Hacker sentenced to 7 years for major port cyberattacks
▼ Summary
– A Dutch man received a final seven-year prison sentence for computer hacking to facilitate drug trafficking and attempted extortion.
– He hacked port logistics systems in Rotterdam and Antwerp by using malware on USB sticks to import drugs undetected.
– The court rejected his appeal, which argued that evidence from the cracked Sky ECC encrypted chat service was obtained unlawfully.
– While one charge for importing 5,000 kg of cocaine was dropped, his other convictions for hacking and extortion were upheld.
– The hacker also attempted to resell malware and its instructions during a seven-month period in 2020 and 2021.
A Dutch court has handed down a significant seven-year prison sentence to a 44-year-old man for orchestrating sophisticated cyberattacks on major European ports to facilitate large-scale drug trafficking. This final ruling from the Amsterdam Court of Appeal brings closure to a complex case involving computer hacking, data exfiltration, and attempted extortion, highlighting the growing intersection of cybercrime and international narcotics smuggling. The defendant’s appeal, which argued that evidence from a cracked encrypted chat service was obtained unlawfully, was ultimately dismissed by the judges.
The individual targeted critical infrastructure at the ports of Rotterdam, Barendrecht, and Antwerp. His method involved compromising the IT systems of a port logistics company by using insiders, employees who inserted USB sticks loaded with malware into the systems. While it remains unclear whether these employees were deceived or offered bribes, their actions allowed the hacker to install a remote access tool. This breach enabled him to steal sensitive data from internal databases and monitor information as it moved through the port’s network, all with the goal of importing narcotics without detection.
“He is guilty of complicity in computer hacking,” the court stated, emphasizing that the cyber intrusions were deliberately executed to access port operating systems. This access was intended to covertly bring drugs into the countries, thereby directly supporting and enabling drug trafficking operations. The court found that the digital breaches were not isolated incidents but a calculated component of a broader criminal enterprise.
Between September 2020 and April 2021, the defendant also engaged in attempting to sell malware and detailed instructions on its use to other parties. This aspect of the case reveals his role in not just executing attacks but also in potentially proliferating cyber threats. Despite these serious charges, the court did dismiss one related accusation concerning the importation of 5,000 kilograms of cocaine, though it upheld all other convictions.
A pivotal element of the prosecution’s case relied on communications intercepted from the Sky ECC encrypted chat platform. Europol’s infiltration of this service in 2021, which led to numerous arrests, provided critical evidence. The defense argued that using these messages violated fair-trial rights, but the appellate court rejected this, noting a failure to substantiate claims of procedural misconduct. This underscores the ongoing legal and ethical debates surrounding law enforcement’s use of data from compromised encrypted services.
The final sentence consolidates convictions for computer hacking to aid drug trafficking, the actual importation of 210 kilograms of cocaine into the Netherlands, and the attempted extortion plot. The seven-year term reflects the severe nature of compromising national port security and critical logistics infrastructure for criminal gain. This case serves as a stark reminder of how cyber vulnerabilities in physical supply chains can be exploited, prompting continued investment in cybersecurity measures for vital economic and transportation hubs.
(Source: Bleeping Computer)
