Thursday, March 29, 2012

Breaching Hundreds of KPN Servers

          Dutch Police Arrest 17-year-old Suspected of The Dutch High Tech Crime Team has arrested a 17-year-old suspected of compromising customer account data on hundreds of servers belonging to telecommunications operator KPN. The teenager was arrested last Tuesday in the Dutch town of Barendrecht, where police seized an encrypted computer, two laptops and other storage media including external hard drives, DVDs and USB sticks, the Dutch Public Prosecution Service announced on Monday.

          "He has made a confession," said Wim de Bruin, spokesman for the Public Prosecution Service.
The arrested teenager called himself "xS", "Yoshioka" and "Yui" online, and is suspected of breaching the security of hundreds of KPN servers last January, compromising user data and damaging KPN's infrastructure, said the Prosecution Service.

          KPN, the biggest telecom operator in the Netherlands, was forced to overhaul its systems to get rid of installed malicious software after the hack was discovered. The National Cyber Security Center of the Netherlands also assessed the security breach and concluded that national security was not compromised.In the wake of the hack, KPN suspended access to 2 million email accounts and asked users to change their passwords, after account details of KPN customers were leaked on Pastebin in early February. The KPN data that appeared online was filtered from the captured database.

          The arrested teenager was followed online for weeks and the Dutch police collaborated closely with the Cyber Terror Response Center in South Korea and the Australian Federal Police, according to the Prosecution Service. A person using the aliases "Yui", "Yoshiaka' and "xS", appeared to have bragged about the KPN hack in a chat channel for students at the Korea Advanced Institute of Science and Technology (KAIST), the prosecution said.

          Besides hacking KPN the 17-year-old is also suspected of hacking computers at KAIST and at Trondheim University in Norway, and of breaching the security of Tokohu University in Japan. He is also thought to have been running a website used for selling stolen credit card data, according to the prosecution.
According to De Bruin the teenager did not confess to the other allegations. "Those are still being investigated," he said.

          After the teenager's arrest, a judge ruled that he was to be kept in custody for at least two weeks. After that period, the Prosecution Service will assess if he has to be kept in custody, or can be freed until his trial. The suspect has legal support from a solicitor and was visited by the Dutch council for child protection, said the Prosecution Service. According to De Bruin, the maximum penalty the teenager faces is two years in prison. The maximum penalty is reduced due to his age. "For an adult the maximum penalty would be six years imprisonment," De Bruin said.

           In the wake of the hacking, KPN said last week it will appoint a Chief Security Officer (CSO), and later this year will set up a permanent control center to monitor its systems. The company has replaced the compromised systems and will spend months checking the security of all its other systems.

0 comments:

Post a Comment