Suspect, 20, arrested over massive German politician data hack

Police arrested a 20-year-old suspect in central Hesse Sunday connected to the December data breach of hundreds of politicians.

Suspect, 20, arrested over massive German politician data hack
Photo: DPA

The Federal Criminal Police Office (BKA) said in a statement Tuesday the suspect acknowledged the allegations against him, and said that he acted alone.

“During the interrogation, the defendant stated that he had acted alone in the data spying and unauthorized data releases. The investigations have so far revealed no evidence of third party participation. To his motivation, the defendant stated that he acted out of annoyance over public statements made by the politicians, journalists and public figures concerned,” the statement reads.

The young man was arrested in central Hesse Sunday and interrogated Monday, according to the BKA statement. He was released Monday evening. 

Among the estimated 1,000 people affected were members of the Bundestag lower house of parliament and the European Parliament as well as regional and local assemblies.

On Monday, the BKA said they had started to inform individuals whose information may have been illegally accessed and distributed online via Twitter.

SEE ALSO: Police search for suspects in data breach

Using “digital traces,” Der Spiegel reports, investigators focused on the young man in central Hesse, searched his home, and made the arrest. The man had reportedly already destroyed his computer by then. Currently, there appear to be no connections to foreign intelligence services.

Although the leak was sweeping, there is no evidence that sensitive information reached the public.

In the vast majority of cases, only basic contact information was made available.

The leak has nevertheless been deeply embarrassing for the political class, exposing a naive and sometimes reckless use of computer networks, and turned up the heat on unpopular interior minister Horst Seehofer.

Seehofer: “very efficient” handling of case

At a Berlin press conference, Seehofer praised the authorities' “very efficient” handling of the case despite criticism that relevant bodies were slow to respond to the leak.

He also announced measures to boost cyber defences, some of which were already in the works before the hacking incident.

Staffing at Germany's BSI cyber security body would be beefed up, Seehofer said.

And his ministry would introduce legislation on IT security in the first half of 2019, which would include an early warning system for data leaks and cyber safety certificates on IT products.

But he warned that internet users also had “a responsibility” to be aware of the risks and take steps to protect their data online.

The information, which comprised home addresses, mobile phone numbers, letters, invoices and copies of identity documents, was first released via Twitter in December but its spread gathered pace last week.

Deputies from all parties represented in the Bundestag were targeted with the exception of the far-right Alternative for Germany (AfD), the largest opposition group in parliament.

Although the leak was sweeping, there is no evidence that sensitive information reached the public, investigators and the interior ministry have said.

The case has nevertheless been deeply embarrassing for the political class, and increased pressure on the unpopular interior minister, Horst Seehofer.

Beyond politicians, the leak also exposed the private data of celebrities and journalists, including chats and voicemail messages from spouses and children of those targeted.

The information derived both from social media and private “cloud” data.

Leaking through social media

The Twitter account @_0rbit published the links every day last month, along the lines of an advent calendar with each link to new information hidden behind a “door”.

The account, which calls itself G0d and has now been suspended by Twitter, was opened in mid-2017 and purportedly has more than 18,000 followers.

It described its activities as “security researching”, “artist” and “satire and irony” and said it was based in Hamburg.

Justice Minister Katarina Barley, who last week had called the data dump an attack on “our democracy and its institutions”, called on internet service providers and social networks “to shut down accounts as soon as they have been hacked”.

She told the daily Rheinische Post that her ministry was examining what legal action it could take to press firms into more decisive measures against cyberattacks.

And she called for an EU seal of approval for best practice in IT security.

Member comments

Log in here to leave a comment.
Become a Member to leave a comment.


Germany’s top court restricts state access to online data

Germany's highest court on Friday said security services had too much unfettered access to people's online data and ordered legislation to be revised to set higher hurdles.

Germany's top court restricts state access to online data
Photo: DPA

German intelligence services and police agencies currently have the right to ask telecom and internet companies for user info ranging from names and birth dates to passwords and IP addresses, to help their investigations in areas like counterterrorism and cyber crime.

But the Constitutional Court in Karlsruhe agreed with complaints brought by privacy activists that the access to data was excessive and an unconstitutional violation of citizens' right to telecom privacy.

READ ALSO: German medical probe finds millions of records freely available online

In their ruling, judges said the current powers to retrieve data were “disproportionate”.

“It cannot be permissible to indiscriminately request information on data,” they said.

Judges said they agreed that intelligence bodies sometimes needed to pull personal data from smartphones or other devices to maintain public security.

But they said this should only be done in cases of “a specific danger” or “an initial suspicion of criminal conduct” in the context of an investigation, and not to facilitate investigators' work “in general”.

German legislators have until the end of 2021 to amend the telecommunications law to include “thresholds for the use of these powers”.

The ruling comes in response to several lawsuits, including one by Patrick Breyer, an MEP from Germany's Pirate Party that campaigns for internet freedoms.

More than 6,000 people signed a petition backing his complaint.