NL: Suspect arrested after data theft and threat
Dutch police have made another arrest involving an alleged hacker. It sounds like they identified and arrested this individual fairly quickly, which raises questions about whether this suspect had terrible OpSec or if the police had other sources of leads that enabled them to identify and arrest them. There is nothing in their release that gives any indication as to whether they suspect this individual of working with others.
(Machine translation of their press release):
Purmerend – On Friday morning, May 5, a 25-year-old man from Purmerend was arrested. He is suspected of having stolen hundreds of thousands of customer data from a company in Haarlem after a hack. The man threatened to publish and/or sell this information online if 50,000 euros in bitcoins were not paid before this Friday afternoon.
Immediately after receiving the threat, the company called the police. Team Cybercrime started an investigation that eventually led to the arrest of the 25-year-old man from Purmerend. During the arrest, the suspect’s home was also searched, and cash and various data carriers were seized for further investigation.
Data as a revenue model
Criminals earn a lot of money with data theft and data trading. By threatening companies, but also by selling stolen data to other criminals. They use the stolen data to select specific victims for, for example, phishing, chat tricks, bank helpdesk fraud or identity fraud.
The police and the Public Prosecution Service not only combat cybercrime by tracking down criminals, but also by means of prevention. Together with cybersecurity companies, they point out digital vulnerabilities and the need to protect themselves digitally. Companies facing threats are called upon not to comply with payment demands, but to immediately contact the police.