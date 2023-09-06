José Luis Huertas, alias ‘Alcasec’, during a speech on the YouTube channel ‘Club 113’.

The National Court highlights the existing difficulties that are faced to stop the “dissemination” of computer data stolen during the cyberattack perpetrated in October 2022 against the Punto Neutro Judicial (PNJ), the communications network that connects judicial bodies with other institutions of the State, such as the Tax Administration. Despite the intense investigation carried out since the hack and to the arrest of three presumed implicated, the court emphasizes that the “amount” of stolen material (as well as its subsequent illegal sale to third parties) has caused a “dissemination impossible to stop at present”, according to an order of the Chamber of Criminal Matters on July 27, which also confirms the provisional detention of Juan Carlos Ortega, whom Judge José Luis Calama has defined as the “biggest buyer” of data obtained through this hacking operation.

The PNJ, managed from the General Council of the Judiciary (CGPJ), suffered a coordinated attack between October 18 and 20. The hackers They used the Neutral Point as the door to access sensitive information of thousands of Spaniards: they seized, for example, Treasury records of more than half a million taxpayers, with the aim of selling them. As the summary reveals, the criminal operation consisted of several phases: the pirates studied the operation of the NPC; they developed templates to simulate the web before its regular users; campaigns of phishing (sending messages that impersonate identity) to obtain the passwords of officials; and, after gaining access with stolen credentials, they deployed a process to run massive data queries and extract them automatically.

All the stolen material was transferred to two servers hosted in Lithuania and then, according to judge Calama, they were sold to third parties through the uSms platform with payments in cryptocurrencies. Obviously, as more people have access to information, it becomes more difficult to stop its dissemination.

After detecting the cyberattack, the National Court opened an investigation, which remained secret for months. The National Police described the investigations as Pousada operation and already accumulates three detainees. The first to fall was José Luis Huertas, alias Alcaseca young man hacker barely 19 years old, considered the mastermind of the NPC hack. Alcasec himself, arrested last March in Madrid and released in May after collaborating with justice, confessed to the facts.

Daniel Baíllo, 29, was the second arrested. Baíllo, captured in Cartagena (Murcia) used the nickname of Kermit (original name of the doll known in Spain as Kermit the Frog and in Latin America as Kermit the Frog). According to the investigators, he cooperated with Alcasec and “dealt with the illicit obtaining of various user credentials to carry out the cyberattacks.” He also managed a digital identity used to purchase stolen data. The National Police defines Baíllo as a regular hacker in “very select cybercrime forums”, where he enjoyed a “high reputation”; In addition to being “an expert in anonymization, operational security measures, communications encryption and multi-identity.”

The third piece of the puzzle fell into place on July 11, when the agents arrested Juan Carlos Ortega, alias lonastrump. At 25 years old and with two children, Judge José Luis Calama considers him the “biggest buyer” of data stolen in the cyberattack on the Judiciary, which he later used to commit computer scams. In the order that decrees his entry into pretrial detention, the magistrate specifies that he acquired 30 packages containing 15,284 records with personal and banking information of more than a thousand Spanish taxpayers. At least 20 of them filed a complaint with the Police after detecting that they had been defrauded of more than 100,000 euros. The Police also seized Lonastrump with a shotgun with overlapping barrels, a pistol and a submachine gun.

In its order of July 27, to which EL PAÍS had access, the Criminal Chamber confirms Ortega’s provisional imprisonment, considering that there is a high risk of flight and criminal reiteration. “The existence of sufficient rational evidence of the appellant’s participation in each of the criminal acts indicated is deduced,” insists the court.