The data was stolen from a misconfigured cloud database found by the attacker through a search engine
A Dutch hacker has been arrested after reportedly stealing data belonging to 9 million Austrian citizens through a misconfigured cloud database.
The attack was initially discovered in May 2020 and concerned the Fees Info Service (GIS) – the organisation responsible for collecting TV and radio licence fees in the country.
It revealed at the time that it had suffered a data breach, with data previously stored by the GIS, belonging to Austrians, was discovered on a dark net marketplace.
The hacker, whose identity has yet to be revealed, was arrested in the Netherlands in November 2022, Austria’s Federal Criminal Police Office (Bundeskriminalamt/BK) revealed on 25 January, as reported by Die Presse.
The BK said the GIS had hired an unnamed IT company based in Vienna to restructure its internal databases. The databases contained information on citizen locations to help it track anyone attempting to avoid paying a broadcast fee.
An employee belonging to the company reportedly used the GIS data during a test and left a database online without securing it. Investigators said the hacker found the data through a search engine ‘that wasn’t Google’.
The data is thought to have affected nearly all Austrian citizens, as it has a population of around 9.1 million. The information included names, dates of birth, and registration addresses, said Klaus Mits, department head for the Cybercriminal Police Office in the BK.
The police were alerted by New Zealand authorities that an individual was trying to sell the data on notorious online hacker haven RaidForums using the name “DataBox”. Investigators then secretly bought the data for an amount of money they said was in four digits.
The culprit’s identity was then confirmed after a German server used by the hacker to store the downloaded data was seized and analysed. Investigators also found that the money for the data was exchanged in a cryptocurrency which the police said was easy to recognise.
Austrian police then contacted the Dutch authorities, and together they determined that the hacker had downloaded other information, in addition to the 9 million Austrian records, taken from around 130,000 databases.
The data wasn’t only from Austria – it included records on individuals from the Netherlands, the UK, China, Colombia, and Thailand. The hacker was also selling health data belonging to patients located in these other countries.
“The rapidly growing cyber crime will continue to be fought with all vehemence and new methods in the future,” said Gerhard Karner, interior minister at the Austrian government.
“This case shows how important and necessary investigations in cyber space are. Our investigators have the know-how and no perpetrator should be sure of being able to disappear into the anonymity of the internet.”
IT Pro has contacted NCSC for comment on the UK data involved.
What does this mean for Austrian citizens?
“This could happen to any other nation. They all depend on third parties, they all have insiders that may be unhappy, and they all have access to such data elements,” Andreas Wuchner, a former global CISO and current cyber security advisor, said to IT Pro.
“Similarly, they are all facing shortages of resources and budgets alongside a rapid shift to the cloud and self-service functionalities. It’s a perfect storm, so this breach shouldn’t really be a surprise to anyone.
“That’s not to minimise the concern that citizens in Austria and across Europe should be facing. This registration data could make it very easy to impersonate someone, register for digital services and so on,” he added.
It revealed at the time that it had suffered a data breach, with data previously stored by the GIS, belonging to Austrians, was discovered on a dark net marketplace.
The hacker, whose identity has yet to be revealed, was arrested in the Netherlands in November 2022, Austria’s Federal Criminal Police Office (Bundeskriminalamt/BK) revealed on 25 January, as reported by Die Presse.
The BK said the GIS had hired an unnamed IT company based in Vienna to restructure its internal databases. The databases contained information on citizen locations to help it track anyone attempting to avoid paying a broadcast fee.
An employee belonging to the company reportedly used the GIS data during a test and left a database online without securing it. Investigators said the hacker found the data through a search engine ‘that wasn’t Google’.
The data is thought to have affected nearly all Austrian citizens, as it has a population of around 9.1 million. The information included names, dates of birth, and registration addresses, said Klaus Mits, department head for the Cybercriminal Police Office in the BK.
The police were alerted by New Zealand authorities that an individual was trying to sell the data on notorious online hacker haven RaidForums using the name “DataBox”. Investigators then secretly bought the data for an amount of money they said was in four digits.
The culprit’s identity was then confirmed after a German server used by the hacker to store the downloaded data was seized and analysed. Investigators also found that the money for the data was exchanged in a cryptocurrency which the police said was easy to recognise.
Austrian police then contacted the Dutch authorities, and together they determined that the hacker had downloaded other information, in addition to the 9 million Austrian records, taken from around 130,000 databases.
The data wasn’t only from Austria – it included records on individuals from the Netherlands, the UK, China, Colombia, and Thailand. The hacker was also selling health data belonging to patients located in these other countries.
“The rapidly growing cyber crime will continue to be fought with all vehemence and new methods in the future,” said Gerhard Karner, interior minister at the Austrian government.
“This case shows how important and necessary investigations in cyber space are. Our investigators have the know-how and no perpetrator should be sure of being able to disappear into the anonymity of the internet.”
IT Pro has contacted NCSC for comment on the UK data involved.
What does this mean for Austrian citizens?
“This could happen to any other nation. They all depend on third parties, they all have insiders that may be unhappy, and they all have access to such data elements,” Andreas Wuchner, a former global CISO and current cyber security advisor, said to IT Pro.
“Similarly, they are all facing shortages of resources and budgets alongside a rapid shift to the cloud and self-service functionalities. It’s a perfect storm, so this breach shouldn’t really be a surprise to anyone.
“That’s not to minimise the concern that citizens in Austria and across Europe should be facing. This registration data could make it very easy to impersonate someone, register for digital services and so on,” he added.
Source : ITPro