The Dutch police arrested three people, including an ethical hacker working at the Government Institute for the Disclosure of Vulnerability. Criminals are accused of organizing double extortion attacks, during which they published personal data of millions of their victims in the darknet for use by other cybercriminals.
The Netherlands special services have been investigating for two years. It is reported that a group of hackers aged 18 to 21 years in recent years earned more than $ 2.6 million. The group redemption requirements were an average of $ 105,000 to $ 745,000.
Stolen personal data included:
- names;
- addresses;
- phone numbers;
- date of birth;
- numbers of bank accounts and credit cards;
- passwords;
- license plates of the car;
- bsn-number of citizens (personality certificate, analogue of ID in the USA);
- passport data.
It is noteworthy that the gang leader is a 21-year-old pentor, who worked as a researcher of cybersecurity at the Government Dutch Institute for Vulnerability (DIVD) and had access to confidential information. Moreover, he took part in the DIVD confidential investigations. DIVD manager said that there are no signs that this ethical hacker was involved in criminal cases. However, after the arrest, access to DIVD systems was blocked for him.