When the private details of some 1,000 politicians and celebrities were leaked and released online in Germany—including those of Chancellor Angela Merkel—the country was shocked.
It was the biggest data breach ever in Germany.
According to German authorities, the 20-year-old student, whose name has not been released, is still living with his parents has admitted his involvement to the police.
The documents were published online in December in the form of an advent calendar with one post per day from the @_0rbit account. That account itself was only closed down late last week but by then it had attracted 18,000 followers.
Politicians from the far-right Alternative for Germany (AfD) party were the only ones to be spared in the attack, which targeted both former and current officials, including Merkel.
Around 50 of the data breaches and public reveals were considered to be high-level breaches that included everything from telephone numbers and addresses to credit card data, photographs and private communications. In the other cases, contact information such as email addresses and phone numbers were leaked. Merkel saw her email address and some official correspondence released.
Aside from Merkel, targets included high-profile actors, comedians and dozens of journalists from publicly-funded German media outlets.
The 20-year-old who has admitted to the crime was ultimately nabbed because of his use of the Telegram encrypted messaging app, which linked to his real mobile phone.
Investigators told local media that the 20-year-old had taught himself the skills he needed using online resources and had no training in computer science. Investigators said the man was still in school and living with his parents in the German region of Hesse.
Suspicions abound, though, that this wasn’t just a random one-man operation. Because of the scale of the operation—and the fact that no right-wing politicians were targeted—has led to speculation that the leak could have been masterminded by a nation-state, with tongue-in-cheek references to Russia. Despite that speculation, German investigators have ruled out Moscow’s involvement for the time being. German media had also speculated that a right-wing media organization was behind the attack.
A government source had told Reuters Friday that the authorities were investigating all possibilities, including espionage, saying that given the scale of the attack it was unlikely that a single person was responsible for compiling the enormous amounts of data involved.
Germany's investigative police force (BKA) said in press release that the 20-year-old suspect told them he was motivated by "anger at the public statements of the politicians, journalists and public figures concerned”.
He was released following his statement due to lack of grounds for continued detention and taking into account his age and his agreement to cooperate.
Nonetheless, the scandal has prompted calls for action to improve cyber-security practices. Last year, German officials said there had been repeated cyberattacks against politicians, the military and several embassies. They blamed Russia.
Earlier this year, the country established a cybersecurity department to ensure a coordinated response to online threats.
By Michael Kern for Safehaven.com
More Top Reads From Safehaven.com