They apparently got him: #hackerangriff greift nicht an.
A 20-year-old man has been arrested for leaking the private information of around 1,000 German politicians and public figures. German Federal criminal police said he confessed to carrying out the breach because he was frustrated with statements the victims made (BBC). Investigators say the man doesn't pose a flight risk, and he's been released under house arrest. Some think continued cooperation with the authorities will set him up for a lighter sentence (The Guardian).
Bild reported that Germany's BSI security service asked the US National Security Agency for its assistance in getting Twitter to track down and delete tweets and accounts that contained the leaked material. The BSI reportedly told the NSA that some of the victims of the hack were US citizens (Bloomberg).
The case is also an instructive cautionary tale on the hazards of attribution based on a priori probability. Political figures get doxed. Who else but the Russians? They did it to the Americans, didn't they? And weren't they caught with their fingers in Bundestag networks not so long ago? What's likelier? Yes, but actually, it turns out, no. We're reminded of the Mirai botnet, widely believed at the time to have been a Russian cyber shot across the virtual American bow (The CyberWire). But it turned out to be the work of a guy from Rutgers and a couple of his friends, just out to make a bigger buck from Minecraft in-game purchases (US Department of Justice).