Three men arrested in investigation into large-scale international data theft and data trade

The suspects are a 21-year-old man from Zandvoort (prime suspect), a 21-year-old man from Rotterdam and an 18-year-old man of no fixed abode. Two of the suspects immediately went into all restrictions after their arrest, which means that they were only allowed to have contact with their lawyer. Because of this measure and in order not to disrupt the investigation, the arrests have not been announced before.

Thousands of companies victimized

The cybercrime team started the investigation in March 2021 following a report of data theft and threats at a large Dutch company. During the course of the investigation, it has become clear that probably thousands of small and large companies and institutions, both national and international, have fallen victim to computer intrusion (hacking) in recent years and subsequently theft and handling of data. Tens of millions of privacy-sensitive personal data have fallen into the hands of criminals as a result of this theft and trade.

Refined

The investigation by the criminal investigation department provides insight into a very refined working method. After illegally accessing the data on the systems of the affected companies, these companies receive a threatening message by email stating that they must pay in bitcoins. If a company does not pay, it threatens to destroy the company’s digital infrastructure or to make the data public. Many companies have felt compelled to pay in hopes of protecting their data. The total damage for companies runs into the many millions. As far as known, the ransom demand per company has risen to more than 100,000 euros, with a peak of more than 700,000 euros. In addition, in many cases, the stolen data is still sold online, even though the affected companies have paid. The main suspect has probably had a criminal income of 2.5 million euros in recent years.

Privacy-sensitive data

As a result of this working method, tens of millions of people’s privacy-sensitive data have fallen into the hands of criminals. This does not only concern names, addresses and telephone numbers. This also includes dates of birth, bank account numbers, credit cards, passwords, license plates, citizen service numbers or passport data. All very private information. Information that is valuable to criminals. As has already been seen in the investigation into a 25-year-old suspect from Almere who is suspected of theft and trafficking of personal data from Geburen Info Service GmbH (GIS), which collects TV and radio fees for Austria. The data of all residents of Austria was probably stolen and offered for sale.

Impact

The impact for the affected companies is enormous. This not only concerns financial damage, but also damage to the image and all the extra efforts to restore systems. Even companies that have their security in order can be affected by these types of facts. On top of that there are the consequences for the people at these companies on a personal level. They feel responsible for something that often happened through no fault of their own. For example, an employee of an affected company explained to the police how he is constantly afraid that the stolen data will still be traded and is afraid of personal threat as a result of talking to the police.

Cooperation

The cybercrime team received help in the investigation from other police units and various international investigative services. It is therefore not only about companies in the Netherlands that have fallen victim to data theft and trade, but international companies have also been duped. The companies and other organizations that have probably become victims are very diverse and can be found in almost every conceivable sector; from catering establishments, training institutes, webshops to software companies, social media and institutions that are part of the vital infrastructure.

Data refining

Data theft and data trading is a huge revenue model for criminals. Not just by extorting companies. The captured data is processed so that it can be traded to other criminals. The investigation shows that a special computer code is used to refine stolen data. Stolen databases are made especially suitable by such data refining to approach specifically selected victims for, for example, phishing, chat tricks, bank helpdesk fraud or identity fraud. For example, a database can be filtered on Dutch people born in the 1940s and 1950s.
The information that criminals can collect from these types of databases about their victims enables them to appear reliable. The number of victims as a result of this is enormous. Finally, searches in stolen data are also offered to find things or people on an individual level in a very targeted way. Searching and observing on the street is no longer necessary. A push of a button behind the computer is enough.

Tackling cybercrime

Given the major impact on both companies and individuals, the police and the Public Prosecution Service are emphatically committed to combating cybercrime. Not only by detecting cybercriminals as in this study, but also by means of prevention. Prevention focuses on both victims and perpetrators. In addition, the police are committed to disrupting the processes of criminals. An example of this is the initiative under the name No More Leaks. No More leaks is a collaboration between the police and companies in which the police provide hashed login credentials to companies with many online account holders. Companies can then include this list of hashes as a checklist in their login process, so that abuse is prevented in advance.

Contact police

If you have information that may be important in the continuation of this investigation, or if you want to report a cybercrime offense, please contact the police on 0900-8844 or 088-9647360 (cybercrime criminal intelligence team). Or for more information about cybercrime, visit https://www.politie.nl/onderwerpen/cybercrime.html.