Dutch authorities arrested a hacker for obtaining and attempting to sell the personal information of almost 9 million citizens in Austria. These numbers are roughly similar to the entire population of the country. 

(Photo : Joe Raedle/Getty Images)
FORT LAUDERDALE, FL - MARCH 07: Lt. Mike Baute from Florida's Child Predator CyberCrime Unit talks with people on instant messenger during the unveiling of a new CyberCrimes office March 7, 2008 in Fort Lauderdale, Florida. 

Hacking Austrian Citizens

Last November, a 25-year-old hacker was arrested in his own apartment in Amsterdam for hacking the personal information of 9 million Austrian citizens from 130,000 databases. Engadget reported that the defendant was already known to the international police. 

The threat was posted in an online forum on a dark net marketplace. Austria's Federal Criminal Police Office waited until now to announce the arrest to avoid delays and obstructions during the investigation. 

The attack was discovered last May 2020 when Fees Info Service (GIS) suspected a data theft in the company. GIS is responsible for collecting television and radio license fees in the country.

The obtained data consists of essential and personal information that includes full name, address, and date of birth. Fortunately, the financial information of the citizens was not included. These are so-called registration data.

All of these are authenticated by the police and said that "since this data was freely available on the Internet, it must absolutely be assumed that these registration data are, in full or in part, irrevocably in the hands of criminals."

According to Reuters, the defendant also offered data sets that are similar to the obtained data by the authorities. These records came from the Netherlands, the United Kingdom, China, Colombia, and Thailand. 

How it Started

ITPro reported that GIS hired an unnamed IT company based in Vienna to revamp the internal database, which contains the locations of the citizens, to help the company track anyone who avoids paying a broadcast fee.

This resulted in an employee using the GIS data during a test and leaving a database online unsecured. Additionally, the authorities also found out that the data were also found through a search engine that was not Google. 

Authorities from New Zealand were the first to alert the Dutch authorities after finding a notorious online hacker haven RaidForums with the codename "DataBox." Investors bought the data anonymously for an undisclosed amount of money. 

Through this strategy, Dutch authorities confirmed the identity of the theft after a German server was used to store the downloaded data after being analyzed. Aside from this, the investigators also found out that the data was sold in exchange for a cryptocurrency, which also made them capture the culprit easily. 

Also Read: North Korean Government Hacks Almost 1000 Foreign Policy Experts, as per South Korean Authorities

Austria Interior Minister Gerhard Karner stated they will continue to fight the rapidly growing cybercrime in the country with all of the new discovered methods in the future.

He added, "This case shows how important and necessary investigations in cyber space are. Our investigators have the know-how and no perpetrator should be sure of being able to disappear into the anonymity of the internet."

Related Article: Europe Cyberattack Results to 'Massive' Internet Outage | About 5,800 Wind Turbines Went Offline