It is not the first time that José Luis Huertas, alias Alcasec, appears in the police and judicial files. At 19 years old, the man arrested for stealing information from more than half a million taxpayers through a cyberattack on the Judiciary is considered a “dangerous computer criminal”, whose history of misdeeds includes hacking the database of the National Police or the General Directorate of Traffic.
Alcasec led a life of luxury “unbecoming someone his age,” according to the General Information Commissioner, which has led the investigation. With no work activity, he was not yet in his twenties, he made expensive trips, wore exclusive brands, frequented the most fashionable entertainment and restaurant venues and drove high-end vehicles.
When he was arrested last Friday, the agents found a large amount of cash in his home, from which they also took computer media that are now being analyzed. Police sources assure that the investigations are still ongoing and do not rule out that new lines of investigation may be opened after analyzing the seized material.
The General Council of the Judiciary recognized that he was the victim of a cyberattack in the second half of last October. Specifically, he went to the so-called Judicial Neutral Point (PNJ), a telecommunications network that connects judicial bodies with other State institutions, such as the State Tax Administration Agency. But how did a 19-year-old boy manage to exfiltrate the bank details of 575,186 taxpayers?
The alleged perpetrator, “an expert in crypto assets and concealment of funds,” according to the National Police, committed the attack in two batches. Not if before illegally obtaining the keys to the network from an official of a court in Bilbao. On October 18, in a first attack that lasted five and a half hours, he obtained the bank details of 438,000 taxpayers. In the early hours of October 20, the second was perpetrated by accessing the “extended accounts” database of the State Tax Administration Agency. From there, bank details of 137,186 taxpayers were obtained.
From there, the data was transferred to two servers in Lithuania. The analysis of the digital evidence located on both servers as well as the economic inquiries through cryptocurrencies led the National Police to prove that Alcasec was the administrator. In one of them, the detainee had installed the instant messaging application Gajim with the username Chimichurri. According to the investigators, he used this application to have all kinds of conversations related to his criminal activity.
The UDYAT portal was hosted on another of the servers, an on-demand query service for illegally obtained data. That is, a kind of portal that sold data on demand to criminals. In an interview on the YouTube channel Club113, the arrested person —under the pseudonym Alca and without letting his face be seen— claimed on camera to be the creator of UDYAT. Not only that, he boasted of having stored data from 90% of Spaniards.
On that same server, the agents also managed to locate various documentation of the young hacker before the operation exploded. Among them, a temporary authorization to drive, a report of academic notes or a report of his background. All in the name of José Luis Huertas.
As Judge Calama states in the prison order, the content of the conversations analyzed in the Gajim application infers the participation of the detainee in the cyberattack on the CGPJ, since he himself claims “to have access” to the Information Systems of the General Directorate of Police, the cybernetic infrastructure used in the attack.
Investigators suspect that Alcasec put the stolen data up for sale on the uSms platform. At the moment, the amount of money that the theft of the information could have reported is unknown, but the judge leaves a suspicion written in the car. When he argues for provisional detention due to flight risk, he affirms that the detainee has so-called “cold wallets” in which he has deposited significant amounts of cryptocurrencies “that would allow him to have sufficient liquidity to reside anywhere in the world.”
