“Ethical hacker” amongst those arrested in Dutch ransomware investigation

1 year ago AndyC

Three
men
have
been

arrested
by
Dutch
police
in
connection
with
ransomware
attacks
that
blackmailed
thousands
of
companies.

Three
men
have
been

arrested
by
Dutch
police
in
connection
with
ransomware
attacks
that
blackmailed
thousands
of
companies.

The
men,
who
are
aged
between
18
and
21,
are
said
to
have
made
millions
of
dollars
–
typically
demanding
ransoms
of
100,000
Euros,
but
sometimes
reaching
a
peak
of
more
than
700,000
Euros.

A
21-year-old
man
from
Zandvoort,
described
by
police
as
the
“prime
suspect”,
is
said
to
have
made
over
€2.5
million
(US
$2.65
million)
during
the
course
of
his
criminal
career.

Tens
of
millions
of
pieces
of
personal
information
are
thought
to
have
been
stolen
by
the
malicious
hackers,
in
attacks
against
organisations
both
large
and
small
worldwide.

Stolen
sensitive
information
is
said
to
have
included
not
just
individuals’
names,
addresses,
and
telephone
numbers,
but
also
dates
of
birth,
bank
account
numbers,
credit
cards,
passwords,
license
plate
details,
citizen
service
numbers,
and
passport
information.

Such
data
could
be
exploited
by
identity
thieves
and
fraudsters
to
gather
further
details
about
individuals,
or
gain
access
to
accounts.

Even
when
ransoms
were
paid
to
the
extortionists,
exfiltrated
data
is
said
to
have
still
been
sold
for
profit
to
other
cybercriminals
via
dark
web
marketplaces.

Surprise
–
you
can’t
trust
a
criminal
to
keep
their
word.

Intriguingly,
one
of
those
arrested
by
Dutch
police
is
reported
to
have
been
an
active
member
of
the
Dutch
Institute
for
Vulnerability
Disclosure
(DIVD),
a
government-backed
group
of
ethical
hackers
that
hunts
for
flaws
in
computer
systems.

According
to
the
media,
the
arrested
researcher
had
access
to
sensitive
information
about
vulnerable
systems,
which
could
have
potentially
been
abused
to
assist
in
ransomware
attacks.

The
Dutch
media

reports
that
DIVD
said
in
an
internal
Slack
message
that
it
has
found
“no
indications”
that
the
man
abused
his
access:

“We
immediately
blocked
him
and
denied
him
access
to
our
systems.
We
are
just
as
shocked
as
everyone
else…
he
was
a
nice
colleague.”

The
link
with
DIVD
comes
at
an
inconvenient
time,
as
the
group
is
being
considered
by
the
authorities
for
additional
funding,
in
an
attempt
to
strengthen
the
country’s
cybersecurity
defences.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts