked information, arguing the NSA had jurisdiction because some U.S. citizens also had their information exposed in the data dump.
Outreach to the NSA is not the only example of international cooperation. Hamburg, the German city-state, is working with the Irish Data Protection Commissioner to stop the spread of hacked information, according to the news outlet RTE.
When reached by CyberScoop Monday, an NSA spokesman said the agency, if asked, would help an ally recover from a cyber incident. The spokesman would not specifically discuss this case.
The stolen data originated with a Twitter account called @_0rbit, which opened in mid-2017 and claimed to be based in Hamburg. The user described his or her activities as “security researching,” “satire and irony” and “artist.” Twitter suspended the account by Friday, telling Bild the company acted as soon as it was notified.
Officials from all parties in the Bundestag, Germany’s federal parliament, were targeted, except for the far-right Alternative for Germany.
Horst Seehofer, Germany’s interior minister, told news outlet Sueddeutsche Zeitung he intends to coordinate with the Federal Office for Information Security, or BSI, and the Federal Crime Office to form a report on the leak within the coming days.
Germany’s ask for NSA assistance is the latest update in a complicated relationship between U.S. and German intelligence. The leaks from former NSA contractor Edward Snowden revealed in 2013 that U.S. spies sought to collect intelligence on German leaders, infuriating some in Berlin. Germany prosecutors dropped an inquiry into that case in 2017, saying Snowden’s revelations did not provide enough evidence.
German officials have identified APT 28, a hacking group researchers have long said carries out cyberattacks at the behest of the Russian government, as the party responsible for this incident, according to Bild. Suspected government hackers have targeted the German political establishment before. APT 28, also known as Fancy Bear or Pawn Storm, reportedly infiltrated networks of the German Parliament, as well as the defense and foreign ministries.