Changing roles from a security guard to a cybercriminal ended with a prison sentence.
In Amsterdam, the trial ended, in the center of which turned out to be 21-year-old Pepein Van der Stap, a former ethical hacker. Pentester was found guilty of committing a series of cyber attacks against more than 10 companies in the Netherlands and abroad,as well as blackmail and money laundering.
Van der Stap's total sentence is 4 years, of which he must actually spend 3 years in prison, and the last year is suspended. That is, if the defendant shows good behavior and does not commit new crimes during the 3-year probation period, then he will not have to serve the fourth year in prison.
The decision was the result of an investigation by the Dutch Prosecutor's Office, which revealed that the young man was engaged in hacking, extortion and laundering of cryptocurrencies in the amount of more than 2.6 million euros.
According to the investigation, from August 2020 to January 2023, Van der Stap, along with his accomplices, attacked the systems of companies, threatening to publish stolen data for purposes and extorting money from victims. During the searches, various hacking tools and stolen personal data of millions of people were found in Pentester's computer. Information was actively sold and exchanged on hacker forums, including RaidForums and BreachForums, where Van der Stap was known under various pseudonyms.
The scandal became particularly acute after it became known that Van der Stap worked as a cybersecurity researcher at the Dutch Institute for Vulnerability Disclosure (DIVD) and had access to confidential information. Moreover, Van der Stap was involved in confidential DIVD investigations. Such details added ambiguity to his identity, as during the day he helped protect information systems, and at night he was engaged in cybercrime activities.
In an interview with the site DataBreaches.net Van der Stap claimed that most of his illegal activities occurred before he began his career in cybersecurity and that he had practically stopped engaging in criminal activities 16 months before his arrest. However, according to him, it was not easy to completely get out of the underground world.
The investigation against Van der Stap began after the Amsterdam-based company filed a complaint in March 2021. At the moment, not all affected organizations have published information about the extent of damage and the fact of attacks. The case opened up a discussion about the importance of integrity checks, even among information security professionals.
In Amsterdam, the trial ended, in the center of which turned out to be 21-year-old Pepein Van der Stap, a former ethical hacker. Pentester was found guilty of committing a series of cyber attacks against more than 10 companies in the Netherlands and abroad,as well as blackmail and money laundering.
Van der Stap's total sentence is 4 years, of which he must actually spend 3 years in prison, and the last year is suspended. That is, if the defendant shows good behavior and does not commit new crimes during the 3-year probation period, then he will not have to serve the fourth year in prison.
The decision was the result of an investigation by the Dutch Prosecutor's Office, which revealed that the young man was engaged in hacking, extortion and laundering of cryptocurrencies in the amount of more than 2.6 million euros.
According to the investigation, from August 2020 to January 2023, Van der Stap, along with his accomplices, attacked the systems of companies, threatening to publish stolen data for purposes and extorting money from victims. During the searches, various hacking tools and stolen personal data of millions of people were found in Pentester's computer. Information was actively sold and exchanged on hacker forums, including RaidForums and BreachForums, where Van der Stap was known under various pseudonyms.
The scandal became particularly acute after it became known that Van der Stap worked as a cybersecurity researcher at the Dutch Institute for Vulnerability Disclosure (DIVD) and had access to confidential information. Moreover, Van der Stap was involved in confidential DIVD investigations. Such details added ambiguity to his identity, as during the day he helped protect information systems, and at night he was engaged in cybercrime activities.
In an interview with the site DataBreaches.net Van der Stap claimed that most of his illegal activities occurred before he began his career in cybersecurity and that he had practically stopped engaging in criminal activities 16 months before his arrest. However, according to him, it was not easy to completely get out of the underground world.
The investigation against Van der Stap began after the Amsterdam-based company filed a complaint in March 2021. At the moment, not all affected organizations have published information about the extent of damage and the fact of attacks. The case opened up a discussion about the importance of integrity checks, even among information security professionals.
