The Dutch police have arrested a man after he accidentally received confidential files via a link. The man refused to delete them.
The Dutch police have detained a man from Ridderkerk for unauthorized computer access. The man had received a download link containing confidential files from the police themselves. After the police discovered the mistake and asked the man to delete the files, he refused. He felt he was entitled to compensation.
The police saw the matter differently and raided the man’s home. Data carriers were seized and the man in question was arrested. The police have reported the data breach and are conducting an investigation.
The ball started rolling when the suspect contacted the police himself because he possessed footage that was allegedly relevant to an unrelated investigation. The police services then sent the man a download link to confidential documents instead of an upload link to share the files.
Reverse phishing
Via the police’s reverse-self-phishing link, the man unintentionally obtained files he was not permitted to view. It is unclear which documents are involved. When the police noticed the error, the suspect was requested to delete the files. The man refused and argued that he should receive something in return.
That “something” turned out to be an arrest and a house search. The Dutch police stated: “If you are sent a download link when you know you should have received an upload link, are then clearly told not to download, and choose to download the files anyway, you may be guilty of unauthorized computer access. The recipient can reasonably assume that the download link and the files shared with it are not intended for them.”
Ransomware hacker?
That also seems a bit short-sighted. If you are expecting a link (to upload), it is not illogical to click on it. However, by refusing to delete the files and asking for a ransom, the man in question very quickly settled into his unplanned role as a ransomware hacker.
Whether it effectively constitutes ‘unauthorized computer access’ when you phish yourself by sharing a link to your own files with an external party under other pretenses remains to be seen in the investigation.