Former Deputy Head of German Intelligence Fell Victim to a Phishing Attack on Signal
16 March 14:18
Arndt Freitag von Lorinhoven, a former deputy president of Germany’s Federal Intelligence Service (BND) and former head of NATO intelligence, fell victim to scammers who gained access to his Signal account. He spoke about this in an interview with the German publication *Der Spiegel*, according to *Komersant*.
According to the 69-year-old former diplomat, he received a call from a man who identified himself as a Signal support representative and asked him to enter his PIN code, which he did. After that, von Lorinhoven’s contacts received a link to a suspicious website from his account. He immediately warned all his acquaintances not to click on the link and deleted his Signal account.
Russian hackers are targeting high-ranking officials
Der Spiegel and von Loringenhof himself link the incident to a global campaign by Russian hackers targeting officials, military personnel, and journalists. In February, the BND stated that attacks were being carried out specifically against these groups. High-ranking officials from German security and political agencies have already fallen victim. von Loringenhofen called the incident proof that “Russian state structures are continuing their hybrid campaigns and attacks at the same scale as before.”
The publication describes Lorinhöfen as a key target for attackers. Until 2010, he served as deputy president of the BND; later, he was NATO’s deputy secretary general for allied intelligence cooperation; and until 2022, he served as Germany’s ambassador to Poland. In 2024, the former intelligence officer published the book *Putin’s Attack on Germany* about Russia’s hybrid warfare.
Russia’s Global Campaign to Hack Signal and WhatsApp
In early March, Dutch intelligence agencies—the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD)—reported a global campaign by Russian hackers to hack Signal and WhatsApp.
Specifically, they pose as Signal Support to obtain two-factor authentication codes or exploit the “linked devices” feature. The appearance of two identical users in the contact list or the display of phone numbers as “remote accounts” may indicate that an account has been compromised.
“Despite end-to-end encryption, messaging apps such as Signal and WhatsApp should not be used as channels for transmitting secret, confidential, or important information,” warned MIVD Director Peter Rijsink.
