German data theft: Suspect confesses in Hesse

EPA A photograph of a screen shows tweets by twitter user @_0rbit in German, mentioning the SPD political partyEPA
User @_0rbit tweeted new information every day in December

A 20-year-old man has made a "comprehensive" confession that he was behind a data breach affecting hundreds of high-profile Germans, police say.

Styling himself "G0d", he published private information about politicians, journalists, and celebrities on Twitter, under the username @_0rbit.

Investigators said the man was still in education and living with his parents.

The suspect said he acted alone and out of annoyance at statements made by the public figures he attacked.

About 1,000 people were affected, including German Chancellor Angela Merkel.

Politicians from every major political party except for the far-right AfD were targeted, although investigators said they had yet to find evidence of the suspect's political inclinations.

What do we know about the suspect?

Germany's federal criminal police (BKA) said the information published online included telephone numbers, addresses, credit card data, photographs, and private communications.

Investigators said the German citizen they arrested had co-operated and led them to evidence they may not have found without help. Police are also still investigating seized computer hardware.

In a statement, the BKA said he was detained after a search of his home in the state of Hesse on Sunday. He is accused of spying and the unauthorised publication of data.

His provisional arrest, however, was lifted on Monday evening. He was released "due to a lack of grounds for detention", police said. They took into account both his age and his co-operation.

The @_0rbit Twitter account has been suspended since coming to widespread attention late last week. Before then, it published the leaked information in an "advent calendar event" each day in December.

Its biography had described itself as involved in "security research".

Who was targeted in the breach?

Of the almost 1,000 politicians, celebrities and journalists affected by the leak, some 50 attacks were "more serious", involving private correspondence or photos, officials said.

Getty/Reuters Angela Merkel, Greens leader Robert Habeck and TV satirist Jan Böhmermann have all been targeted by the hackGetty/Reuters
Angela Merkel, Greens leader Robert Habeck and TV satirist Jan Böhmermann have all been targeted by the attack

Among those affected were:

  • Chancellor Angela Merkel: her email address and several letters to and from the chancellor appear to have been published
  • The main parliamentary groups including the ruling centre-right and centre-left parties, as well as The Greens, left-wing Die Linke and FDP. Only AfD appears to have escaped
  • Greens leader Robert Habeck, who had private chats with family members and credit card details posted online
  • Journalists from public broadcasters ARD and ZDF as well as TV satirist Jan Böhmermann, rapper Marteria and rap group K.I.Z, reports say
  • Another TV satirist, Christian Ehring, is said to have had 3.4 gigabytes of data stolen and posted online, including holiday photos. Last year he won a court case brought by AfD leader Alice Weidel, who complained when he called her a "slut" on his TV show.
  • Centre-left SPD MP Florian Post said he felt "quite shocked" by the leak of account statements and other details online, but he added that at least one file that had been posted was fake.

The fallout has created widespread alarm politically. Robert Habeck, leader of the Greens, deleted both his Twitter and Facebook accounts on Monday after being affected by the data breach.

German Interior Minister Horst Seehofer, speaking at a press conference on Tuesday, said he would introduce new data protection legislation in the next six months.

How did the data breach happen?

The suspect has told police he acted alone.

Investigators, quoted by DPA, said the 20-year-old had taught himself the skills he needed using online resources, and had no training in computer science.

The private information seems to have been acquired over a substantial period of time in 2018 in what officials called a "sophisticated" operation, and added to publicly available information.

He "exploited several vulnerabilities", investigators said, adding that several such security gaps have since been fixed.

BKA chief Holger Munch told a news conference that the suspect "gained access to various accounts, obviously using hacking methods" - but that access to those accounts had now been taken away.

It has also emerged that German officials knew of at least one attack last year, but thought it was an isolated case.

EPA A sign in German, bearing the colours of the German flag and the federal symbol, stands before a large white buildingEPA
The German Federal office for Information Security revealed it learned of one breach in early December

On Saturday the BSI information security agency said that a member of the German parliament had reported suspicious activity on their email account in early December.

In a statement, the agency said it was linked to the @_0rbit leaks only when the account's existence became known last week.

German officials also said there was no evidence to suggest that government systems had been compromised.

Nonetheless, the scandal has prompted calls for action to improve cyber-security practices.