When a cyberattack destroyed everything from Swedish supermarkets to New Zealand kindergartens this month, a Dutch hacker organization let out a collective sigh of frustration: they had come so close to arresting him.
If the Dutch Institute for Vulnerability Disclosure (DIVD) is obscure, it corresponds to its discreet presence on the Internet.
This volunteer army of unpaid tech geeks has quietly prevented many cyberattacks since 2019 by locating holes and software that can be exploited by hackers.
“You can see us as volunteer firefighters,” President Victor Gevers said in an interview from his home in The Hague, with a dog hitting its ankles.
“Your space is on fire, flames come out and then other random people with a Dutch accessory show up and start putting out the fire. “
The bearded hacker refused to give his age, yet he has been making those “responsible revelations” for nearly two decades.
The most you notice is that he effectively accessed Donald Trump’s Twitter account, once, but twice.
– ‘Oh my God, why him?’ –
Just before the 2016 US election brought Trump to power, Gevers and two friends made sure the then-candidate wasn’t using a password that had already been leaked online.
A massive LinkedIn hack in which the password “yourefired” (Trump’s slogan from his days on the TV screen The Apprentice) had been used for an account on his call on the business networking site.
And after the same password on Twitter with several other email addresses, the Dutch hackers were horrified to see Trump’s non-public page loading before their eyes.
They were quick to tell Trump’s crusade and U. S. authorities, noting that if they could only get their account, other malicious hackers could do the same, but they never received a response.
So when Gevers controlled to hack Trump’s Twitter last year, this time with the password “maga2020!”, “His center was strained. “
“Honestly, it was like ‘Oh my God, why him?'” Gevers recalls. He knew he would have to make rigorous efforts to touch Trump, which would likely be ignored, while leaving his account open to attack.
This is an alarming prospect. Trump’s feverish presence on Twitter gave him a megaphone to speak directly to some 90 million people and, as the violence at the US Capitol a few months later showed, his messages were able to fuel an incendiary atmosphere.
“Imagine a tweet that said something like ‘start throwing axes at the police,'” Gevers said. “There would be a lot of fans who would be blind to him. “
This time, being ignored, the Gevers hack made headlines overseas and was a stressful criminal investigation.
While the White House denied this had happened, Dutch prosecutors said in December they were convinced gevers had earned Trump’s tally.
And fortunately for Gevers, they decided that he “met the criteria that have been developed in case law to get lost as a moral hacker. “
– Race opposite to ‘the boys’ –
This law provides for moral hackers to operate in the Netherlands than in countries such as the U. S. U. S. Or the U. K. , where raids on people’s accounts, even well-intentioned ones, carry greater legal risks, Gevers says.
He also founded the GDI, an “online chimney brigade” that runs internationally, from India to Portugal.
“We do these voluntary paintings because we have to leave anything smart for the next generation,” he said.
During the pandemic, volunteers have become increasingly involved in the weak problems of VPNs and other equipment that allow computers to be controlled remotely, equipment that is being used more and more, without end in view of the trend to run from home. .
Kaseya, the Miami-based IT company that was the target of a stunning cyberattack on July 3, had been at divd’s attractions for months. Thousands of companies use your software to manage their printer and computer networks.
Another DIVD researcher, Wietse Boonstra, had a major challenge with Kaseya’s software in April, and moral hackers had frantically helped the company expand a solution.
To their dismay, Russian-speaking hacking company REvil came first and exploited the vulnerability to mount a ransomware attack, encrypting the knowledge of a bunch of corporations and not easy $70 million in bitcoins in exchange for its launch.
“It sucks,” he said Gevers. No think the bad guys are faster, what bothers me is that there are victims. “
Piracy has affected around 1,500 international corporations and has erased the money records of Swedish supermarket chain Coop. Gevers works with the other people involved.
“If the Red Cross can help the sick around the world, why not us?Gevers said. ” The only thing is that we do it behind a keyboard. “