In late September, police were victims of a hack in which the contact information of police employees was captured. Many are still working hard to investigate the incident and protect the police organization. What is the status of security measures and the investigation into the perpetrators?
'The impact of the hack on employees, and on our work, is as great as ever,' says Stan Duijf, head of Operations at the National Investigation and Interventions Unit (LO) and portfolio holder of cybercrime for the police. 'We are victims and at the same time we are investigating the incident of which our organization itself is the subject. We can imagine that this does something to the sense of security of colleagues, attention is being paid to this.'
Becoming a victim of a cyber attack is unfortunately no longer an exceptional situation these days, Duijf argues. 'Many people and organizations have to deal with it. One in five entrepreneurs, for example, will face a cyber attack. NCTV's Cybersecurity Assessment Netherlands 2024 states that every organization can be hit by a cyber incident. According to the AIVD, the Netherlands continuously faces cyber attacks by countries with offensive cyber programs. We must arm ourselves even better against this.'
'After hackers penetrated the police system and captured data, we naturally wanted to know as quickly as possible how this could happen, what the impact was and who did this,' Duijf recalls. 'Various colleagues and organizations were investigating. Team High Tech Crime (THTC) of the LO is investigating the facts and the perpetrators behind the data theft.'
Not only within the police; several parties outside are also involved in data theft, Duijf says. 'It involves public and private partners but also investigation services from abroad. We are happy with this help and cooperation. In addition, other Dutch parties are also investigating such threats or receiving information about them. The AIVD and MIVD identified the incident and informed the police about it. With regard to digital security, the AIVD supports us in the area of information security.
Fighting cyberattacks is by definition a complex set of actors at different levels, according to Duijf. 'This can range from young people in an attic room to state actors who are spying. The Internet is a complex network, where national borders do not matter. This makes detection of cybercrime offenses almost always an international affair. Pleggers of cybercrime often use shielding techniques. As a result, it takes time and effort to go after various leads internationally and determine who is behind them.'
'The investigation is still in full swing and step by step we are finding out more and more,' Duijf says.
Earlier it was revealed that intelligence and security agencies consider it very likely that a state actor is responsible.
Presumably, a so-called pass-the-cookie attack was used. The purpose of such an attack is to gain access to a user's account or application without requiring password login again. A successful attack causes the attacker to take over an active session of an account with the corresponding permissions. Gaining the access can be done in many different ways, such as phishing. After a successful attack, malware can be installed that forwards data such as cookies to a hacker that can be used to gain access. In this case, we know that the address book was captured.
What the hackers did with the amount of data captured is still under investigation. 'At this time, in the interest of the investigation, we cannot share anything further in terms of content about the findings of the investigation,' Duijf stressed.
The police are taking extra security measures, appealing to all colleagues in the police organization. 'We must all be aware of our digital vulnerability. That is part of today's reality, also as a police organization,' Duijf explained. 'We simply cannot "shut the door" completely, but we can try to arm ourselves as best we can against cyber attacks. Substantial visible and invisible measures were taken immediately after the attack to protect us, and we monitor continuously.
