Austria’s Federal Criminal Police Office (Bundeskriminalamt/BK) revealed on 25 January that it has arrested a 25-year-old Dutch hacker for reportedly stealing data about nearly its entire population. ITPro reports the hacker stole data that belonged to 9 million Austrians. The organization responsible for collecting television and radio fees for Austria, the Fees Info Service (GIS), was said to be the source of the data breach. GIS announced in May 2020 that an event had occurred and that it was working with authorities on the matter.
Statement From GIS:
“As it became known today, large amounts of data may have been stolen, although it cannot be ruled out that this data came from the sphere of influence of the GIS,” said the GIS in a written statement to the APA. Managing Director Harald Kräuter emphasizes that he works together with the authorities and that he has made the GIS systems available for checks. ” As our data protection experts assure us, there were no omissions on the part of the GIS. This is also underpinned by the ISO certification of the GIS IT systems, which was renewed in February, ” emphasized Kräuter.”
Die Presse has reported that the Dutch hacker was able to obtain the data due to a glitch while a contracted Viennese IT company performed maintenance on the GIS database. It is believed that an employee accidentally left the database unprotected and accessible to the internet for about a week before it was discovered.
Machine translated from Die Presse:
“The mistake must have happened with the subcontractor: An employee of the company may have used the real registration data from the GIS for a test, and this database was available on the Internet without access protection, according to estimates by the BK specialists for about a week. “The perpetrator found the data with a search engine,” said a BK investigator.”
Soon after the data began to appear on the dark web and authorities began their investigation. They tracked the dutch hacker via bitcoin transactions who also had roughly 130,000 other databases including China, the Netherlands, Thailand, Columbia, Great Britain, and others. Interior Minister Gerhard Karner (ÖVP) and BK Director Andreas Holzer gave praise to the team for breaking the case.
“The rapidly growing cybercrime will continue to be fought with all vehemence and new methods in the future,” said Karner. “This case shows how important and necessary investigations in cyberspace are. Our investigators have the know-how and no perpetrator should be sure of being able to disappear into the anonymity of the Internet,” stressed Holzer.”