German investigators arrested a student they say is behind the massive leak of domestic politicians’ personal data. He’s not a Russian hacker, just a disgruntled 20-year-old from Hesse, despite media expectations to the contrary.
In December, two now-blocked Twitter accounts were used to publish links to caches of personal data of German politicians in the style of an advent calendar. Almost 1,000 public figures were targeted, including Chancellor Angela Merkel. The leaks however remained unnoticed until January, when they were reported by major media outlets.
While some speculated that the security breach may have been the latest ‘Russian hybrid attack on Western democracies’, the reality seems to be much simpler.
On Tuesday, Germany’s Federal Crime Office (BKA) updated the public on the investigation, which was launched on Friday and produced an alleged perpetrator on Sunday.
He is a 20-year-old student, who lives with his parents in the central state of Hesse, they said. The young man was detained and apparently confessed to leaking the data before being released.
The man appears to have acted alone, German officials stressed, with no evidence of a third party – yet alone a foreign government – involved. In fact, when asked about possible foreign involvement, Interior Minister Horst Seehofer, BKA chief Holger Münch, and Arne Schönbohm, the head of the BSI, Germany’s Office for Information Security, simply smiled and said “Nein,” one after another.
The leaks contained mostly contact information like private emails and phone numbers, but about 50 or 60 individuals were exposed more significantly, with their Facebook messages, photos, home addresses and bank account data published.
Those affected included journalists, elected officials and politicians, who came from all major political parties in Germany, except the right-wing Alternative for Germany (AfD).
The exclusion prompted the investigators to suspect a political motive behind the leaking, but now they are backtracking on this assessment.
“The accused said his motivation had been irritation over public statements made by the politicians, journalists and public figures affected,” senior prosecutor Georg Ungefuk told the journalist.
The suspect is facing up to six years in jail for his alleged actions. According to investigators, the breach involved no use of malware and relied on poor computer security practices of the individuals, whose private accounts the young man gained access to.
One important lesson was to raise awareness that there are more effective passwords than “iloveyou” and “12345,” Minister Seehofer told Reuters.
This didn’t stop the German official from speculating that a foreign attack on Germany may come ahead of the European election, in the form of “fake news” and other stuff. After all, expecting Russian meddling has become a habit in the West, and failure to find it is hardly discouraging.
If you like this story, share it with a friend!