Spanish hacker José Luis Huertas will serve two years and seven months in prison after taking a plea deal at the National Court on Wednesday. The 22-year-old Huertas, known online as Alcasec, admitted to stealing banking details from over half a million citizens. Prosecutors originally requested a three-year sentence, but dropped the penalty after Huertas confessed and provided his passwords to the police.

The state prosecutor explained that Alcasec worked with two other men to pull off the cyberattack. Daniel B.E., age 32, received 2 years and two months in prison. Juan Carlos O.G., age 28, received 1 year and 3 months. The Spanish court also seized their cash and cryptocurrency assets .

According to the state prosecutor’s indictment, reported by Spanish media, Alcasec hid his identity by setting up Lithuanian storage servers back in October 2021, whereas the actual cyberattack took place in October 2022.

Reportedly, he used a stolen digital certificate from the Spanish traffic agency, the DGT, to enter SARA, a secure computer network used by the government. He then made a fake login webpage to trick court workers into entering their passwords.

Once Alcasec got the passwords, he hacked the Neutral Judicial Point, a network connecting Spanish courts and government bodies. He stole 574,908 bank records and put them on a site called uSms to sell. Juan Carlos O.G. was the biggest buyer and spent 109,876 euros on the stolen data.

The state prosecutor’s office revealed that the server company used in Lithuania was called Cherry Servers. Buyers bought the stolen data using a cryptocurrency service called Plisio. The National Police tracking the digital money wallets eventually found more than 543,000 dollars in crypto linked to him.

This case follows Hackread.com’s earlier report on Huertas’ arre st , according to which Spanish police caught Alcasec in Madrid during April 2023. At that time, media reports labelled him as the “Robin Hood of Spanish Hackers.” He even went on a YouTube podcast to brag that he had stolen tax details belonging to “90% of the Spanish population.”

During that earlier attack, he infiltrated a data transfer system to steal salaries, credit card numbers, and phone numbers. He then created a custom search engine called Udyat on the dark web to sell the stolen records.

With his conviction, the young hacker’s streak of high-profile cyberattacks has officially come to an end as he begins his multi-year prison term. Watch the podcast in which Alcase boasted about his attacks in February 2023:

Your email address will not be published. Required fields are marked *