16-Year-Old Hacker in Madrid Arrested for Various Cyberattacks on Medical, Educational and Corporate Apps in Spain

THE National Police have arrested a 16-year-old hacker in Madrid with a long history of cyberattacks spanning from late 2019 who, during the State of Alarm, hacked into a health application, dedicated to prescribing tests and prescriptions, to steal sensitive information from users. He also hacked into various educational and company applications both within Spain and on an international level.

During a press conference on Friday, the deputy director of the National Police, Pilar Allue, said that in just a few months he managed to break through the security of numerous private and public companies in Spain and overseas.

The police statement outlines that this young teen was seeking notoriety for his ‘achievements’ on social networks. At the time of his arrest, officers managed to stop an attack on a parcel company that he was hacking at that very moment.

He had even advertised the personal data that he had hacked on social media. The investigation began in late 2019 after the police received a complaint from a leading international platform which distributes audio-visual video content.

According to the information they provided, in only three days, almost 141,000 fraudulent accounts were created to access the service in 14 days. Furthermore, the profiles used fraudulent bank card numbers causing around €450,000 in damages.

A few days later the police received another complaint, this time from a bicycle rental company located in Madrid who reported they had suffered a cyberattack on their systems which prevented them from providing their service for hours.

The perpetrator of the cyberattack claimed his authorship by displaying a message that could be read on the screens of the rental management devices located on public roads.

The investigators then learnt that new attacks were being aimed at a Spanish consultancy firm in charge of providing computer support to important companies established in the national territory. The intrusion took place in the premises of a famous fast food restaurant chain making his location untraceable. In this attack, the hacker was able to access databases of various companies.

Despite the meticulous and extensive self-protection measures put in place by the 16-year-old hacker, the police were finally able to corroborate his identity and narrow down his location to a central Madrid district.