Spain Arrests Hacker 'Alcasec' Who Leaked Government Data – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

Spain Arrests Hacker Who Leaked Government Data

The Spanish National Police have captured a young hacker known as "Alcasec" in a raid in Madrid. He is accused of stealing and publishing personal data of personnel from key state institutions, including the National Cybersecurity Institute (INCIBE) and various ministries. The incident highlights the fragility of state digital infrastructure and the devastating impact of unified cyberattacks.

The handcuffed hands of a hacker over a keyboard, arrested by the Spanish cybercrime police unit.

What Happened

Tensions were high in Madrid this morning. A joint operation, which had been underway for months by the Spanish National Police's Cybercrime Center and the National Cryptologic Center (CCN-CERT), finally came to a head. The target: a young hacker known in cyberspace as "Alcasec," who had become a digital nightmare for the Spanish state. According to the police statement, this individual was single-handedly responsible for obtaining and exposing the personal and financial data of employees from some of the state's most sensitive institutions on the dark corners of the internet. During the arrest, searches yielded a considerable amount of cash, hardware wallets for storing cryptocurrency, luxury vehicles, and a significant amount of computer equipment and storage devices believed to have been used in the attacks. This wasn't just a simple arrest; it was a victory achieved after months of complex cyber-investigation, tracking the digital footprints of a cybercriminal, following cryptocurrency transactions, and conducting extensive technical analysis.

The name "Alcasec" had been whispered in the Spanish cybersecurity community for some time. He had previously made a name for himself through various data leaks and digital platforms. However, his latest act, targeting the heart of the state directly, was the final straw. The attack dates back to October 2022. An anomaly was detected in the systems of the General Council of the Judiciary at that time, but the full extent of the damage and who had obtained the data remained uncertain for a long time. That is, until November 2022, when a massive data package belonging to Spanish government employees appeared on a hacker forum, either for sale or freely available. From that moment on, finding the perpetrator behind this leak became a national priority.

The Data That Was Compromised

So, how bad was this leak? To put it simply, it was a disaster. The data that the attacker obtained and later published online went far beyond a simple list of users. It was a complete kit for stealing a person's digital and real-world identity.

Has your email been leaked? Check for free — results in seconds.

Check Now →
  • Identity Information: Full names and national identity numbers (DNI). This information is the starting point for any fraudulent activity.
  • Contact Information: Personal and corporate email addresses, mobile phone numbers. This opens the door wide for targeted phishing attacks, voice phishing (vishing), and even harassment.
  • Financial Information: Most alarmingly, the leaked data also included employees' bank account numbers (IBANs). This information can be used for direct financial fraud attempts.

Now, just imagine. What can a criminal do with the name, ID number, phone number, and bank account of a judge, a police officer, or a cybersecurity analyst? They could apply for loans in their name, try to impersonate them when calling their banks, target their families, or use this information to blackmail them. This is not just a data breach; it is a direct threat to the personal safety of national security personnel. The publication of the data on public forums means that this information has likely been copied and is being used not just by "Alcasec," but by other criminals around the world.

How the Attack Unfolded

The details of this cyber operation might sound like something out of a spy movie, but it actually exploited one of the most fundamental vulnerabilities in cybersecurity: the abuse of trust. The attacker targeted a digital backbone that connects different Spanish government agencies. Here's a step-by-step breakdown:

Step 1: The Initial Breach. It all started with the theft of login credentials (username and password) belonging to one or more users of the General Council of the Judiciary (CGPJ). While it's not specified exactly how these credentials were stolen, such incidents usually occur through phishing attacks or as a result of an employee reusing a password that was exposed in a data breach on another platform.

Step 2: Accessing the Key Hub. With these stolen credentials, the attacker logged into a system called the "Red Neutra Judicial" (Neutral Judicial Network). You can think of this network as a secure tunnel connecting judicial bodies to other government departments (like the tax agency, police force, etc.). Normally, this network is designed for legal and rapid data exchange between institutions. For the attacker, however, this network became a secret passage inside the castle walls.

Step 3: Lateral Movement. This is the most critical phase of the attack. Once inside the judicial network, the attacker didn't stop. Using the privileges available within the network, he acted like a legitimate user and jumped to another institution: the database of the Spanish Tax Agency (Agencia Tributaria). In cybersecurity jargon, this is called "lateral movement." It's like getting into one room of a building and finding that the key for that room opens all the other doors on the floor. This indicates a lack of proper network segmentation. The fact that a user from one institution could so easily access the data of another points to a serious architectural flaw.

Step 4: Data Exfiltration. After gaining access to the Tax Agency's systems, the rest was easy for the attacker. He systematically copied thousands of records he identified as belonging to government employees and transferred them to servers under his control. He then completed his attack by publishing this data on the internet.

Who Was Affected

The list of affected institutions shows just how deeply the Spanish state was hit. Each name on this list carries a symbolic weight.

  • National Cybersecurity Institute (INCIBE): The very agency in charge of the country's cyber defense. Having its own employees' data leaked is both a major reputational blow and means the country's top cybersecurity experts are now direct targets.
  • Ministry of the Interior and National Police: The institutions responsible for national security and public order. The exposure of their personnel's personal information could make them and their families targets for criminal organizations, terrorist groups, or individuals seeking revenge.
  • General Council of the Judiciary (CGPJ): One of the highest bodies in the judicial system. Leaking the information of judges and judicial staff could lead to attempts to influence ongoing cases or pressure members of the judiciary.
  • The Tax Agency: An institution that holds the financial information of almost all of the country's citizens. Although only government employee data was targeted in this attack, the mere fact that the attacker gained access to this database shows that a much larger catastrophe was narrowly avoided.

What You Can Do

After news like this, cliché advice like "change your password" becomes meaningless. The problem runs much deeper. Here are some realistic steps specific to this incident:

If you are an affected government employee: Understand that your data is already out and circulating on the internet. Instead of panicking, focus on damage control. First, contact your bank and have a special fraud alert placed on your account. Consider subscribing to a service that monitors your credit score and any applications made in your name. From now on, approach every email and phone call you receive with a paranoid level of skepticism. Scammers will try to win your trust by quoting your name, ID number, and even your IBAN because they have this information. Do not believe them. Hang up and always call the institution back yourself, using an official number you know to be legitimate.

The lesson for everyone else: This incident is a vivid example of how a single weak link (a stolen password) can break an entire chain (a network of government agencies). Don't forget this principle in your own life and work. Never use the password you use for your work email on your personal accounts, social media, or e-commerce sites. For organizations, the biggest lesson is network segmentation. Firewalls must be built between departments to prevent a fire in one area from engulfing the entire building. This attack has painfully proven how vital these digital walls are.

What the Authorities Are Saying

In a statement on behalf of the Spanish National Police, the complexity of the operation and the importance of inter-agency cooperation were emphasized. An official from the Cybercrime Center stated, "This was not a simple hacking operation. The suspect used sophisticated methods to conceal his identity and conducted his transactions through cryptocurrencies. However, no one is completely invisible in the digital world. After months of meticulous tracking, digital forensics, and financial analysis, we were able to identify and locate the suspect. This arrest is a testament to Spain's determination and technical capability in fighting cybercrime. Those who target our state institutions will, sooner or later, face justice."

Source

https://www.bleepingcomputer.com/news/security/spain-arrests-doxer-leaking-sensitive-data-of-govt-employees/

Share This Article
X LinkedIn WhatsApp
← Previous Post AngelSense Leak Exposes Most Vulnerable to Extreme Risk Next Post → National PTA Database Reportedly Leaked on Dark Web

Weekly Newsletter

Curated data breach news delivered to your inbox every week.