The Public Prosecution Service within the Netherlands [Dutch: Openbaar Ministerie] has simply launched details about an unnamed suspect arrested again in December 2022 for allegedly stealing and promoting private knowledge about tens of hundreds of thousands of individuals.
The victims are mentioned to dwell in international locations as far aside as Austria, China, Columbia, the Netherlands itself, Thailand and the UK.
Apparently, the courts have taken a strict strategy to this case, successfully preserving the arrest secret from late 2022 till now, and never permitting the suspect out on bail.
According to the Ministry’s report, a court docket order about custody was made in early December 2022, when the authorities got permission to maintain the suspect locked up for an additional 90 days, that means that they will maintain him till not less than March 2023 as work on his case continues.
The suspect is being investigated for a number of offences: possessing or publishing “non-public” knowledge, possessing phishing software program and hacking instruments, laptop hacking, and cash laundering.
The prosecutors declare that he laundered near half-a-million Euros’ price of cryptocurrency throughout 2022, so we’re assuming that the court docket thought of him a flight threat, determined that if launched he may be capable to destroy proof and, presumably, thought that he may attempt to warn others within the cybercrime boards the place he’d been lively to begin overlaying their tracks, too.
Governmental breach?
Intriguingly, the investigation was triggered by the looks on a cybercrime discussion board of a multi-million document stash of non-public knowledge referring to Austrian residents.
Those knowledge data, it appears, turned out to have a standard supply: the corporate accountable for accumulating radio and TV licence charges in Austria.
Austrian cops apparently went undercover to purchase up a replica of the stolen knowledge for themselves, and within the technique of doing so (their investigative strategies, unsurprisingly, weren’t revealed) recognized an IP quantity that was someway related to the username they’d handled on the darkish net.
That IP quantity led to Amsterdam within the Netherlands, the place the Dutch police took the investigation additional.
As the Dutch Ministry writes:
The staff has robust indications that the suspect was working underneath that consumer title and that he had, for a very long time, been providing private private knowledge – together with affected person knowledge from medical data – on the discussion board for fee underneath that title. […]
With the theft of huge quantities of digital knowledge, combining completely different databases and buying and selling entry to this knowledge, increasingly more criminals know the place an individual lives, performs financial institution transactions, what automotive they’ve, what their password is, what cellphone numbers they’ve, the place they work, go to high school and many others. Where it was crucial to watch folks for weeks to establish the precise sufferer, now a push of a button suffices.
What subsequent?
We’ll let you realize if and after we be taught extra about this case.
We know for certain that the Dutch police and prosecutors aren’t going to lose curiosity, as a result of the Ministry concludes its annoucement with these phrases:
This form of legal exercise not solely grossly violates the privateness of hundreds of thousands of individuals but additionally causes monetary injury to people and companies. Police and prosecutors are dedicated to combating this advanced type of crime by detecting and prosecuting cybercriminals.
But we are able to’t assist questioning whether or not the Austrian radio and TV licence price assortment firm may entice the curiosity of investigators of various kind, this time from the Austrian knowledge safety regulators moderately than the police.
Although firms that endure breaches are undeniably cybercrime victims themselves, they generally find yourself in authorized hassle of their very own if the regulator varieties the opinion that they may and may have completed extra to guard their prospects.
After all, because the Dutch prosecutors level out, it’s the people whose knowledge really will get stolen who’re the first victims right here.