Alcasec

There are cybersecurity cases that seem distant until they force us to look inward. We are not talking about a large foreign technology company or a gap lost in some remote corner of the Internet, but rather about banking data of citizens in Spain, access linked to public infrastructure and a chain that, according to the Prosecutor’s Office, ended with hundreds of thousands of records entered into a portal for sale. What we have seen with Alcasec It matters not only because of the name itself, but because of what it reveals: personal information has become a very valuable commodity. The agreement. This part of the case has been settled in the National Court with an agreement between the accused and the Prosecutor’s Office. According to EFEJosé Luis Huertas, alias Alcasec, has accepted a sentence of two years and seven months in prison for the crimes of illegal access to computer systems and discovery and disclosure of secrets. The Prosecutor’s Office initially requested three years, but applied the mitigating circumstance of confession. Along with him, Daniel BE and Juan Carlos OG, thus identified in the judicial information, have also accepted a sentence: two years and two months for the first as a cooperator and one year and three months for the second for discovery of secrets. The access. The indictment describes an entry built in layers, not a simple stroke of luck. On October 19, 2021, Alcasec contracted two massive data storage systems with Cherry Servers, a company based in Lithuania, using an email account created when he was a minor to hide his identity. Later, Daniel BE, whom the Prosecutor’s Office links to Russian forums specialized in the unauthorized sale of passwords, provided him with a stolen digital certificate issued to the General Directorate of Traffic. With that certificate, always according to the accusation, he managed to navigate the SARA network, connect to the CGPJ Judicial Neutral Point website and obtain the credentials of an official from a Bilbao court. The impersonation. The next step, always according to the Prosecutor’s Office, was to convert that first access into a way to obtain more credentials. Alcasec and Daniel BE created a page that pretended to be the access website to the Judicial Neutral Point, and the former sent a text chain to different courts that redirected to that false page. Two officials mistakenly entered their passwords, which allowed the scope of the attack to expand. The mechanics are important because they show that the intrusion did not depend only on a technical vulnerability, but also on deception of real users. The scale. With these credentials, according to the indictment, Alcasec made 438,099 requests to the Tax Agency’s “extended bank accounts” web service and shortly after carried out a second attack. The data is not minor: we are not talking about an isolated query, but rather a massive volume of queries to sensitive information through a system connected to the Administration. For the sale of data, some of relevant people, the portal was available. The reduction. The accepted sentence does not come out of nowhere, but from an agreement in accordance with the Prosecutor’s Office. As we noted above, the initial request was for three years in prison, but it was reduced to two years and seven months when the mitigating circumstance of confession for the recognized crimes was applied. The prosecutor also valued the collaboration of the accused during the investigation, particularly in providing their codes and passwords. In addition, they accepted the confiscation of the effects and the physical and virtual money seized in the searches carried out in Madrid, Cartagena and Dos Hermanas. Another investigation. There is an important nuance to not mix planes. Alcasec has been in provisional prison for a year for a different reason, related to a network of cyberattacks that seized sensitive and private data of millions of citizens and that he allegedly led. In that investigation he was arrested along with former Secretary of State for Security Francisco Martínez, currently on trial for Operation Kitchen. The reading. What this case leaves behind is not only an accepted conviction, but a fairly clear photograph of where part of cybercrime has moved. We are no longer just talking about entering a system, but about chaining access, taking advantage of real credentials, consulting sensitive services and preparing information for sale. Images | Capture YouTube In Xataka | We have spoken with one of the leading cybersecurity companies in Spain. And his diagnosis is not encouraging