A 20-year-old German citizen has “comprehensively” confessed to a hacking attack that released personal and financial data of hundreds of high-profile politicians, journalists other and public figures, according to Germany’s federal criminal police, or BKA.
Police arrested the man and searched his home on Sunday, and he cooperated with investigators when he was interrogated on Monday, the BKA said. The suspect told police he had acted alone in publishing the information.
The suspect’s identity has not been released, but his victims are well-known. They include Chancellor Angela Merkel and members of her Christian Democratic Union party, as well as German President Frank-Walter Steinmeier and the Social Democratic Party of Germany.
A wide variety of stolen material was published, including cellphone numbers, credit card data, photographs and private communications.
Nearly every large German political party was affected — all except for the far-right Alternative for Germany (AfD).
The suspect told police he had “acted out of annoyance over public statements” made by his victims, the police said.
As the Deutsche Welle newspaper reports, “BKA President Holger Münch said authorities were not treating the hack as a political crime and that the suspect had no known ties to right-wing extremism in Germany.”
The hacking attack dominated headlines in Germany not because it exposed any political bombshells but due to its surprising reach and the potential embarrassment of its victims. Rather than a single data breach, most of the files seem to have been meticulously culled from hundreds of social media and cloud storage accounts. Officials have said government servers and data systems were not compromised.
Links to the private information were sent out in a series of tweets in December; they seem to have gone largely unnoticed until a prominent German YouTube creator reported online that his account had been hacked.
The strategy was compared to an Advent calendar, as the hacker posted information belonging to a new victim each day in the weeks leading up to Christmas. A Twitter account named
@_0rbit was used to post links to where each day’s batch of new data was published.
The case quickly drew the attention of Germany’s Federal Office for Information Security, which said it was investigating, along with the National Cyber Defense Center.
Within two days of a special task force being established, police and cyber investigators had tracked down the suspect and were at his home in Hesse, the central German state that includes Frankfurt.
Investigators say the Twitter account the suspect used had been hijacked, and that he used a VPN service to try to mask his Internet connection.
The fact that the attack targeted all of Germany’s political parties with seats in the legislature except for a far-right party fed concerns that it could have been politically motivated. And coming on the heels of the Russian government’s attempts to influence politics in the U.S., U.K., and elsewhere, the act set off alarms that Germany’s politicians might have been caught up in a similar plot.
Last week, Justice Minister Katarina Barley called the mass exposure of sensitive data a “serious attack” that was carried out by people who “want to damage confidence in our democracy and their institutions.”
So far, police in the case say, they have turned up no signs that a third party was involved.
As we reported last week, the attack has led to some finger-pointing in Germany, with cyber experts accusing politicians of using lax security practices — and politicians asking why federal authorities seemingly weren’t aware of a massive data leak until a famous YouTuber went public.
As Deutsche Welle reports, “The spectacle of Germany’s highest security organs breathlessly pursuing a 20-year-old, who by all accounts is no elite IT professional, for the better part of a week can hardly assuage public fears that the government’s digital infrastructure isn’t up to scratch.”