German police say a 20-year-old German man has "confessed" to leaks in connection what the country's media is calling "the Hacker Attack", a years-long data exfiltration campaign against politicians and other public figures.
The German Feds (BKA) revealed this morning that the unnamed 20-year-old suspect from Central Hesse, the state home of the city of Frankfurt am Main, had "provided information on his own offences". They added that he had been released last night.
Security sources were said to have told the German Press Agency and Der Spiegel, a news magazine, that the suspect is a student who lives at home with his parents.
Police said the "investigations have so far revealed no evidence of third-party participation". In a press release, the BKA said the suspect had claimed to have "acted alone" and had "stated that he acted out of annoyance over public statements made by the politicians, journalists and public figures concerned".
Deutsche Welle, a TV station, reported that police had also searched a 19-year-old Heilbronn man's home, adding that "he is co-operating with police". The teen is said to have been in contact with the suspected hacker.
Der Spiegel quoted an investigator who said the suspect was "apparently not aware" of the extent of his actions, repeating the line that he had confessed to the hack in initial police interviews – and adding that he had "destroyed his computer" prior to police searchers arriving at his home.
The BKA said in its statement that it was evaluating both a computer that the suspect told them he had "done away with" two days prior to the search and a data backup from a file-hosting service.
Most German media appears to emphasising that "there appears to be no links to foreign intelligence services" in an attempt to rule out Russian-linked shenanigans.
Work of one suspect alone?
As reported last week, the so-called "Hacker-Angriff" (Hacker Attack) saw various figures from across the spectrum of public life having their personal data dumped online. Those targeted most notably included politicians, as well as journalists and others. Data dumped online included names, addresses, personal email addresses, phone numbers, chat logs, the contents of emails, scans of letters and more.
Media concluded the hack was politically motivated, based on the noticeable absence of the UKIP-a-like party Alternative für Deutschland (AfD) from the data dumps. Others pointed out that right-wing politicians (including Chancellor Angela Merkel's own Christian Democrat Union political party) had been targeted.
The data was drip-fed out on Twitter – in the form of an Advent calendar – during December; a few days ago, Twitter got round to suspending the accounts spreading the information. One pseudonymous infosec bod on the social media platform noted that the data itself had been meticulously mirrored across multiple websites, platforms and hosts in an apparent attempt to evade takedown attempts.
This data leak has so much data squirrelled away to avoid take downs. It must have required many man hours of uploading.— the grugq (@thegrugq) January 4, 2019
- 70 mirrors of the download links
- 40 d/l links, each with 3-5 mirrors
- 161 mirrors of data files
Plus the tweets, blog posts, mirrors of mirror links.
If I had to guess, I’d say that the leak files were not produced at the same time. The changes in layout and naming suggest that it wasn’t one person in one marathon session creating these. There is variation in the archive passwords too: 123, abbreviations, variations— the grugq (@thegrugq) January 4, 2019
It appears strange that a lone 20-year-old should go to such lengths if he was not aware of the extent of his actions.
A police press conference is due to take place later today and investigators are expected to release more information about the case. ®
Sponsored: Webcast: Ransomware has gone nuclear