What we learnt from Germany's massive hack?

Someone has been publishing a massive trove of sensitive personal information, including phone numbers, private chats, family photos, and documents of dozens of German politicians in what some are calling it as “the biggest hacker attack” in the country’s history.

On Friday, the leak was the biggest news in Germany, and perhaps in all Europe. German authorities are investigating the incident, and victims are already speaking out about how it’s affecting them.

The leaks first attracted widespread attention in Germany, and subsequently around the world after news outlet RBB first reported on a Twitter account that spread the data. (Twitter has since suspended the account.) The person or people behind it had been posting links to the stolen data since early December, but apparently very few noticed until Thursday, after YouTube celebrity Simon Unge revealed he had been hacked too.

The hackers behind the leak appear to have carefully disseminated and backed up the files online on several platforms to avoid takedowns. According to the security expert known as The Gruqg, the data had been uploaded to as many as 161 different locations online.

This data leak has so much data squirrelled away to avoid take downs that it must have required many man hours of uploading.

* 70 mirrors of the download links

* 40 d/l links, each with 3-5 mirrors

* 161 mirrors of data files

There’s an inherent and almost irresistible allure to hack private data, but one need to ask himself if it’s worth boosting it and spreading it further, especially considering that no one knows who stole it or what their motivations are.

This is of course not the first time hackers have dumped stolen or hacked data online with the apparent goal to cause a ruckus and attract media attention. Most famously, months before the 2016 US presidential election, Russian spies posing as a lone Romanian hacker started publishing documents allegedly stolen from the Democratic National Committee. In the following weeks and months, the data slowly dripped online, both via the spies’ online persona (named Guccifer 2.0) and via WikiLeaks, which then also published emails stolen from Hillary Clinton’s campaign chairman John Podesta.

In 2014, North Korean hackers broke into Sony Pictures and started dumping thousands of emails of Sony executives. Just like they would two years later with the DNC and Podesta leaks, journalists eagerly plowed through the messages highlighting even the most trivial of stories, such as Sony executive’s choice of pubic hair product. In that case, news stories were written about private citizens, many of whom were average people who had done nothing newsworthy or wrong.

Similarly, the Podesta emails barely contained anything incriminating or scandalous, but simply because they were stolen and private emails of a prominent political figure they, felt salacious and were endlessly picked over.

In 2017, hackers targeted Emmanuel Macron, the then candidate to become France’s president, with a similar leak ahead of the elections with the apparent goals of causing political uncertainty.

Of course, these are all newsworthy events that need to be covered. But by recklessly highlighting stolen data-especially if it’s highly personal-journalists, readers, and the people who share the documents run the risk of not only hurting hacking victims again, but also promoting the hackers’ agenda. As witnesses and narrators of current events, we hold a lot of power and we need to use it wisely. Our megaphones are powerful and need to be tuned and used in the right way - report the news without furthering the agenda of hackers or spies.

On Friday, for example, some journalists and media outlets published screenshots of the hackers’ Twitter profiles used to disseminate the German politicians data without redacting links to the hacked data itself, which at the time were apparently still live.

Disinformation expert and Johns Hopkins professor Thomas Rid warned on Twitter that “it is highly unethical to further publicize access to all the private data of so many prominent, high-interest individuals.”

John Hultquist, the director of intelligence analysis at security firm FireEye, told that we should exercise caution here.

“Just like an interview that has been edited unethically, we may be getting a purposely misleading view,” he said in an online chat. “I think we should focus on why these things were leaked rather than what was leaked.”

It’s time to prove we can learn from our mistakes and think carefully about what kind of information we're spreading before we Tweet and post about it on Facebook as we did with Podesta and other previous hacks and leaks.

“I hope we learned that lesson after 2016,” Hultquist said.