Prolific Spanish Teen Hacking Suspect Arrested

Written by

Spanish police have arrested a 19-year-old who they claim represents a national security threat due to the magnitude of the cyber-attacks he has conducted.

An investigation into Jose Luis Huertas (aka “Alcasec”) began after he allegedly hacked the national council of the judiciary (CGPJ) and tax agency, and stole data on over half a million Spaniards.

The individual subsequently created a database filled with this information, including personal data and bank account numbers, for onward sale to cyber-criminals, according to the Spanish National Police (Policia Nacional).

Huertas is also accused of building a de facto search engine – dubbed “Udyat,” or the “Eye of Horus” – to sell large volumes of stolen data.

Read more on teenaged hackers: UK Teen Arrested on Computer Misuse Charges.

The teen even boasted in a YouTube video of having access to the personal data of 90% of Spaniards, according to the police. Although the figure may have been an exaggeration, the Policia National claimed that the volume of data stolen by Huertas was so significant that it made him a threat to national security.

Officers claimed that he led a life of luxury funded by this cyber-criminality, including going on expensive holidays, visiting high-end restaurants and wearing luxury brands.

Huertas allegedly laundered the proceeds of crime through cryptocurrency mixer services, although specialist investigators were still able to trace some of the funds.

When officers searched Huertas’s home and other premises, they seized a large volume of cash, documents, digital media, a motorcycle and a high-end vehicle.

Teenaged cyber-criminals are more common than one might suspect. Last year two British teenagers were charged with hacking offenses in relation to the infamous Lapsus$ extortion group. A teenager was also behind the much-publicized 2015 TalkTalk data breach.

Last year the UK’s National Crime Agency (NCA) claimed that children as young as nine have been able to launch DDoS attacks thanks to readily available online services.

What’s hot on Infosecurity Magazine?