Alcasec, “Robin Hood of Spanish Hackers,” Jailed for 31 Months Over Data Theft
Spanish hacker Alcasec sentenced to 31 months for stealing 574,908 banking records and selling them online.
Summary
José Luis Huertas, a 22-year-old Spanish hacker known as Alcasec, received a 31-month prison sentence after admitting to stealing over half a million Spanish citizens' banking records and selling them on the dark web. Working with two accomplices, Huertas used a stolen digital certificate from the Spanish traffic agency (DGT) to breach SARA and the Neutral Judicial Point network, then created a phishing page to harvest court workers' credentials. The trio laundered proceeds through cryptocurrency, with over $543,000 in crypto assets seized by authorities.
Full text
Cyber Crime Dark WebAlcasec, “Robin Hood of Spanish Hackers,” Jailed for 31 Months Over Data Theft Alcasec, the “Robin Hood of Spanish Hackers,” is jailed for 31 months after admitting to stealing and selling Spanish citizens’ banking data. byDeeba AhmedJune 3, 20262 minute read Spanish hacker José Luis Huertas will serve two years and seven months in prison after taking a plea deal at the National Court on Wednesday. The 22-year-old Huertas, known online as Alcasec, admitted to stealing banking details from over half a million citizens. Prosecutors originally requested a three-year sentence, but dropped the penalty after Huertas confessed and provided his passwords to the police. The state prosecutor explained that Alcasec worked with two other men to pull off the cyberattack. Daniel B.E., age 32, received 2 years and two months in prison. Juan Carlos O.G., age 28, received 1 year and 3 months. The Spanish court also seized their cash and cryptocurrency assets. Jose Luis Huertas, pictured last week after court proceedings (Image credit: @elhackernet on X) According to the state prosecutor’s indictment, reported by Spanish media, Alcasec hid his identity by setting up Lithuanian storage servers back in October 2021, whereas the actual cyberattack took place in October 2022. Reportedly, he used a stolen digital certificate from the Spanish traffic agency, the DGT, to enter SARA, a secure computer network used by the government. He then made a fake login webpage to trick court workers into entering their passwords. Once Alcasec got the passwords, he hacked the Neutral Judicial Point, a network connecting Spanish courts and government bodies. He stole 574,908 bank records and put them on a site called uSms to sell. Juan Carlos O.G. was the biggest buyer and spent 109,876 euros on the stolen data. The state prosecutor’s office revealed that the server company used in Lithuania was called Cherry Servers. Buyers bought the stolen data using a cryptocurrency service called Plisio. The National Police tracking the digital money wallets eventually found more than 543,000 dollars in crypto linked to him. This case follows Hackread.com’s earlier report on Huertas’ arrest, according to which Spanish police caught Alcasec in Madrid during April 2023. At that time, media reports labelled him as the “Robin Hood of Spanish Hackers.” He even went on a YouTube podcast to brag that he had stolen tax details belonging to “90% of the Spanish population.” During that earlier attack, he infiltrated a data transfer system to steal salaries, credit card numbers, and phone numbers. He then created a custom search engine called Udyat on the dark web to sell the stolen records. With his conviction, the young hacker’s streak of high-profile cyberattacks has officially come to an end as he begins his multi-year prison term. Watch the podcast in which Alcase boasted about his attacks in February 2023: Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts AlcasecCyber AttackCyber CrimeCybersecuritydark webSpainUdyat Leave a Reply Cancel reply View Comments (0) Related Posts Cyber Crime Turkey-based Predator of ATM machines pleads guilty to 18 charges The infamous hacker, popularly known as Segate, Oreon and Predator, has pleaded guilty finally in front of a… byCarolina Security Android Cyber Crime Malware Phishing Scam Android Version of Sophisticated Pegasus Spyware Discovered Pegasus is a smartphone spyware developed by the Israeli surveillance firm NSO Group; it is believed to be… byJahanzaib Hassan Cyber Crime Malware Security Hackers Setup Fake Cyber Security firm to Target InfoSec Experts Google believes the hackers are backed by the North Korean government. byWaqas Cyber Crime Cyber Events Zone-H banned by Indian ISPs According to Zone-H administrators, the website has been banned by some Indian ISPs in the country following the court… byWaqas
Indicators of Compromise
- malware — Alcasec attack infrastructure