German data theft: the suspect confesses to Hesse


A picture of a screen shows the tweets of the Twitter @ _0rbit user in German, mentioning the SPD political partyCopyright of the image


The user @ _0rbit tweeted new information every day in December

A 20-year-old man confessed in a "global" manner that he was at the origin of a data breach affecting hundreds of prominent Germans, police said.

Calling himself "G0d", he published private information about politicians, journalists and celebrities on Twitter, under the name of user @ _0rbit.

The investigators said that the man was still in school and lived with his parents.

The suspect stated that he acted alone and was upset by the statements of the personalities he had attacked.

About 1,000 people were affected, including German Chancellor Angela Merkel.

Politicians from all major political parties, with the exception of the far-right AfD, were targeted, but investigators said they had not yet found evidence of the suspect's political tendencies.

What do we know about the suspect?

The German Federal Criminal Police (BKA) stated that information published online included phone numbers, addresses, credit card data, photographs and private communications.

The investigators said that the German citizen they arrested had cooperated and had led them to prove that they might not have been found without help. The police are also investigating the computer equipment seized.

In a statement, the BKA declared that he had been arrested on Sunday after a search of his home in the state of Hesse. He is accused of spying and unauthorized publishing of data.

His provisional arrest was lifted Monday night. He was released "for lack of detention", the police said. They took into account both his age and his cooperation.

The @ _0rbit Twitter account has been suspended since it has attracted public attention at the end of last week. Before that, he published the information disclosed in an "Advent Calendar Event" every day of December.

His biography has been described as being involved in "security research".

Who was targeted in the breach?

Out of nearly 1,000 politicians, celebrities and journalists affected by the leak, about 50 attacks were "more serious", involving private correspondence or photos, officials said.

Copyright of the image
Getty / Reuters


Angela Merkel, Green Party leader Robert Habeck and television satirist Jan Böhmermann have all been targeted.

Among those affected:

  • Chancellor Angela Merkel: Her e-mail address and several letters from the Chancellor seem to have been published
  • The main parliamentary groups, including the center-left and center-left ruling parties, as well as The Greensleft wing Die Linke and FDP. Only the AfD seems to have escaped
  • The head of the Greens, Robert Habeck, who had private discussions with family members and credit card details published online
  • Journalists of public broadcasters ARD and ZDF as well as television satirist Jan Böhmermannrapper Marteria and rap group K.I.Z, reports say
  • Another TV satirist, Christian Ehring, It is said that 3.4 gigabytes of data were stolen and posted online, including holiday photos. Last year, he had won a lawsuit brought by Alice Weidel, leader of the AfD, who had complained of calling her "slut" in her TV show.
  • Florian Post, SPD MP, center-left said he felt "pretty shocked" by the leak of account statements and other details online, but he added that at least one file posted had been a fake.
  • The fallout created a widespread political alarm. Robert Habeck, leader of the Greens, removed his Twitter and Facebook accounts on Monday after being hit by the data breach.

    German Interior Minister Horst Seehofer said at a press conference on Tuesday that he would introduce new data protection legislation in the next six months.

    How did the data breach occur?

    The suspect told the police that he had acted alone.

    The investigators, quoted by the DPA, said the 20-year-old had acquired the skills needed to use the online resources and that he had no computer training.

    Private information appears to have been acquired over a significant period of time in 2018 as part of what the authorities have described as "sophisticated" operation and has been added to publicly available information.

    He "exploited several vulnerabilities," investigators said, adding that several security vulnerabilities had been corrected since.

    The head of the BKA, Holger Munch, said at a press conference that the suspect "had access to various accounts, obviously using piracy methods", but that access to these accounts had now been deleted.

    It also appeared that German officials had been aware of at least one attack last year, but thought it was an isolated case.

    Copyright of the image


    The German Federal Office for Information Security has revealed that it was aware of a breach in early December

    On Saturday, the BSI computer security agency said that a member of the German parliament had reported suspicious activity on his courier account in early December.

    In a statement, the agency said it was linked to @ _0rbit leaks only when the existence of this account was known last week.

    German officials also said that there was no evidence suggesting that government systems had been compromised.

    Nevertheless, the scandal has sparked calls for action to improve cybersecurity practices.