A resentful ex-worker was the author of the attack on the web of More Madrid, as CASO ABIERTO has learned, the Iberian Press Investigation and Events channel.
After seven months of investigation, the National Police has managed to identify the hacker who on April 1, just a month before the elections to the Madrid Assembly, assaulted the server, entered the section of donations and microcredits and changed the account numbers to which the supporters of the formation led by Íñigo Errejón and Mónica García they could send money to finance the electoral campaign. Instead, he entered the number of another bank account belonging to We can, where all the contributions went while the page was altered.
The 23-year-old man was arrested by the police on September 23 and is being investigated by the investigating court 4 of Madrid for a crime of computer damage. He worked as an administrator and in charge of the Más Madrid website for one year and four months. In fact, he was the person who developed the page and the only computer scientist the party had until in August 2020 he “lost confidence” in him and, “after several disagreements due to their way of working“He fired him, according to sources from Más Madrid confirmed to this medium.
6,950 euros from 45 supporters
Researchers have found that eight months after breaking that employment relationship, the young man used your username and password to access the page and divert the money that 45 subscribers they transferred to the party last Holy Thursday night. Total, 6.950 euros that ended up in Podemos. Fortunately, the day after the attack, both Más Madrid and the party led by Pablo Iglesias at that time detected the anomaly, returned the donations and reported what had happened to the Data Protection Agency and the police.
Investigations by the Computer Crimes Group of the Provincial National Police Brigade focused almost from the beginning on the environment of Más Madrid employees and volunteers, after they discovered that the attack had occurred “with credentials”, that is, whoever attacked the web “logged in” (identified) without errors on the page, which indicates that “the author knew the password”.
Red Tor and Deep web
As CASO ABIERTO has now learned, those responsible for Más Madrid have already pointed to this former employee in their complaint, which El Periódico de Catalunya unveiled on April 14. Just a few days after what happened, they shared with the agents their suspicions that the man could have hacked their website in retaliation for his dismissal after a “internal dispute” with the party.
They even hired an expert cybersecurity company to come up with an expert opinion and confirmed who the hacker was, but his analysts concluded that it was “impossible” to know where the attack came from, according to sources from Más Madrid to this medium.
Before attacking the page, the man had taken certain security precautions to avoid being found: he used two systems of the Deep web (deep Internet), a virtual private network (Proton VPN) and the Tor network, for mask the IP address of your computer and simulate that the hacking of the web had been carried out from the server of a computer located in another country, on the other side of the world.
“Depression” and “unfair dismissal”
However, the agents of the XXV group of Computer Security have managed to identify him. After his arrest, whoever was the head of the Más Madrid website acknowledged that their relationship had ended badly after he was fired and said that as a result of that suffered a “depression”, although he clarified that the formation had recognized that his dismissal was inadmissible and compensated him.
The investigated, who is currently at large and works in a marketing and advertising company, He denied being the author of the hack. He explained that he worked at Más Madrid between April 2019 and August 2020 as IT manager and page administrator, but that I was not the only one who performed these tasksAlthough he was the only person hired by the party, the rest were volunteers.
“I don’t know the key”
He pointed to some of his former co-workers during his statement, warning that the web postings were made by “the press group.”
The young man added that to perform maintenance tasks on the services of the page, it was used a generic username and password, who were known by the “vast majority” of workers and insisted that he had not been able to commit the computer attack because, before being fired, the party had modified the password that he knew and the new credentials had not been communicated to him.
I had deleted information
The evidence that the police have found on the computer of the former Más Madrid employee cast doubt on his version. When the judge handling the case authorized the analysis of the man’s laptop, agents discovered that had erased much of the information that it could incriminate him, but the computer experts of the police managed to recover it, after arduous efforts.
The young man investigated had installed on your computer the two encryption systems With which the assault on the Más Madrid website took place: Tor and Proton VPN. In his history, they had been recorded various accesses, with your username and password, to the party’s website the day it was hacked. As if that were not enough, the police discovered that the man had made a curious action: a few days before the attack, Googled the Podemos account number.