When the world gets closer.

We help you see farther.

Sign up to our expressly international daily newsletter.

Germany

Privacy Violated, When Your Life Is Exposed And You’re The Last To Know

Family pictures, porn, German armed forces' internal data – openly accessible on the internet. One mistake is enough and your privacy is destroyed.

Locked?
Locked?
Johannes Boie, Catharina Felke and Simon Hurtz

MUNICH — Mr. Maier was lucky. The money's still on his bank account, nobody used his Amazon account and no one has read his emails in his web.de inbox. Maier's login data for 47 online platforms were made accessible to the public, without his consent or knowledge. Criminals could have extracted data from his private life or ruined him financially.

Maier's real last name is indeed Maier, and he is a retired resident of the state of Baden-Württemberg in southwest Germany. He doesn't want to reveal anything else about his life for this article, though we already know what matters. His son had set up a private server for him, years ago. On his network drive, Maier stored family photos, old working papers, digitalized versions of his vinyl jazz record collection — and one Word document with the encrypted login data for all of his online accounts. Among them: his bank account, Amazon, eBay, PayPal, three email accounts and an online pharmacy.

"My son is good with computers," he says. "At least that's what I'd thought." As a matter of fact, all the content of his hard disk was online and freely accessible. Anyone could have retrieved them, without even requiring a password. It's accessible via Shodan, a search engine that finds connected machines like routers, webcams and servers. That's where we found Mr. Meier's data, contacted and warned him.

It's hard to reconstruct how Maier ended up involuntarily revealing his whole digital life. His son had moved to the United States, confirming on the phone that he had set up a password together with the server, not leaving open any unnecessary ports that could have been gateways into the home network. Those are, by the way, the two most common mistakes people make, as a result, inviting strangers into their system.

Maier's router is connected to a DS212 of Synology, an older server for private use. Such network storage devices (called NAS), can be found in hundreds of thousands of German households. Many use them as backups of the hard disks of their work station, storing photos and videos, in order to be able to access them when on the move. Those who don't want to entrust their data to one of the big cloud providers like Amazon, Dropbox, Google or Microsoft can install an NAS as private and supposedly safe alternative. But apparently it isn't always that safe.

Photo: Christian Ditaputratama

We found sensitive date from dozens of people in Germany: private photos, videos labeled Sexy Blondes Scene 3, employer references, bills, an architect's blueprints and extensive income tax declarations. One man for instance had stored the login data for 32 online services like Google, Amazon, eBay and his online banking in a Word document under the obvious title "ProviderUserPassword.docx". The concerned people use machines from big providers like Synology, Onap or Zyxel. And yet, the companies cannot be held responsible, as most likely the errors were committed by the users during the setup.

We were able to retrieve the data via the so-called File Transfer Protocol (FTP). The FTP makes it possible to access hard disks via the internet, even if you're not in the same network. Companies and universities use FTPs, but private network storage devices provide it too. In theory, the transmission is supposed to be encrypted.

That's also what a certain ship captain thought. The officer from the Ministry of Defense had set up a "My-Cloud" hard drive from Western Digital in his apartment. He stored his entire life on it, both private and professional. He used the small home server as a backup for his computer: Account statements, email passwords, data from family members and the CV of his daughter were open and accessible on the Internet.

Among the working papers were scanned identity cards from the German army and a detailed agenda with meetings in the Ministry of Defense. None of these documents should have been public.

On the phone, the officer claimed he couldn't know how the data was hacked, since access to the documents was secured by a password. When he understood that he had been mistaken, he immediately hung up.

Incomprehension, defensive reflexes, calls ending abruptly — that's how many confrontations with affected persons went for our team of reporters. The majority reacted with shock and concern, vowing to take all the necessary precautions and thankful for the warning.

Mr. Maier has set up new passwords for the 47 websites listed on his the Word document, checking each account for suspicious access. "I had more luck than wisdom," he says.

From now on, a password manager will store all of his login data. "Now I don't have to remember a single password on my own," he says. "Maybe that's better anyway, at my age."

You've reached your limit of free articles.

To read the full story, start your free trial today.

Get unlimited access. Cancel anytime.

Exclusive coverage from the world's top sources, in English for the first time.

Insights from the widest range of perspectives, languages and countries.

Geopolitics

D.C. Or Beijing? Two High-Stakes Trips — And Taiwan's Divided Future On The Line

Two presidents of Taiwan, the current serving president, Tsai Ing-wen, and her predecessor, Ma Ying-jeou from the opposition Kuomintang party, are traveling in opposite directions these days. Taiwan must choose whom to follow.

Photo of Taiwan President Tsai Ing-wen

Tsai Ing-wen, the President of Taiwan

Pierre Haski

-Analysis-

PARIS — Tsai Ing-wen, the President of Taiwan, is traveling to the United States today. Not on an official trip because Taiwan is not a state recognized by Washington, but in transit, en route to Central America, a strategy that allows her to pass through New York and California.

Ma Ying-jeou, a former president of Taiwan, arrived yesterday in Shanghai: he is making a 12-day visit at the invitation of the Chinese authorities at a time of high tension between China and the United States, particularly over the fate of Taiwan.

It would be difficult to make these two trips more contrasting, as both have the merit of summarizing at a glance the decisive political battle that is coming. Presidential and legislative elections will be held in January 2024 in Taiwan, which could well determine Beijing's attitude towards the island that China claims by all means, including force.

Keep reading...Show less

You've reached your limit of free articles.

To read the full story, start your free trial today.

Get unlimited access. Cancel anytime.

Exclusive coverage from the world's top sources, in English for the first time.

Insights from the widest range of perspectives, languages and countries.

The latest