Second man arrested in German government hacking scandal 'confesses'

News by Tom Reeve

A 20-year-old man arrested in connection with the release of personal details of nearly 1,000 politicians, celebrities and journalists in Germany has reportedly confessed to his involvement.

The German government has promised to enhance cyber-security by creating a ‘cyber defence centre plus’ as police announce the arrest of a second man in connection with the attacks.

The second suspect is a 20-year-old man from the region of Mittelhessen. The Federal Criminal Police Office (BKA) were holding him on suspicion of hacking and unauthorised publication of personal data.

UPDATE: German police have released the second suspect, saying that despite his confession there was no grounds to hold him. However, the investigation will continue and there may be charges later.

According to media reports, the second suspect has admitted to being involved in the attack. More details are expected to be announced this afternoon by interior minister Horst Seehofer and the BKA.

Yesterday German police arrested a 19-year-old who has only been identified as Jan S., an IT worker, in connection with the data breaches and publication of the personal data.

Police say they are investigating 50 to 60 serious cases out a total of around 1,000. More serious cases involve publication of photos, private chats and images of identity documents.

Meanwhile, the interior minister Stephan Mayer said a new cyber-defence centre plus will be up and running within a few months. It follows the publication of the personal data of 1,000 German politicians, celebrities and journalists last week by someone using the Twitter handle @_0rbit.

Mayer also promised that the government would introduce a second IT security law within a few months. Details of the new centre and proposed legislation will be presented to a special meeting of the Interior Committee on Thursday.

Politicians have been quick to criticise the Federal Office for Security in Information Technology (BSI) which admitted it had known about the data breach since early December but only informed the government and police last week.

The BSI has defended itself, saying that it was only responsible for defending government networks which were not breached in the attack which mostly targeted private services such as email and cloud storage.

The BSI says repeated warnings to politicians about the risk of data breaches has not been well heeded.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews