[BreachExchange] Massive German hack: 20-year-old admits mass doxing politicians, journalists, celebs

[Destry Winant]

https://www.zdnet.com/article/massive-german-hack-20-year-old-admits-mass-doxing-politicians-journalists-celebs/

A 20-year-old German man has confessed to being the culprit behind the
massive leak of German politicians', journalists', and celebrities'
personal data that shocked the country's political class last week.

Police raided the central Hesse house of the suspect, as he legally
remains for now, on Friday. According to a statement issued Tuesday by
federal prosecutors, the man "comprehensively acknowledged the
allegations against him and provided information regarding his
offenses".

The doxing took place over Twitter, in the form of an advent calendar,
during the run-up to Christmas. It only attracted attention last week,
though.

Included was a vast trove of financial details, phone numbers, photos,
and communications belonging to politicians from almost every German
political party, with the exception of the far-right opposition party,
the Alternative for Germany (AfD).

Chancellor Angela Merkel was among the victims, as were lawmakers from
state, national, and European parliaments.

The failure of the now-shuttered @—0rbit Twitter account to target AfD
politicians led some to speculate that far-right sympathizers were to
blame.

The magazine Der Spiegel reported that the Twitter account had
followed very few other accounts, and the far-right hate site
anonymousnews.ru was among them. The @—0rbit account itself apparently
had around 18,000 followers before Twitter killed it.

Journalists from Bild also claimed to have identified, with the help
of a couple of local hackers, the individual behind the doxing, and
said he was a right-wing extremist.

There had also been some speculation that Russia was behind the
attack. Russian hackers were indeed the main suspects in previous
hacking attacks on the German parliament, and Russia is known to have
supported the AfD in its rise to prominence.

According to Tuesday's statement from the Bundeskriminalamt (BKA, or
Federal Criminal Police Office), the arrested man said he had acted
alone, and was motivated out of "anger over public statements made by
the politicians, journalists and public figures concerned".

The BKA explained that the leaked data was stored on hosting services,
links to which were published through Twitter – both through the
@—0rbit account and through the hijacked account of a YouTube star.

Some of the data was private, some was already publicly available. The
accused used a VPN in an attempt to hide his tracks while tweeting the
links.

The suspect is not currently in custody. After his interrogation on
Saturday, the BKA said, he presented no flight risk and there were
therefore no grounds on which to keep him locked up at this stage in
proceedings.

However, the authorities seized his computers and storage devices and
are searching them for evidence. They also now have access to his
cloud data backup.

Der Spiegel reported that he had been caught thanks to "digital
traces" as well as testimony from someone else. In their press
conference on Tuesday, the authorities also confirmed a raid on the
house of a 19-year-old German IT worker in Heilbronn, to the south of
Hesse.

This raid apparently yielded "findings" that helped to identify the
main suspect, and the teenager, identified as "Jan S", is now
cooperating as a witness.

The doxing caused outrage among German politicians, particularly those
from parties not in government, such as the Free Democrats and Left,
because it swiftly emerged that the Federal Office for Information
Security (BSI) had known about the leak since December.

The BSI said late last week that it had quietly informed individual
members of parliament about the leaking of their data in December,
when the agency found out about it. However, the BSI apparently did
not inform party leaders. The Free Democrats and Greens have now
launched legal proceedings against the hacker.

"One bit of positive news is that government networks are apparently
not affected by this or these hacker attacks," Stephan Mayer, the
parliamentary state secretary in the interior ministry, told Deutsche
Welle.

"But it's clear that we as the federal government... must do more to
improve cybersecurity."