In May 2020 it became known that data theft had taken place in the GIS (Gebühren Info Service GmbH) environment. But as has now become known, an arrest took place in the Netherlands in November 2022: The Federal Criminal Police Office informed journalists on Wednesday that a “very big fish” had been arrested – the suspected hacker.
Data of almost all Austrians affected
currently live in Austria , and the hacker got hold of 9 million pieces of data - practically the data of all Austrians. A breakdown at a Viennese IT company that was commissioned to restructure the GIS database gave the hacker access.
This restructuring of the database by subcontractors, a procedure that is quite common according to BK experts, served to track down possible avoiders of license fee payments. The database contained the names, dates of birth and registration addresses of all Austrian citizens.
“Hack” with a search engine
What's curious is how the Dutch hacker found the database: not through Google (that would be too easy), but through a special search engine that apparently also collects deep web data (i.e. data that is not normally collected by search engines).
An employee of the subcontractor apparently used the real GIS data for a test and posted it on the Internet without access protection, where it was estimated to be available for a week.
“DataBox”, the hacker’s pseudonym, then offered the data in a well-known hacker forum, which has now been taken down. The New Zealand authorities, who became aware of this, then cooperated with the Federal Criminal Police Office, using undercover investigators to purchase the data for a four-figure sum and thus getting the complex investigation rolling.
Transfers using cryptocurrencies can also be tracked!
The 25-year-old Dutchman probably thought he was on the safe side because he had the money for the data transferred using a cryptocurrency - a payment method that is generally considered anonymous, but actually is not.
“Every Bitcoin transaction, for example, is openly identifiable. The trick is to get from this internet data to real people.”
A BK specialist regarding the arrest
In extensive investigative steps, a server in Germany was secured, among other things, from which the data was downloaded. It became clear that the theft of the GIS data was not a single act by the hacker, but that he was actually a “big fish”.
Lots of data in the portfolio
As it turned out, the hacker had been internationally known to the police for some time. Apparently he had the contents of around 130,000 databases, which included data from Austria, the Netherlands, Thailand, China, Colombia and Great Britain, among others. The Dutchman is also said to have offered patient data.
He fell out with a large part of the Dutch hacker scene years ago, when he was still in the scene as a so-called “white hat”, i.e. as a hacker who pointed out vulnerabilities but did not take advantage of them - but that obviously changed: As a “black hat” who sold stolen data, there was certainly more to be made, although this was of course illegal.
Data can be used for fraud
It is precisely the combination of names, registration addresses and dates of birth that are worth their weight in gold for fraudsters who have also acquired the data: For example, they can use the dates of birth to track down older Austrians and then appear at the door as fake police officers.
Article image: Pixabay
Sources:
futurezone , DerStandard
Also interesting: vzbv calls for a stronger focus on consumers in the Cyber Resilience Act (CRA).
Consumers must be better protected against cyber attacks - Cyber risks: Better consumer protection required
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

