Student arrested over Germany’s biggest data hack

The man is suspected of hacking the accounts of an estimated 1,000 German politicians

BERLIN, GERMANY - JANUARY 07: The Reichstag, seat of the Bundestag, the German federal parliament, stands on January 7, 2019 in Berlin, Germany. Federal authorities are under heavy criticism following the recent hacker theft of personal data of prominent politicians, journalists and artists. Critics charge that federal agencies responsible for cyber security are not doing enough to protect Germany's digital infrastructure.  (Photo by Sean Gallup/Getty Images)
Powered by automated translation

A 20-year-old student was arrested on Tuesday morning in connection to the biggest dump of hacked data in German history, which affected hundreds of German politicians including Chancellor Angela Merkel.

The information, which comprised home addresses, mobile phone numbers, letters, invoices and copies of identity documents, was first released via Twitter in December.

German prosecutors arrested the man from his home in the state of Hesse on Sunday. The suspect, who evidently acted on his own, is a student who lives with his parents. Germany's investigative police force (BKA) said the suspect's apartment had been searched on Sunday, after which the arrest was made.

At a press conference on Tuesday afternoon, investigators from the Frankfurt am Main Attorney General's Office revealed that the suspect was released from custody on Monday and that he could be sentenced to a maximum of three years in prison for each of the two offences – spying out data and data leakage. However, given his young age and clean criminal record, he is likely to land a lighter punishment.

By his own account, the suspect acted out of anger at public statements made by the politicians. Investigators said the suspect confessed and is cooperating with the police.

The home of a 19-year-old man in Heilbronn, a town north of Stuttgart, who had contact with the suspected hacker was also searched.

Identified only as Jan S, he has denied being the main perpetrator behind the leaks but claims to know “Orbit”, the name used by the hacker to claim responsibility via Twitter.

Jan S said via Twitter that he had been in touch with Orbit for years via an encrypted messenger service and claimed the hacker had emailed him shortly after releasing the hacked data to tell him he was planning on destroying his computer to avoid being traced.

Frankfurt prosecutors are set to release information on their findings later on Tuesday following the house search of the suspect, the Federal Crime Office said in a statement.

The information, which trickled out over weeks, was leaked via a Twitter account called “G0d” that described itself using the words “security researching,” “artist” and “satire & irony”.


Read more: 

Hackers leak Merkel and colleagues personal information

German charged with attempted murder after NYE terror scare


The documents were published online in December in the form of an advent calendar with one post per day from the #-Orbit account, but appears to have gone unnoticed until the first week of January when it was closed down. The account had gathered 18,000 followers.

The data includes email addresses, rental-car contracts, as well as chat transcripts from Economy Minister Peter Altmaier. All major German political parties were affected with the exception of the populist, far-right Alternative for Germany.

Bild newspaper said the leaks contained data belonging to 405 politicians from Merkel's CDU-CSU alliance, 294 from the SPD social democrats, 105 from the Greens, 82 Left party members and 28 Liberal MPs.

Investigators and the interior ministry have said that, while the leak was sweeping, there was no evidence that sensitive information had reached the public.

Nonetheless, the incident is bound to be deeply embarrassing for the German government, which had bolstered its technology protections following a series of hacks in 2015.

In 2017, it set up a cyber-defence unit staffed by thousands of soldiers and IT experts to protect military networks and key infrastructure, such as power plants and hospitals. Political parties and individual politicians, however, are responsible for the security of their own devices.

Experts in hacking have said the perpetrator did little to camouflage his activities. "The procedure was simply very careless, it was chatted with those affected, details of the procedure were revealed. There were a lot of metadata, access times and motivations, spelling mistakes, own thoughts left in these data," said Linus Neumann of the Chaos Computer Club collective.