Cybercrime , Data Loss Prevention (DLP) , Fraud Management & Cybercrime
German Police Identify Suspect Behind Massive Data LeakAnger at Politicians and Public Figures Allegedly Motivated 20-Year-Old Suspect
Following the massive leak of sensitive information tied to about 1,000 German celebrities, journalists and politicians, including Chancellor Angela Merkel, police say they have arrested a suspect who has confessed to stealing and dumping the information online (see: Hackers Leak Hundreds of German Politicians' Personal Data).
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The suspect, who allegedly used the handles "G0d" and "0rbit" online, is a 20-year-old German citizen who was arrested Sunday night and questioned Monday by a senior prosecutor and police officials, police say. They have not named the suspect, but say he is a student living at home with his parents in the German state of Hesse.
On Monday, the suspect "comprehensively acknowledged the allegations against him and provided information on his own offenses," the Bundeskriminalamt, or Federal Criminal Police Office of Germany, known as the BKA, said in a statement.
Annoyance Allegedly Drove Hacker
"During the interrogation, the defendant stated that he had acted alone in the data spying and unauthorized data releases," the BKA said. "The investigation has so far revealed no evidence of third-party participation. As to his motivation, the suspect stated that he acted out of annoyance over public statements made by the politicians, journalists and public figures concerned."
Officials say the dumped information included telephone numbers, addresses, payment card information, images, chat messages and other communications.
The suspect, who is being handled by a juvenile court, faces a maximum of three years imprisonment, reported Germany's national public television broadcaster, ZDF.
Police said that "due to a lack of grounds for detention," they released the suspect on Monday, but only after he had shared the location of a computer that he had attempted to wipe as well as the location of at least partial backups he placed on a cloud-based hosting service. Digital forensic analysis of the systems and other aspects of the alleged crime are still being reviewed, officials said, noting that they have recovered data from the supposedly wiped system. They also said that the suspect had used a VPN to try to hide his tracks.
A 19-year-old German man from the town of Heilbronn who was in contact with the suspect is also cooperating with authorities as a witness, German broadcaster Deutsche Welle reported. According to press reports, the suspect allegedly boasted of his deeds to the other man, via the encrypted messaging app Telegram, with which the suspect had registered an account using his own telephone number.
Germany's Federal Office for Information Security, or BSI, is investigating the "hackerangriff" - hacker attack - and says it has recovered 8.8 GB of leaked data for analysis.
So far, Germany's Interior Ministry estimates that the data leak includes information for about estimated 1,000 celebrities, journalists, politicians and other public figures, although said officials are still reviewing all of the dumped data. They have identified about 50 individuals for whom extensive personal details, including photographs and sensitive communications, were dumped online.
Lone Suspect Identified
The question of whether the suspect acted alone, however, continues. The leaks, notably, were part of an "Advent calendar" of big and little leaks, with new data being dumped every day from Dec. 1 to Dec. 24 via a Twitter account that was reportedly followed by up to 18,000 people until Twitter suspended the account on Jan. 4.
The account initially began leaking data for celebrities before switching to politicians on Dec. 20.
The information security researcher known as the Grugq says that whoever leaked the data appeared to go to great lengths to gather it, package it up as well as make it tough to eradicate.
This data leak has so much data squirrelled away to avoid take downs. It must have required many man hours of uploading.— the grugq (@thegrugq) January 4, 2019
- 70 mirrors of the download links
- 40 d/l links, each with 3-5 mirrors
- 161 mirrors of data files
Plus the tweets, blog posts, mirrors of mirror links.
Some independent security researchers say 0rbit was using an anonymity product called Perfect Privacy, which provides VPN and encryption capabilities.
But an unnamed police investigator tells German weekly news magazine Der Spiegel that authorities are treating this as an isolated case of hacking by a 20-year-old, and they see no ties to foreign intelligence services.
Leaked Data Still in Circulation
At a Tuesday press conference in Berlin, Minister of the Interior Horst Seehofer said that efforts remain underway to expunge the leaked information from online sites, but that it was unlikely that officials would be able to delete everything because the data is already in circulation.
"We cannot promise total security," said Seehofer, ZDF reported.
The interior committee of the Bundestag - the German federal parliament - is now set to probe the incident.
In his Tuesday press conference, Seehofer responded to criticism that he had said very little about how the investigation was proceeding. "This is how you, as a responsible minister, handle such things," he said.
He also rebutted criticism that police had been too slow to investigate the data leaks, after receiving alerts from officials whose online accounts were hacked, beginning in December. Rather, Seehofer praised officials for working around the clock, and said the Bundestag has already approved funding to add 315 cybersecurity experts to the Federal Office for Information Security as well a 160 employees to create a dedicated cybersecurity group inside the Federal Criminal Police Office, ZDF reported.
'ILoveYou' Password Problem
The BSI says it will be issuing recommendations aimed at helping politicians to better keep their personal data secure.
Investigators said they don't believe the data was obtained via malware, but rather by accessing victims' social media accounts, often due to weak passwords.
Seehofer said consumers and public figures alike need make it more difficult for would-be hackers to take control of their accounts (see: Why Are We *Still* So Stupid About Passwords?).
"Bad passwords were one of the reasons he had it so easy," Seehofer said of the suspect, the Guardian reported. "I was shocked at how simple most passwords were: 'ILoveYou', '1,2,3.' A whole array of really simple things."