It looks like Russia turned out to be a red herring, after all.
German police have arrested a 20-year-old man in connection with a data breach that resulted in the publication of personal information about hundreds of lawmakers from Germany’s Parliament, the Bundestag. Germany’s federal criminal police, known as the BKA, said they searched the suspect’s home on Sunday, confiscating his computer and other personal materials. The young man has confessed to the crime, a prosecutor told the New York Times.
The security incident was widely publicized last week when the @_0rbit Twitter account began distributing phone numbers, home addresses and other data about public figures in Germany, including Chancellor Angela Merkel. Representatives from all parties in the Bundestag were affected, except for the far-right Alternative for Germany.
The political nature of the data dump, when considered with suspected Russian hackers’ persistent targeting of Germany’s political establishment, led some researchers and at least one German government agency to speculate that state-sponsored hackers were responsible.
Prosecutors in Frankfurt are scheduled to provide more information about the arrest in press conference Tuesday.
It was not immediately clear whether the arrest was linked to a police raid on the home of Jan Schürlein, a 19-year-old IT developer. Schürlein, in a series of tweets, said he had been in touch with @_0rbit and that he was cooperating with authorities as a witness in the case. The hacker claimed responsibility for the breach and said he intended to destroy his computer, Schürlein said.
“I gave the BKA information that clearly traced back to the perpetrator,” Schürlein said in one tweet Tuesday.
In another message, Schürlein said he asked @_0rbit why he leaked information about every party except AfD, a party that has echoed the language of white supremacists and has been accused of antisemitism. “Oh, they’re not that bad,” @_0rbirt said, according to Schürlein.
German ministers have said they are considering whether the country should tighten its data security laws amid revelations that lawmakers last month reported suspicious account activity to the proper authorities to no avail.
After the stolen information was made public, Germany’s security services sought help limiting the spread by asking for help from the U.S. National Security Agency and Ireland’s Data Protection Commissioner, as CyberScoop has reported.