Cryptocurrency Fraud , Cybercrime , Fraud Management & Cybercrime

Spanish Police Arrest 'Dangerous' Teenage Hacker

19-Year-Old José Huertas Allegedly Hacked a Government File Transfer System
Spanish Police Arrest 'Dangerous' Teenage Hacker
"Alcasec" appears on the "Club 113" podcast in a video uploaded to YouTube on Feb. 23, 2023. (Image: Club 113)

Spanish National Police on Friday arrested a teenager hacker who allegedly stole the sensitive data of more than half a million taxpayers from the national revenue service and boasted in an online podcast about having access to personal data of 90% of the population.

See Also: Spotlight Discussion | Expel Quarterly Threat Report: Cybersecurity Data, Trends, and Recs from Q1 2022

Spanish authorities arrested 19-year-old José Luis Huertas of Madrid, who they said posed "severe national security risk," after he allegedly penetrated in October a centralized file transfer system linking the judiciary with executive branch agencies, including the tax administration agency.

Huertas is a "dangerous cybercriminal" who despite his young age is an expert in cyber assets and hiding money, authorities said. Spanish media reported Monday that Huertas, aka "Alcasec," will remain in custody after a judge determined him to be a flight risk. Police posted video of Huertas, dressed in black, being ushered into a police car and of agents removing boxes of evidence, which they say included a significant quantity of cash.

The October 2022 file system cyber incident compromised the data of 575,186 Spanish residents. Police say Huertas stole data including financial account numbers and salary amounts.

El País reports investigators concluded that Huertas also went by the online handle "Mango" in an online underground form where he advertised for sale data from the attack. Spanish intelligence helped track the cryptocurrency wallets used to pay for servers housing the stolen data and found more than $543,000 worth of cryptocurrency in a third wallet allegedly controlled by Huertas. Police say he used a cryptocurrency mixer to hide transactions.

Police say Huertas also developed a database dubbed "Udyat" to house stolen data. Huertas told podcasters in February that the database housed information such as telephone numbers and addresses, credit card numbers, geolocation and online shopping histories of most Spaniards. El Mundo reported that Huertas charged fees for accessing the database, possibly earning him millions.

"You give your data to Amazon, and Amazon gives it to its logistics firm, and it seems private … the data goes here and there and there and while it passes by here, I'll go boom, catch it and keep it" he told the podcasters, in Spanish.

Spanish media said Huertas began hacking at age 15, earning early fame for hacking HBO and creating more than 150,000 free accounts that he distributed on Instagram. He manipulated the Burger King ordering system to offer free food. He penetrated the rent-a-bike service BiciMad to make it free for a day, leaving a message for customers in the payment terminal: "Hacked by Alca."

Huertas allegedly hacked into the system of television station Telecinco to rob its CEO of 300,000 euros, taken from his paycheck. He served time in a semi-open juvenile detention center after authorities determined he was part of a gang that had hacked into the city administrations of Granada and Madrid to steal 53,000 euros, converting the money into cryptocurrency. He left the facility in southern Spain in October, returning to Madrid, where he was to be kept under state watch.

With reporting by ISMG's David Perera in Washington, D.C.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.