Politicians seem to enjoy the new ways of communication they can have through the internet. Communication is no longer a one way street from politicians to the public but more of a town hall meeting where everyone is invited to share their opinion. Of course, this is mostly good, but this virtual proximity doesn’t come without downside risk.
As the recent hacking attack on german politicians, artists, and journalists shows, hackers can trick unknown users into gaining access to their accounts and, therefore, their personal data.
Since there has been a lot of attention from the media, we wanted to summarise what we can learn from this event.
First of all, what happened?
Allegedly, a 20-year-old student from Homberg, Germany, hacked social media accounts, stole personal data of approx. 1000 people (mainly politicians) and published it via Twitter. By hacking the account of a famous YouTuber, the attacker could share malicious links through his profile.
The alleged hacker’s main motive is said to be attention-seeking, as he also „mistakenly“ dropped hints on how he extracted data or got into people’s accounts. Another indicator for this is that mostly „only“ contact data was published instead of more sensible data.
What happens now?
The lack of security in Germany’s IT landscape has been shown in public media once again. Many politicians are pleading for laws that enforce 2-Factor-Authentication and strong passwords to be used by major software companies.
“We are not securing data, we are securing people.” — Katarina Barley
But the problem is human nature. “Not every politician does this, ” said Katarina Barley (SPD) about the Two Factor Authentication method that she has already been using. In the Talk Show “Maybrit Illner”, she also pointed out that security has been seen as a “progression break” for too long and not about securing data but rather about securing people.
What can we learn from it?
Generally, 2-Factor-Authentication and strong passwords are a must and should, therefore, be mandatory for every company dealing with sensible data. But this has been known and should have already been implemented.
The bigger problem is the human side of the hacking attack. If employees — even highly educated government members — aren’t taught how to use social media or other web services securely, no software or encryption can prevent a data breach.
Data security always turns into a public issue once politicians or other public figures are attacked. Still, any company dealing with important customer or business data can be the victim of such an attack. In these cases, it can get extremely costly for the companies involved.
Because this is an issue affecting every one of us, we want to give you a few points to remember regarding your IT security.
- Establish 2-Factor-Authentication in your organisation!
- Use only a strong password (a password manager might help)!
But most importantly:
- Educate your colleagues, friends and customers on security issues! After all, they are all part of your network…