The
Dutch
police
arrested
three
individuals
as
a
result
of
an
investigation
into
computer
trespass,
data
theft,
extortion,
extortion,
and
money
laundering.
The
Dutch
police
announced
the
arrest
of
three
men
as
the
result
of
an
extensive
investigation
into
computer
trespass,
data
theft,
extortion,
extortion,
and
money
laundering
The
suspects
were
arrested
by
the
Amsterdam
police
arrested
on
January
23,
2023.
A
prime
suspect
is
a
21-year-old
man
from
Zandvoort,
the
other
two
men
arrested
are
a
21-year-old
man
from
Rotterdam
and
an
18-year-old
man
of
no
fixed
abode.
The
Dutch
police
started
the
investigation
in
March
2021
following
a
complaint
of
data
theft
and
threats
from
a
large
Dutch
company. The
investigation
revealed
that
probably
thousands
of
national
and
international
small
and
large
organizations
were
hacked
by
the
suspects
that
also
attempted
to
extort
money
from
the
victims.
It
has
been
estimated
that
crooks
have
stolen
the
sensitive
data
of
millions
of
individuals.
“During
the
course
of
the
investigation,
it
has
become
clear
that
probably
thousands
of
small
and
large
companies
and
institutions,
both
national
and
international,
have
fallen
victim
to
computer
intrusion
(hacking)
in
recent
years
and
subsequently
theft
and
handling
of
data. Tens
of
millions
of
privacy-sensitive
personal
data
have
fallen
into
the
hands
of
criminals
as
a
result
of
this
theft
and
trade.”
reads
the
press
release
published
by
the
Dutch
Police.
Compromised
data
include
names,
addresses,
telephone
numbers,
dates
of
birth,
bank
account
numbers,
credit
cards,
passwords,
license
plates,
citizen
service
numbers
or
passport
data.
The
huge
trove
of
data
stolen
by
cybercriminals
can
be
used
by
threat
actors
to
conduct
a
broad
range
of
illegal
activities,
from
identity
theft
to
financial
scams.
The
group
demanded
a
Bitcoin
payment
from
the
affected
companies
and
threatened
to
publish
the
stolen
information
online
or
destroy
their
infrastructure.
The
ransom
demanded
from
the
victims
ranged
between
€100,000
and
€700,000.
The
bad
news
is
that
the
gang
ended
up
selling
the
stolen
data
despite
the
victims
have
paid
the
ransom.
“The
impact
for
the
affected
companies
is
enormous. This
not
only
concerns
financial
damage,
but
also
damage
to
the
image
and
all
the
extra
efforts
to
restore
systems. Even
companies
that
have
their
security
in
order
can
be
affected
by
these
types
of
facts.”
concludes
the
report. “On
top
of
that
there
are
the
consequences
for
the
people
at
these
companies
on
a
personal
level. They
feel
responsible
for
something
that
often
happened
through
no
fault
of
their
own.”
The
worst
aspect
of
this
story
is
that
one
of
the
three
men
reportedly
works
as
an
“ethical
hacker”
for
Dutch
security
organization
DIVD,
or
Dutch
Institute
for
Vulnerability
Disclosure.
The
Dutch
Institute
for
Vulnerability
Disclosure
(DIVD)
foundation
is
a
foundation
established
in
2019
with
the
aim
of
making
the
digital
world
safer
by
conducting
research
into
vulnerabilities
in
information
systems,
reporting
vulnerabilities
found
to
those
involved
and
offering
assistance
in
resolving
them.
“One
of
the
men
arrested
had
access
to
all
kinds
of
sensitive
information
because
he worked
on
confidential
cybercrime
investigations as
a
DIVD
researcher,
according
to
Dutch
public
broadcasting
company
NOS.”
reported
The
Register.
“You
don’t
just
get
access
to
information
at
DIVD,
so
he
played
it
very
cleverly,”
the
anonymous
source
told
NOS.
“You
only
get
access
to
information
if
you
really
cooperate
with
an
investigation.”
“A
DIVD
spokesperson
told
the
broadcaster
that
the
organization
had
“no
indications”
the
suspect
had
abused
his
access
to
personal
data.
“We
are
just
as
shocked
as
everyone
else,”
a
DIVD
spokesperson
said.”
At
the
end
of
November
2022,
the
Amsterdam
police arrested a
25-year-old
man
from
Almere
who
is
suspected
of
having
stolen
or
traded
the
personal
data
of
tens
of
millions
of
people
around
the
world.
The
investigation
into
the
activity
of
the
man
was
launched
by
the
Austrian
Federal
Criminal
Investigation
Service
which
spotted
the
man
offering
a
dataset
on
a
cybercrime
forum
in
May
2020.
The
man
was
offering
a
dataset
containing
millions
of
addresses
and
personal
data
from
the
Geburen
Info
Service
GmbH
(GIS),
which
maintains
an
archive
of
broadcasting
reception
equipment
(TV,
radio
etc.)
in
the
country
and
collects
the
viewing
and
listening
fees
from
the
citizens.
Follow
me
on
Twitter:
@securityaffairs
and
Facebook
and
Mastodon
(SecurityAffairs –
hacking,
cybercrime)
Share
On
About Author
