Headquarters of Germany’s BSI national cyber-defence body
A student confessed to one of Germany’s biggest data breaches, police said on Tuesday, ending the mystery over who hacked Angela Merkel and other public figures but doing little to ease the embarrassment of cyber-security authorities.
Police did not name the 20-year-old but said he lives with his parents, is not a computer expert and had no previous conviction. Despite that, he managed to access and leak personal data and documents from about 1,000 people, including Chancellor Merkel, other politicians and journalists.
The student was detained after police searched a property in the central state of Hesse on Sunday evening. Investigators recovered a computer that the suspect had removed two days before the search, and a data backup.
He has been released and is cooperating with investigators.
“The accused admitted to having acted alone in data spying and the unauthorised publication of data,” the Federal Crime Office (BKA) said in a statement.
“The investigations have so far provided no indication of the participation of a third party.”
Suspicion had fallen on Russian hackers – blamed for previous German data breaches, though denied by the Kremlin.
There had also been speculation that the hack may have involved German far-right activists. Prosecutors declined to comment on any political sympathies the suspect may have but said no radical material had been found.
“The accused said his motivation had been irritation over public statements made by the politicians, journalists and public figures affected,” senior prosecutor Georg Ungefuk said.
Ungefuk told reporters the suspect, who faces a maximum of six years behind bars, was repentant and unaware of the full consequences of his actions. He said the student also helped authorities on other areas of interest of cybercrime.
The breach has prompted calls for tighter data security laws, especially after the BSI cyber defence agency said it was contacted by a lawmaker in early December about suspicious activity on private email and social media.
Shoring up security is considered particularly important by German officials given a threat by Steve Bannon, former chief strategist of US President Donald Trump, to use the May European Parliament elections to undermine the EU.
“I see a danger the European election can be manipulated – with fake news, with false statements. There are many ways you can influence an election,” Interior Minister Horst Seehofer Seehofer told Reuters after a news conference in Berlin.
Konstantin von Notz, a Greens lawmaker who was hacked, described the case as a “final warning shot” and called for urgent steps to improve IT security.
Seehofer said steps to do so were already underway, including creation of an early warning system. One important lesson was to raise awareness that there are more effective passwords than “iloveyou” and “12345.”
However, Sabine Vogt, who heads the federal police division for serious and organised crime, said it was up to individuals to secure their data.
“We don’t want a surveillance state based on the fact that something like this can happen here,” she told reporters.