Everything leaves its mark on the Internet. And that was fatal for José Luis Huertas, aka Alcasec, a barely 19-year-old Madrid hacker who lived in high gear thanks to the illegal businesses he allegedly built on the internet: he sold confidential data he had stolen in complex cyber attacks , such as that against the General Council of the Judiciary (CGPJ) last October, which allowed him to reach the tax authority and obtain information from 575,186 taxpayers. Some maneuvers that the young man confessed to the National Court this Monday. Already surrounded by the police, who laid on the table the numerous pieces of evidence collected: like the trace of two nicknames that he used To and that he now betrayed: chimichurri and mango.
More information
Until last Friday he managed to apprehend Alcasec with “extensive experience” in the world of cybercrime despite his young age, investigators spent months reconstructing the path the young man took to commit his misdeeds. This is made clear by judge José Luis Calama, instructor of the investigation into the attack on the CGPJ, who sent him to a temporary prison sentence at the request of prosecutor Ana Noé. Like the public indictment, the judge considered the huge risk he would escape if left free – “he holds significant amounts of cryptocurrencies that would allow him to have sufficient liquidity to move anywhere in the world.” to stop and avoid the action Spanish Justice”, explains Calama—; or destroy evidence; or keep committing more crimes.
The researchers’ analyzes revealed, for example, that the young man from Madrid is behind the virtual user Mango, who appears on the digital platform usms as a “seller” of the information obtained through the cyber attack on the judiciary — using a database called “DB 12 Fucking Crazy Bank”, English translation of “DB 12 Puto Banco Loco”—. An alias that Huertas also used in a Telegram application channel he managed, according to the Calama Resolution, where he shared personal documents of himself, such as B. A provisional driver’s license, a qualification report issued by the González Cañadas Study Center or a credit card.
National Police agents caught José Luis Huertas, aka “Alcasec”, after his arrest on March 31.
Another name Alcasec used was Chimichurri, according to evidence collected by the agents of the investigated computer servers from which the CGPJ was attacked and information extracted. With this in mind, Instructor Calama describes how the Gajim instant messaging application was installed on one of these servers, configured with the username “chimichurri”. “It has been provisionally proven that the user of Chimichurri is José Luis Huertas, who uses this application to conduct all kinds of conversations related to his criminal activities,” the judge points out.
What affects most is what happens closer. Subscribe so you don’t miss anything.
subscribe to
To solve the mystery, the agents also found the Udyat tool, named after the Egyptian symbol “The Eye of Horus”, hosted on a server. According to the researchers, “this computer architecture” is an “on-demand advisory service for illegally obtained data”. In an interview on a YouTube channel, Club 113, which Alcasec attended while wearing a mask, he stated that he was behind Udyat and had “saved data from 90% of Spaniards”.
Cryptocurrency Transfer
Police, working with the (CNI-dependent) National Cryptological Center, have been tracking the cryptocurrencies used to contract the servers storing the stolen information. Agents confirmed that $543,514 worth of bitcoins were transferred from two wallets used to pay for these services to another wallet controlled by the young man.
The National Police, which classifies Huertas as a “dangerous computer criminal,” emphasizes that Alcasec has created a database that functions as “a service to query and sell illegal information.” According to the agents, his only goal was to “market” all of this for his financial gain: he took expensive trips, wore exclusive brands, visited fashion stores, drove expensive cars… “He wasn’t Robin Hood,” police sources add. The investigations are still open.
Subscribe to continue reading
Read without limits