German police said Tuesday they arrested a 20-year-old suspect in the case of private data stolen from hundreds of politicians, including Chancellor Angela Merkel, and published online.
“The prosecutor’s office in Frankfurt, the Central Office for Fighting Internet and Computer Crime and the Federal Police Office (BKA) searched the apartment of a 20-year-old suspect on January 6 and took him into custody,” the BKA said in a statement.
Media reports said the suspect, who was detained in the western state of Hesse, had confessed to authorities and was believed to have acted alone. The BKA declined to comment.
It announced a press conference at midday to give further details on the probe into the remarkable breach of cybersecurity, which has piled political pressure on the government.
The information, which comprised home addresses, mobile phone numbers, letters, invoices and copies of identity documents, was first released via Twitter in December but its spread gathered pace last week.
Among the estimated 1,000 people affected were members of the Bundestag lower house of parliament and the European Parliament as well as regional and local assemblies.
Deputies from all parties represented in the Bundestag were targeted with the exception of the far-right Alternative for Germany (AfD), the largest opposition group in parliament.
News weekly Der Spiegel reported that police had tracked down the suspect based on witness accounts and “digital evidence” left online. They said he had destroyed his computer by the time they raided his home.
– ‘Attack on democracy’ –
Although the leak was sweeping, there is no evidence that sensitive information reached the public, investigators and the interior ministry have said.
In the vast majority of cases, only basic contact information was made available.
The leak has nevertheless been deeply embarrassing for the political class, exposing a naive and sometimes reckless use of computer networks, and turned up the heat on the unpopular interior minister, Horst Seehofer.
Critics said the ministry and relevant authorities were slow in informing affected politicians of the leak and moving to stop it. IT experts said it was only by luck that the data theft had not been far more damaging.
Seehofer is due to speak to reporters in the afternoon.
Beyond politicians, the leak also exposed the private data of celebrities and journalists, including chats and voicemail messages from spouses and children of those targeted.
The information derived both from social media and private “cloud” data.
The Twitter account @_0rbit published the links last month, along the lines of an advent calendar with each link to new information hidden behind a “door”.
The account, which calls itself G0d and has now been suspended by Twitter, was opened in mid-2017 and purportedly has more than 18,000 followers.
It described its activities as “security researching”, “artist” and “satire and irony” and said it was based in Hamburg.
Justice Minister Katarina Barley, who last week had called the data dump an attack on “our democracy and its institutions”, called on internet service providers and social networks “to shut down accounts as soon as they have been hacked”.
She told the daily Rheinische Post that her ministry was examining what legal action it could take to press firms into more decisive measures against cyberattacks.
And she called for an EU seal of approval for best practice in IT security.