A 20-year-old German man has confessed to being the culprit behind the massive leak of German politicians', journalists', and celebrities' personal data that shocked the country's political class last week.
Police raided the central Hesse house of the suspect, as he legally remains for now, on Friday. According to a statement issued Tuesday by federal prosecutors, the man "comprehensively acknowledged the allegations against him and provided information regarding his offenses".
The doxing took place over Twitter, in the form of an advent calendar, during the run-up to Christmas. It only attracted attention last week, though.
Included was a vast trove of financial details, phone numbers, photos, and communications belonging to politicians from almost every German political party, with the exception of the far-right opposition party, the Alternative for Germany (AfD).
Chancellor Angela Merkel was among the victims, as were lawmakers from state, national, and European parliaments.
The failure of the now-shuttered @—0rbit Twitter account to target AfD politicians led some to speculate that far-right sympathizers were to blame.
The magazine Der Spiegel reported that the Twitter account had followed very few other accounts, and the far-right hate site anonymousnews.ru was among them. The @—0rbit account itself apparently had around 18,000 followers before Twitter killed it.
Journalists from Bild also claimed to have identified, with the help of a couple of local hackers, the individual behind the doxing, and said he was a right-wing extremist.
There had also been some speculation that Russia was behind the attack. Russian hackers were indeed the main suspects in previous hacking attacks on the German parliament, and Russia is known to have supported the AfD in its rise to prominence.
According to Tuesday's statement from the Bundeskriminalamt (BKA, or Federal Criminal Police Office), the arrested man said he had acted alone, and was motivated out of "anger over public statements made by the politicians, journalists and public figures concerned".
The BKA explained that the leaked data was stored on hosting services, links to which were published through Twitter -- both through the @—0rbit account and through the hijacked account of a YouTube star.
Some of the data was private, some was already publicly available. The accused used a VPN in an attempt to hide his tracks while tweeting the links.
The suspect is not currently in custody. After his interrogation on Saturday, the BKA said he presented no flight risk and there were therefore no grounds on which to keep him locked up at this stage in proceedings.
SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)
However, the authorities seized his computers and storage devices and are searching them for evidence. They also now have access to his cloud data backup.
Der Spiegel reported that he had been caught thanks to "digital traces" as well as testimony from someone else. In their press conference on Tuesday, the authorities also confirmed a raid on the house of a 19-year-old German IT worker in Heilbronn, to the south of Hesse.
This raid apparently yielded "findings" that helped to identify the main suspect, and the teenager, identified as "Jan S", is now cooperating as a witness.
The doxing caused outrage among German politicians, particularly those from parties not in government, such as the Free Democrats and Left, because it swiftly emerged that the Federal Office for Information Security (BSI) had known about the leak since December.
The BSI said late last week that it had quietly informed individual members of parliament about the leaking of their data in December, when the agency found out about it. However, the BSI apparently did not inform party leaders. The Free Democrats and Greens have now launched legal proceedings against the hacker.
"One bit of positive news is that government networks are apparently not affected by this or these hacker attacks," Stephan Mayer, the parliamentary state secretary in the interior ministry, told Deutsche Welle.
"But it's clear that we as the federal government... must do more to improve cybersecurity."
Previous and related coverage
Hackers dump data of hundreds of German politicians on Twitter
Data for some German artists and YouTube celebrities also included.
German police hacking hit by volley of complaints: Can 'state trojan' law survive?
Germany's use of state-sponsored malware to fight crime is under fire from several sides.
Police get broad phone and computer hacking powers in Germany
The German parliament has waved through a massive expansion of police hacking powers.
Spies win right to keep monitoring all traffic at world's biggest internet hub
Vital internet hub, De-Cix in Frankfurt, has lost its fight against German intelligence services' mass surveillance.
No, we're not trying to get backdoors in smart homes, cars, says Germany
The German government is trying to quell outrage over reported smart-home and car-bugging proposals.
Russians suspected of new German attack may 'have been inside system for a year'
German intelligence services and federal specialists are investigating "an IT security incident".
Can Russian hackers be stopped? Here's why it might take 20 years TechRepublic
Deterring hackers is almost impossible when the rewards are so great and the risks are so low. Can anything stop them?
Russian hackers accessed US electric utilities' control rooms CNET
Hackers could have caused blackouts, federal officials tell the Wall Street Journal.