Search the Community

Amsterdam's cybercrime police team made a significant breakthrough in their investigation into hacking, data theft, blackmail, and money laundering by arresting three young men. The suspects, aged 21 and 18, were picked up on January 23, and two of them have been restricted to contact with their lawyers only in the interest of the ongoing investigation. The justice department spokesperson revealed that one of the three suspects is a "very clever hacker" who had already come under the police radar before. "Data is the new gold, and these are the new bank robbers," the spokesperson added, highlighting the significance of the case. The investigation began in March 2021 when a large Dutch company reported a hack. However, since then, the police discovered that thousands of small and large companies, both national and international, have fallen victim to hacking and data theft. As a result, the privacy-sensitive information of tens of millions of people, including their names, addresses, credit card details, dates of birth, and BSN numbers, ended up in the hands of criminals. Several companies that fell victim to the hack include Ticketcounter, an online amusement park, and zoo ticket vendor, a major educational institution, and a meal delivery service. The hackers gained access to these companies' systems and sent a threatening email demanding payment in bitcoin. If the companies didn't pay, the hackers threatened to destroy their digital infrastructure or publish the stolen information. Shockingly, many companies paid up, fearing the consequences of non-compliance. According to RTL Nieuws, the main suspects are believed to have had a "criminal income" of €2.5 million. It's also worth noting that the January arrests followed the arrest of a 25-year-old man from Almere in November. He was found to have databases in his possession that the police were already aware of following reports of data hacks. The suspects allegedly knew each other from online forums and chat services such as Telegram, where they exchanged tips and offered each other services. The Dutch government is now considering giving a more prominent role to data security organizations such as DIVD or Dutch Institute for Vulnerability Disclosure in tackling cybercrime. The police have made significant progress in this case, but investigations are still ongoing. The case highlights the need for greater vigilance in protecting personal data, particularly with the rise of cybercrime.

BreachForums was a notorious cybercrime forum where criminals could exchange stolen data from businesses and organizations. Unfortunately, the forum has been shut down due to fears that the arrest of Conor Brian Fitzpatrick, also known as Pompompurin, the suspected cybercrime marketplace administrator, would lead to the exposure of the website's users. This was because the arrest allowed the authorities to access secured systems, raising concerns that data-hungry attackers could also gain access to BreachForums users' data. Baphomet, the remaining admin of BreachForums, announced the closure of the website in an encrypted message to users. According to Baphomet, the decision to shut down the website was prompted by an unexplained login that occurred before the admin could access the server. Baphomet suspected that this indicated that someone had gained access to Pompompurin's machine, which was a significant security threat. Despite the closure of BreachForums, the admin hinted that data-hungry attackers would not be left empty-handed, as a new website would be set up to take its place. This new website would likely attract cybercriminals looking to exchange stolen data, similar to how BreachForums operated. Interestingly, BreachForums itself emerged from the ashes of another cybercrime forum disrupted by the FBI, RaidForums, which was shut down in April 2022. Even though BreachForums has been dead for less than a couple of days, its users have already started migrating to other cybercrime forums. For instance, some users of a Russia-linked cybercrime forum called Exploit complained about the sudden influx of BreachForums users on their platform. Over the years, numerous data leaks have appeared on BreachForums, including data allegedly taken from US-based software company Beeline, Taiwanese hardware and electronics giant Acer, video game maker Activision, messaging app WhatsApp, and many others. In one instance, sensitive information on US House and Senate members was posted on the website after being stolen from a medical insurance company called DC Health Link. The closure of BreachForums has caused a significant disruption in the cybercrime underworld, but it remains to be seen how long it will take for a new website to take its place. In the meantime, businesses and organizations must remain vigilant and take steps to protect their data from cybercriminals who are constantly on the lookout for new opportunities to profit from stolen information.