When top German officials had their emails and social media hacked and dumped, people wondered whether the attack was some kind of well-financed act of political extremism, given that the targets were so high-profile (even Chancellor Angela Merkel wasn't spared) and that politicians from the neofascist Alternative for Germany were passed over by the hacker.
Now, a politically unaffiliated, unemployed, 20-year-old male German citizen who lives with his parents in the state of Hesse has confessed. He may be tried as a minor, as Germany's youth court hears cases until the accused reach the age of 21.
Reportedly, the hacker exploited normal failings in security: weak passwords, no two-factor authentication, vulnerability to phishing attacks. Apparently, he did not use any sophisticated techniques.
Celebrities are just like us, so it’s likely that some of the people targeted used less-than-complicated passwords on their accounts and didn’t use two-factor authorization, which makes it more difficult for someone to break into online accounts. And once a hacker is in one email account or social network, it opens up a world of possibilities: He can use it to reset other accounts’ passwords or scrape contact lists. If the target reuses the same password across all their accounts, even better. Child’s play, really.
The idea that the federal police should hire the hacker, a proposition raised during the press conference, is laughable. By that measure, every jerk who doxxes someone on Reddit should be swimming in job offers.
20-year-old German hacker confesses in doxxing case [Grace Dobush/Handelsblatt]