The Dutch police have seized a server of the Russian-affiliated hacker group DarkSide. The server contained terabytes of stolen data. Because this data was not encrypted, the police could access the information without any problems. For example, we know that a ‘Dutch tech company’ was the victim of the Russian hackers.
Hackers abuse high-quality internet facilities in the Netherlands
The Netherlands plays an important role in the success of hacker groups such as DarkSide. Sander van der Malen, strategic advisor at the High Tech Crime Team, hosts ‘an above-average amount of cybercriminal infrastructure’ in our country. This is because the Netherlands has a high-quality digital infrastructure, with fast and reliable internet connections. Cybercriminals and hackers eagerly take advantage of this to carry out cyberattacks or host child pornography material.
The fact that criminals misuse the Dutch internet facilities for their purposes is bad for our image. According to the National Coordinator for Security and Counterterrorism (NCTV), this is the least concern. In the report Cyber Security Assessment Netherlands 2021, published this week, chairman Pieter-Jaap Aalbersberg warns about the dangers of attacks with ransomware. In his view, these constitute ‘a scourge for SMEs’ and ‘a risk to our national security.
“Cybercriminals can also disrupt society by disrupting vital processes, for example. They are often just as skilled as state actors and often have close ties with them,” said Aalbersberg. For many cybercriminals and hackers, carrying out ransomware attacks is their daily work and earn their living. And due to the ever-increasing degree of digitization of our society, the social and economic impact of cyber attacks is greater than ever.
Server DarkSide contains terabytes of stolen information
To take a stand against cybercriminals who operate from the Dutch infrastructure, the police must send out a clear signal. Marijn Schuurbiers, team leader of the High Tech Crime Team, tells the Financieele Dagblad that the police are increasingly successful in this. He mentions the dismantling of Emotet ‘s computer network as an example.
Schuurbiers also tells about the seizure of a DarkSide server. It contained terabytes of stolen, sensitive information. Because this data was not encrypted, the police could read everything. In their own words, it contained data from a ‘Dutch tech company’, among other things. Schuurbiers does not want to say which company it concerns. He does say that the company was able to get back to work quickly thanks to good backups. It was also very reassuring for the company that their data is no longer in the hands of criminals.
DarkSide makes multiple victims
DarkSide is no stranger to those who follow the latest news in the field of cybersecurity and information security. The Russian hacker group attacked Colonial Pipeline, one of the largest petroleum companies in the US, in late April. The perpetrators managed to penetrate the company’s computer network and install ransomware. As a result, they were able to steal 100 GB of business-sensitive data. As a precaution, the petroleum company closed down several main pipelines.
To minimize the impact of the ransomware attack, Colonial Pipeline CEO Joseph Blount decided to pay the hackers $4.4 million in ransom. “I realize it is a controversial decision. I didn’t take that lightly. I didn’t feel comfortable watching the money flow to the perpetrators. I did it in the national interest, ” he said in an interview with The Wall Street Journal. Investigations revealed that the hackers managed to infiltrate the network with a leaked password from a VPN account that was not protected by multi-factor authentication.
Colonial Pipeline is not the only victim of DarkSide. In mid-May, the hacker collective attacked Brenntag, a German-based company that distributes chemicals. 150 GB of data was stolen, including financial reports, confidential contracts and personal data of employees. Like Colonial, Brenntag paid the hackers $4.4 million in ransom.
More collaboration with businesses to fight cybercrime
“If we as the Dutch police deal a hard blow, it can really approach. We need to give more such signals. Cybercriminals should think: don’t do the Netherlands for a while”, advises Schuurbiers.
The team leader says that the threat from hackers is currently growing faster than the capacity of the police. Because detectives do not know which ransomware is the basis of cyberattacks, they cannot intervene quickly enough. “If we have a better idea of that, we can focus our gun on it and, for example, confiscate servers, or use our hacking powers,” says Schuurbiers.
To get an answer to this, far-reaching cooperation with the business community is necessary. Sharing information is of great importance. This realization has also permeated political The Hague. The cabinet launched an internet consultation this week on a bill to share threat information more widely. It is now legally the case that only companies that are active in the vital sector are given concrete threat information. With the envisaged Promotion of Digital Resilience Companies Act (Wbdwb), the government also wants to be able to pass on such information to non-vital companies.
Catch up on more articles here
Follow us on Twitter here