Bundestag: The Office for the Protection of the Constitution warns all parliamentarians about hijacked messenger accounts

Enlarge image

Plenary session in the Bundestag: "Easier to gain the trust of other potentially affected parties"

Photo: IMAGO/Christian Spicker

The Federal Office for Information Security (BSI) and the Federal Office for the Protection of the Constitution know of a "social engineering campaign that is aimed in particular at high-ranking political figures".

This is what it says in a warning that, according to SPIEGEL information, was sent to all members of the Bundestag.

The goal is therefore the "takeover of user accounts," as the title of the five-page document says.

The scam of the unknown perpetrators, which has apparently been successful several times, works like this: First, they contact the target person, for example by SMS, posing as high-ranking politicians.

Then they ask you to switch to a messenger such as Signal, WhatsApp or Telegram for a supposedly secure or confidential conversation.

Those affected should be persuaded to create a new account with these services, for which they have to enter their cell phone number.

In the next step, the perpetrators use a pretext to ask for the authentication code of the person concerned, which is needed to create a new user account.

Apparently, they are counting on the fact that their victims do not know exactly what this code is good for - namely only to verify that you really check a number given in the new account yourself.

People other than the account owner shouldn't actually have access to this authentication code.

No information on the motive

Anyone who nevertheless gives their code to the attackers gives them the opportunity to use it to hijack the new account directly.

The prerequisite for this would be that the victims use the same cell phone number for the messenger that was used to initially contact them.

"In principle, this is a procedure that has been known for a long time, and the BSI has warned against it in the past," says the document available to SPIEGEL.

It is not clear where the perpetrators got the cell phone number to contact them and how they forged it to pretend to be someone else.

The authorities also wrote nothing in the warning about the motive of the perpetrators.

If the first attack is successful, it is all the easier to deceive other targets in their environment: If the number of the first victim is already in their address book, after setting up a new messenger account they will receive a message like »[first name + last name of the person] is now using Telegrams".

The warning states: "Since the attackers then communicate from an authenticated account, they can more easily gain the trust of other potential victims".

pbe/mgb