A hacker tried to sell the personal information of nearly every Austrian citizen, police...

Daniel Sims

Posts: 829   +33
Staff
In context: The results of successful international cooperation between law enforcement agencies fighting cybercrime became known for the second time this week. While not as big a case as the Hive ransomware bust, the arrest of a hacker selling the personal data of millions provides another example of how fragile digital privacy is. It also shows the cost of human error from those who house our personal information.

On Wednesday, Austrian police announced the arrest of a hacker in the Netherlands for selling the personal information of almost everyone living in Austria. The investigation involved collaboration between authorities in multiple countries over two years.

The unnamed 25-year-old Dutch suspect allegedly listed a dataset for sale online containing the names, addresses, genders, and dates of birth of nine million Austrians – virtually the country's entire population. Reuters notes that police arrested the man in November but held off announcing it pending an ongoing international investigation that started with a data breach in 2020.

The hacker didn't acquire the data using malware. Austrian newspaper Die Presse writes that he merely seized upon a mistake someone made during a routine IT operation.

When the Gebühren Info Service (GIS), which handles Austrian broadcasting fees, hired a Vienna subcontractor to restructure its data in 2020, one of the company's employees accidentally used the service's real information during a test. The GIS reported the data theft in May 2020.

The hacker may have accessed it using a search engine, although it was not Google. As a result, the personal data of millions of Australian citizens was left publicly accessible online for about a week. When someone named "DataBox" on Raidforum.com offered to sell registry information on millions of Austrians in New Zealand, NZ authorities bought it for a four-figure sum to confirm that it came from the GIS breach. The data's composition style matched GIS record-keeping.

Police identified the suspect after securing a server in Germany from which they allegedly downloaded the GIS's data. The New Zealand bitcoin transaction also pointed authorities to the hacker, who the police suspected of cybercrimes.

When Dutch police arrested the suspect in Amsterdam, they found 130,000 data banks containing personal information on people in Thailand, China, the Netherlands, Columbia, and the UK, including medical records.

Permalink to story.

 

Aaron Jones

Posts: 46   +16
Was this written by a bot that can't distinguish between Austrian and Australian? What an absolute mess of an article.

No? The arrest link points to a .at domain name, the article mentions an Austrian newspaper, and references where the data came from (an Austrian department).
 

nismo91

Posts: 1,306   +350
No? The arrest link points to a .at domain name, the article mentions an Austrian newspaper, and references where the data came from (an Austrian department).

what he meant was this. cant help but noticed this myself

As a result, the personal data of millions of Australian citizens was left publicly accessible online for about a week.
 

StrikerRocket

Posts: 187   +152
Maybe I can't read, but is it "Austrians" or "Australians"?
Looks like someone confused the two here. So, which is which? Austria is more likely but... ;)
 

Karlos95

Posts: 310   +207
"The New Zealand bitcoin transaction also pointed authorities to the hacker, who the police suspected of cybercrimes."

So much for untraceable crypto :)

Tell me you know nothing about crypto without telling me you know nothing about crypto.
There is a reason many crims still use cash. Bitcoin was never meant to be untraceable.
It is literally a better form of currency, keep believing inflation is meant to be normal and getting thieved by the pollies.
 

Hodor

Posts: 580   +396
"The New Zealand bitcoin transaction also pointed authorities to the hacker, who the police suspected of cybercrimes."
So much for untraceable crypto :)

Yeah, the mainstream media lies quickly get busted. They actually do it themselves.