German hacker confesses to massive data leak, spurred by ‘annoyance’

Update German hacker confesses to massive data leak, spurred by ‘annoyance’
Authorities have said that almost 1,000 people were affected by the data breach, which include members of all parties in the parliament except those from the far-right Alternative for Germany party. (AFP)
Updated 08 January 2019
Follow

German hacker confesses to massive data leak, spurred by ‘annoyance’

German hacker confesses to massive data leak, spurred by ‘annoyance’
  • Police office and Frankfurt prosecutors will hold a news conference later in the day
  • Extensive personal data was published in up to 60 cases

BERLIN: German authorities on Tuesday said a 20-year-old hacker had confessed to stealing and leaking private data from hundreds of politicians, including Chancellor Angela Merkel, because he was “annoyed” by some of their public statements.

The young German, who lives with his parents, was taken into custody after police searched the family home in the western state of Hesse on Sunday.

The suspect was not remanded in custody however because he was fully cooperating with the enquiry and not deemed a flight risk, said Georg Ungefuk, a spokesman for the Frankfurt prosecution service’s Internet crime office ZIT.

“The accused said he published the data because he had been annoyed by certain statements made by those affected,” Ungefuk told a press conference in Wiesbaden.

The suspect, who because of his young age falls under juvenile law in Germany, told police he acted alone.

Ungefuk added that the young man had shown “clear remorse” about the stunning cybersecurity breach, which affected around 1,000 German politicians, journalists and celebrities and piled political pressure on the government.

The information leaked online comprised home addresses, mobile phone numbers, letters, invoices and copies of identity documents. The data was first released via Twitter in December but its spread gathered pace last week.

Among those hit were members of the Bundestag lower house of parliament and the European Parliament as well as regional and local assemblies.

Deputies from all parties represented in the Bundestag were targeted with the exception of the far-right Alternative for Germany (AfD), the largest opposition group in parliament.

Speaking at the same press conference, the head of cybersecurity at Germany’s Federal Police Office (BKA), Heiko Loehr, said it was too soon to say whether the suspect was acting out of far-right sympathies.

“We are still investigating his motives and whether they may have been criminal or politically motivated,” he told reporters, adding that police were also working to confirm whether the suspect did indeed work alone.

Investigators have seized computers and hard drives from the scene that were now being combed over by experts, Ungefuk added.

He confirmed media reports that the suspect had tried to destroy a computer before the raid, but said investigators were still able to retrieve data from the damaged device.

Although the leak was sweeping, there is no evidence that sensitive information reached the public, investigators and the interior ministry have said.

In the vast majority of cases, only basic contact information was made available.

The leak has nevertheless been deeply embarrassing for the political class, exposing a naive and sometimes reckless use of computer networks, and turned up the heat on the unpopular interior minister, Horst Seehofer.

Critics said the ministry and relevant authorities were slow in informing affected politicians of the leak and moving to stop it.

Seehofer is due to speak to reporters in the afternoon.

Beyond politicians, the leak also exposed the private data of celebrities and journalists, including chats and voicemail messages from spouses and children of those targeted.

The information derived both from social media and private “cloud” data.

The Twitter account @_0rbit published the links last month, along the lines of an advent calendar with each link to new information hidden behind a “door.”

The account, which calls itself G0d and has now been suspended by Twitter, was opened in mid-2017 and purportedly has more than 18,000 followers.

It described its activities as “security researching,” “artist” and “satire and irony” and said it was based in Hamburg.

Justice Minister Katarina Barley, who last week had labeled the data dump an attack on “our democracy and its institutions,” called on Internet service providers and social networks “to shut down accounts as soon as they have been hacked.”

German politicians and lawmakers have repeatedly fallen victim to cyberattacks in recent years.

In 2015, the Bundestag network was hit by a malware attack later blamed on Russian hackers.

In March last year, computer networks belonging to the German government came under sustained attack and data from foreign ministry staff was stolen.

At the time, Moscow denied that Russian hackers were involved.