back to article Cops: German suspect, 20, 'confessed' to mass hack of local politicians

German police say a 20-year-old German man has "confessed" to leaks in connection what the country's media is calling "the Hacker Attack", a years-long data exfiltration campaign against politicians and other public figures. The German Feds (BKA) revealed this morning that the unnamed 20-year-old suspect from Central Hesse, …

  1. Anonymous Coward
    Anonymous Coward

    Oh good! It was only a 20 year-old "teen", "acting alone". Of course the "security experts" who have been bilking clueless politicos for years with their clearly ineffective services really hope this isn't true: because if the game isn't afoot, the jig is up.

  2. ThatOne Silver badge
    Holmes

    Damage mitigation...

    > It appears strange that a lone 20-year-old should go to such lengths if he was not aware of the extent of his actions.

    Sure, but it's the easiest way to say "Nothing to see here, move along already": Just paint the stereotypical image of the irresponsible young hacker (male - check, living off his mother's basement - check) who does stuff out of pure stupidity, and nobody will get to ask any embarrassing questions (like, is there any security about peoples' private information in our age of computers and networks?). This incident should definitely not interfere with the gradual push towards backdoors and mass surveillance...

    1. Alan Brown Silver badge

      Re: Damage mitigation...

      "like, is there any security about peoples' private information in our age of computers and networks?"

      How much of this is actually private and how much is merely hard to find?

  3. Anonymous Coward
    Anonymous Coward

    'confessed'

    "bring the comfy chair!"

    That said, he was probably given a (perhaps inflated) vision of what future holds: either... or. So, confess he did (no need to mention nazi/stasi ;)

  4. _LC_
    Headmaster

    Let’s hope that he speaks a few words in Russian.

    Let’s hope that he speaks a few words in Russian, otherwise our "top security" super anti-terror boneheads will have to endure some laughter.

  5. lglethal Silver badge
    WTF?

    CDU right wing - ahh what?

    Others pointed out that right-wing politicians (including Chancellor Angela Merkel's own Christian Democrat Union political party) had been targeted.

    Ummm, I'd hardly call the CDU right wing. Centre-Right at the most. Hell, if the CDU is right wing, the Conservatives must be far right! And where would that put the American Democrats and Republicans? Extreme-Right and Ludicrous-Right?

    (OK from a eurocentric point of views those probably are the correct descriptions for american parties... :P)

    1. _LC_
      Megaphone

      Re: CDU right wing - ahh what?

      The CDU has always been cuddling with the "Federation of Expellees" (Bund der Vertriebenen). They have been known for their Nazi affinity and wanting back "the old territories" (from Poland, etc.). Just look up "Erika Steinbach" (https://en.wikipedia.org/wiki/Erika_Steinbach) for an embarrassing example. There is a lot more, of course. The CDU has always been a right wing party, yes.

    2. jpo234

      Re: CDU right wing - ahh what?

      Just a few weeks ago a CDU state governor was musing about future coalition governments with the far left (Die Linke). If anything, the CDU by now is slightly left-of-center.

    3. A.P. Veening

      Re: CDU right wing - ahh what?

      Just for your information, CDU and CSU in Bavaria used to be so far to the right that there was no serious competition on the right side of them and that was quite deliberate. Since they shifted a bit to the centre, far right has come up.

      As for those American "parties", the Democrats and the Republicans are the left and right wing of the American Capitalist Party, about straddling the position where the NSDAP used to sit in Germany.

  6. GnuTzu Bronze badge

    "acted out of annoyance"

    With all the anger in the World, one might think this was a bit of an understatement.

  7. Jellied Eel Silver badge

    Your country needs You!

    So

    The changes in layout and naming suggest that it wasn’t one person in one marathon session creating these. There is variation in the archive passwords too: 123, abbreviations, variations

    Assuming this chap wasn't just a script kiddy, and had some decent skills.. How hard would it be to have a password generator script create these. I assume it also wouldn't be that hard to use website management tools or scripts to do the other activities. Or being the stereotypical kid in the basement, too much free time. But that's something I've wondered about with other incidents where attacks are 'sophisticated' and thus must be state activity. I also suspect the lack of awareness might be due to his legal advice and mitigation.

    1. Rainer

      Re: Your country needs You!

      > Assuming this chap wasn't just a script kiddy, and had some decent skills

      Such is the state of it-sec awareness among the people's representatives in Germany (and probably elsewhere, too) that I'm rather confident in saying that he is just a script-kiddie, almost 100%.

      All these people need to have their internet-privileges revoked.

  8. Frank Bitterlich

    "Hacker Attack"

    So far there has been zero mention of how he got his hands on all that data. I can't believe that he actually did all of the actual hacks himself.

    My guess is that he got all that data from multiple (probably more or less publicly accessible) dumps and just dumped them in a somewhat organized way.

    1. Charlie Clark Silver badge

      Re: "Hacker Attack"

      What hacks? This was mainly fairly harmless doxing of stuff you can easily find on the interwebs. There were some "private" chats but, of course, these were the kind of chats that people imagine are private.

      1. Frank Bitterlich

        Re: "Hacker Attack"

        There were a few bank account statements and invoices in the dumps, hardly what I would call publicly accessible. More typically what you would find if you rummaged through someone's email or cloud storage accounts.

    2. ratfox Silver badge

      Re: "Hacker Attack"

      I'll go further and assume until proven otherwise that in fact he had nothing to do with it. It's especially suspicious that he "destroyed" his computer before calling the cops. Maybe he just wants his 15 minutes of fame?

    3. Jellied Eel Silver badge

      Re: "Hacker Attack"

      So far there has been zero mention of how he got his hands on all that data. I can't believe that he actually did all of the actual hacks himself.

      Why not? Often it's a case of finding a vulnerability or entry point, then testing that against interesting looking targets. Or if you get into one system, using that to get access to others as a 'trusted' connection. Then there's the media. Hacker releases 'thousands of files' is less impressive if that's an unfiltered dump of a few people's emails and attachments. My guess is it'll turn out to be email related.

  9. big_D Silver badge

    Clarification

    Media concluded the hack was politically motivated, based on the noticeable absence of the UKIP-a-like party Alternative für Deutschland (AfD) from the data dumps. Others pointed out that right-wing politicians (including Chancellor Angela Merkel's own Christian Democrat Union political party) had been targeted.

    That is like saying that the UKIP weren't included, but the Conservatives were.

    1. _LC_

      Re: Clarification

      The "UKIP-a-like party Alternative für Deutschland (AfD)" (created and run by secret service, mind you) is relatively new. It has been speculated (high probability) that they were not included, because the data wasn't 100% "fresh". ;-)

      1. big_D Silver badge

        Re: Clarification

        Yes, they only got into the legislature during the last elections, so relatively fresh and not a big target to hit, either.

        That said, it seems that people are using traditional methods to get at them - a forklift rammed into one of the party offices last week and an AfD leader in Hamburg hit on the noggin with a 2x4 yesterday. I don't agree with the AfD, but that is still no way to show your disagreement with their policies. :-(

        1. _LC_
          Alert

          Re: Clarification

          Agreed, but you should be careful to believe everything the news is pushing. AfD folks have been known for lying constantly, very much like Trump. The press, nonetheless, passes on their lies at first - dismissing them only, when nobody cares anymore.

          For instance, the "AfD leader in Hamburg hit on the noggin" (it was in Bremen) fell on his head:

          https://www.zeit.de/politik/2019-01/http-vivi-zeit-de-repository-politik-deutschland-2019-01-frank-magnitz-polizei-view-html

          "Bremen public prosecutor rejects AfD representation of attack

          After the robbery of an AfD deputy, investigators informed the police about the crime. Their findings contradict the version of the AfD."

          ...

          "The 66-year-old had been jumped by a man from behind on Monday evening in Bremen, said the spokesman for the Bremen public prosecutor's office, Frank Passade. Video footage of the attack showed two more men. As a result, Magnitz fell and apparently hit his head unbraked. "We assume that all the injuries are solely due to the fall," Passade told the German Press Agency."

          Not anywhere near attempted murder, it turns out. ;-)

          1. big_D Silver badge

            Re: Clarification

            Interesting, I hadn't seen any further news after the Tagesschau yesterday evening, so I missed that.

            1. _LC_

              Re: Clarification

              That's the way it works. The first "claim" (lies) makes the big news, while the retraction comes in a quiet and almost concealed fashion. Effect: the lies end up engraved in people's minds as 'facts'.

  10. Anonymous Coward
    Anonymous Coward

    B...b....but...

    ...I thought it was Putin whodunnit?! That’s what our mainstream media were telling me, even El Reg leaned in that direction. Damn the truth, it’s so inconvenient and just doesn’t sell copy or get enough clicks.

    1. DropBear Silver badge

      Re: B...b....but...

      I have no stake in the "Putin race" either way, but if you honestly think it was just this "annoyed" guy "acting alone"... I have a bridge to sell you.

      1. _LC_
        Thumb Down

        Re: B...b....but...

        "I have no stake in the "Putin race" either way, but if you honestly think it was just this "annoyed" guy "acting alone"... I have a bridge to sell you."

        Thanks for showing, how propaganda works. "I'm not saying it is red, but I believe it is dark red!"

        Even though it has been CLEARLY* dismissed, you keep adding “the usual suspicions”.

        ---

        * It turns out the BKA (German state police) had been investigating him since 2016. A quick glance at the hack and the released data should have brought up “striking similarities” between the two cases.

        The youngster bragged about his hack, which ended up with him getting caught.

        The released data itself, was rather harmless. Many of those “personal details” could be found in the phone book. I'm pretty sure that ANY (bigger) secret service could provide you with such data in a matter of minutes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019