German Cabinet Falls for Basic Phishing Scam Amid €28B Ukraine Pledge
Despite hysteria over a 'Signal hack,' 300 German officials simply handed passwords to scammers. Now, the government is using their own tech illiteracy to justify a massive expansion of domestic surveillance power.
Berlin is dealing with a massive security failure after 300 officials fell for a simple phishing scam. Now, intelligence agencies are using the incident to push for more funding and broader surveillance powers.
The integrity of German parliamentary communications is under fire, but the problem isn't the code. It's the people using it. Since mid-April 2024, federal prosecutors have been digging into a phishing campaign that bypassed Signal's heavy-duty encryption by just asking for the keys. At least 300 accounts were hit, including members of Chancellor Olaf Scholz’s own cabinet and top military brass. The attackers used a 'Signal Support' scam, tricking targets into scanning QR codes or handing over PINs. That gave the hackers the power to clone accounts onto new devices and read every single message and contact list.
Phishing is a classic social engineering move where someone pretends to be a trusted source to steal your info. In this case, the attackers didn't even try to break Signal’s end-to-end encryption. Why bother? End-to-end encryption means only the sender and receiver can read the messages, and it’s basically bulletproof from the outside. Since they couldn't break the software, they hijacked the accounts at the user level instead. It's a low-tech solution to a high-tech barrier.
The 'Russian hack' narrative isn't just about security: it’s about the money. In Berlin, the Federal Office for the Protection of the Constitution and the BSI often point to these threats when they're asking for a bigger budget. Even with the government's strict 'debt brake' policy for 2024, security spending is still a priority. By framing a basic security lapse as a sophisticated foreign offensive, these agencies make a much stronger case for a bigger slice of the €51.8 billion defense budget.
“At least 300 accounts belonging to political figures were targeted, including cabinet members, according to dpa reports from the investigation.”
The motive is pretty obvious. Germany is now Ukraine’s second-biggest military backer. According to the Kiel Institute, Berlin has committed roughly €28 billion in aid since early 2022. That kind of money makes you a prime target for Russian intelligence. But here's the kicker: despite all the leaks to the press about Russian involvement, no one has actually shown the technical proof. No IP addresses linked to the GRU or specific malware signatures have been shared with the oversight committee yet.
Konstantin von Notz, who helps lead the intelligence oversight committee, thinks the number of victims will keep climbing. But his tone suggests a bigger political shift. Proponents of the 'Security Package' are already using this breach to argue for more power to monitor encrypted chats. Critics aren't buying it. They say using a phishing attack, which could have been stopped with basic two-factor authentication and training, to justify state surveillance is just classic political opportunism.
What’s missing from most of the news coverage is any sense of internal accountability. The BSI warned officials earlier this year that state actors were targeting messaging apps. Yet, it looks like high-level officials weren't even required to turn on a simple registration lock. While the media focuses on the Russian boogeyman, the real story for German taxpayers is the lack of basic digital literacy among people managing a multi-billion euro defense budget. No amount of encryption helps if you're willing to give your PIN to a stranger.
Keep an eye on how this affects budget talks and the debate over 'Data Retention' laws in the Bundestag. If the government tries to force backdoors into apps because of this incident, they're basically trying to fix a human mistake with a hammer that breaks everyone's privacy. The investigation is still going, but the people in the business of state security are already cashing in on the political dividends.
Summary
A coordinated phishing attack has hit at least 300 German political and military figures, including several members of the cabinet. Despite the panic about a 'sweeping hack' of the Signal app, the truth is much simpler: users handed over their credentials to attackers pretending to be tech support. It's a massive failure of basic security as Germany pledges €28 billion in aid to Ukraine. While the Kremlin is the usual suspect, domestic agencies are already using the fallout to demand more money and more power to watch what people do online.
⚡ Key Facts
- Russia is suspected of a wide-scale phishing attack via Signal targeting German politicians and military officers.
- Approximately 300 accounts belonging to political figures were targeted.
- The attack involved hackers posing as 'Signal Support' to trick users into sharing PINs or scanning QR codes.
- German federal prosecutors have been investigating the attack since mid-April.
German Cabinet Falls for Basic Phishing Scam Amid €28B Ukraine Pledge
Network of Influence
- Intelligence and cybersecurity agencies (BfV, BSI) seeking increased funding and surveillance powers.
- Political figures advocating for harder stances against Russia.
- News Corp through engagement-driven sensationalism involving high-stakes geopolitical conflict.
- The article conflates a 'hack' with a 'phishing' attack; Signal's encryption protocols were not actually breached, but users were tricked into providing access.
- The article does not mention similar cyber-espionage activities conducted by Western intelligence agencies against rival nations.
- No technical forensic evidence (IP addresses, specific malware signatures) is provided to link the attack to the Kremlin beyond 'suspicions'.
The story frames Russian cyber-aggression as an inevitable consequence of Germany's military support for Ukraine, emphasizing vulnerability to justify increased security measures.