German authorities say a 20-year-old, acting alone, was behind a huge leak of personal data concerning leading politicians and celebrities. The man has confessed, but questions remain about German cybersecurity.
Germany's investigative police force, the BKA, has arrested the hacker responsible for what some have called one of the largest data leaks in Germany's history. The 20-year-old from the western German state of Hesse could now face charges of stealing and illegally publishing private data.
"The suspect was questioned on January 7 by the responsible prosecutor and BKA officials," the BKA announced in a statement. "He extensively confessed to the accusations against him and provided helpful information beyond his own crimes."
According to the BKA, the suspect said he was acting alone, and there are no indications of anyone else or any foreign state being involved. The BKA said the suspect had indicated he was motivated by "anger at the public statements of the politicians, journalists and public figures concerned."
The published material included personal data from Chancellor Angela Merkel and other political leaders, celebrities and journalists. Hundreds of politicians from all political parties except the far-right Alternative for Germany (AfD) were affected.
But BKA President Holger Münch said authorities were not treating the hack as a political crime and that the suspect had no known ties to right-wing extremism in Germany.
At a press conference with Münch and the head of the government's IT security agency, Arne Schönbohm, German Interior Minister Horst Seehofer said the identity of the suspect had been known since Sunday.
"In important matters like this, we do our job," Seehofer insisted, most likely in response to detractors in the political opposition, who had accused him of not taking the hack seriously enough.
Seehofer said attempts had been made to delete the stolen data immediately after the leak became known late on January 3, and that the Interior Ministry had advised members of the German parliament on what to do about the hack. He said authorities had worked "very well, very quickly and very efficiently."
Münch added that a task force had initially been set up under the assumption that the hack was more extensive than it was. The sole suspect, he said, had been located within 48 hours of the leak becoming known, and authorities had succeeded in preventing the data from being further disseminated.
Schönbohm characterized the hack as "remarkable" in terms of the prominence of the victims, but played down the significance of the data.
Whether these explanations will be enough to take the heat off Seehofer personally remains to be seen. The spectacle of Germany's highest security organs breathlessly pursuing a 20-year-old, who by all accounts is no elite IT professional, for the better part of a week can hardly assuage public fears that the government's digital infrastructure isn't up to scratch.
The German government has repeatedly been targeted by hacks in recent years, and calls for Seehofer to resign over his handling of this and other issues are growing louder. The minister stressed that most victims had very little sensitive data stolen.
"The incident was certainly personally painful for those affected, but it doesn't reflect a new security situation," Seehofer said, adding that an "early warning system" and better public education would be important steps toward solving the problem.
Seehofer, Münch and Schönbohm all underscored the need for people, including politicians, to handle their data carefully and responsibly.
"We can promise to do everything we can, but we cannot promise absolute cybersecurity," Seehofer said, adding that he was "amazed" at the sort of inadequate passwords people used.
The data leaked in December included personal phone numbers and addresses, internal party documents and credit card details. It was published online via Twitter accounts.
On Tuesday, Deputy Interior Minister Stephan Mayer said government networks had not been breached in the attack.
"One bit of positive news is that government networks are apparently not affected by this or these hacker attacks," Mayer said. "But it's clear that we as the federal government ... must do more to improve cybersecurity."
The documents were published online in December in the form of an advent calendar with one post per day from the @_0rbit account, which appears to have gone unnoticed until the first week of January, when it was closed down. The account attracted 18,000 followers.