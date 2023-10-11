At the end of June 2019, part of the civil servants of the Roquetas de Mar City Council (Almería, 102,881 inhabitants) had a surprise. Some colleagues had received their salaries but they had not. The figures, furthermore, did not correspond to those of other months. The alert led a councilor to observe a suspicious operation in the municipal computer system: a hacker He had stolen up to 700,000 euros from the council and directed them to an account in Germany. Four years later, the Civil Guard has arrested the person responsible for that cyberattack in Poland. He is a North American citizen who is an expert in computer science, has no presence on social networks and lives between the United Kingdom and Latvia, who was also wanted by the FBI and Scotland Yard. A forgotten mobile charger in a hotel in Florence (Italy) in 2021 was key to his identification.

The story begins two years before that mistake in Tuscany. The hacker had accessed the Roquetas de Mar City Council server at the beginning of 2019. Once inside, he located and monitored the workers’ payroll payment files, which included the identification data of all of them and the bank accounts associated with them. each. He then introduced a malware —computer program designed to infiltrate a device with bad intentions— and altered the data of the account numbers of the officials where the deposits were to be made to replace them with one of their own in a German financial institution. To avoid raising too much suspicion, the changes were random: only two out of five employees were affected. Thus, some continued to collect their salaries regularly and others, around 200, did not. When they brought it to the attention of those responsible, the alarms went off and the Councilor for Public Services, Mobility and Digital Transformation, Francisco Gutiérrez, then found a suspicious movement. So much so that the hacker It had been obtained with 700,000 euros from municipal funds. And he had erased all traces of him, which police sources attribute to a great knowledge of what he was up to.

The Roquetas City Council immediately reported the theft to the Civil Guard and the National Intelligence Center (CNI). The agents of the Technological Investigation Team of the Judicial Police of the Armed Institute in Almería then began the investigation at full speed. They were aware, according to detailed sources familiar with the investigations, that speed was the only way not only to identify the criminal, but also to ensure that the money did not disappear permanently. And they did it. In collaboration with the German security forces, financial institutions and the diplomatic efforts of the Government, the stolen amount was blocked and later returned.

A forgotten mobile charger

Catching the thief was more complex: he always connected to public Wi-Fi connections to access the account where he received the money from his frauds. This was in the name of a shell company registered in Gibraltar and based in the United Kingdom. All of these were obstacles that made it difficult to locate him, until two years later, in mid-2021, he made a mistake. The now detained man accessed the account in which he had momentarily received the 700,000 euros through the router from a hotel establishment where he had stayed in Florence. She manipulated the device so as not to be identified, but left a cell phone charger in the room.

That detail allowed the agents to obtain the identification of the suspect, because it allowed them to locate the router manipulated and through him they definitively knew who he was. Upon learning his name, they verified that the criminal was also wanted by international police agencies such as the FBI in the United States or Scotland Yard, in the United Kingdom, for similar criminal acts. No one had found him because he was “very meticulous and cautious,” according to sources in the case. He also never showed himself on social networks.

What affects the most is what happens closest. So you don’t miss anything, subscribe. Subscribe

The Civil Guard established a monitoring device from that moment and, finally, they managed to locate him in Krakow (Poland). And there he was detained and Spain then demanded his extradition to be brought to justice, where the arrestee was ordered to be placed in provisional prison. The case is in the hands of the Court of First Instance and Instruction Number 1 of Roquetas de Mar, which promoted the investigation in collaboration with the computer crimes section of the provincial prosecutor’s office of Almería, which among other procedures promoted the International Arrest Warrant. Various police forces from the United Kingdom, France, Italy and Germany have also participated in the operation, called D52.