Cybercrime suspects often young, increasingly armed: Dutch police

Young cybercriminals in the Netherlands are increasingly armed, the police and Public Prosecution Service (OM) said in a new report on developments in cybercrime. The police regularly confiscate firearms, ammunition, and explosives from young suspects of online crime, some of whom are underage. Half of cybercrime suspects are younger than 25 years old.

According to Koen Hermans, the national cybercrime prosecutor, young people active in the drug trade have also discovered cybercrime as a way to make quick money. “Then you are talking about boys of 16, 17 years old who simply buy everything, such as call scripts for fraud or phishing panels. We see more and more mixing between traditional crime and cybercrime,” he told NOS. These kids often walk around armed, introducing firearms into the online crime world.

But there are also young cybercriminals who are not involved in the drug trade and arming themselves, Hermans said. “We found a young programmer with a firearm under his office chair. He earned a lot of money through criminal activities and said he had to be able to defend himself if something happened.” The OM cannot say exactly how many cybercrime suspects have firearms, but the police and prosecutors who deal with cybercrime widely recognize an increase.

The authorities are very concerned about the young age of cybercrime suspects. Half are younger than 25, and a significant number are underage. “I recently had a case with a suspect who programmed phishing panels, and very good ones at that. We initially thought we had the wrong person, but it turned otu to be a 14-year-old boy,” Hermans said. The police also once caught a 12-year-old carrying out DDoS attacks at school. “At the age of 17, he turned out to be a member of a global criminal organization that extorted companies,” Hermans said.

The OM and police called for a broader approach to cybercrime, with municipalities, schools, and companies doing more to deter young people from committing online crimes.

The report noted some shifts in cybercrime. In addition to young drug criminals finding their way to online crime, the authorities also noted that cybercriminals are no longer using ransomware to extort companies. After the many ransomware attacks in recent years, companies have started to make better backups. So instead, criminals break into their servers, steal their data, and threaten to make it public or sell it if the company does not pay.

Another striking development is that perpetrators are increasingly combining information from data leaks to obtain the best possible profile of their victims, enabling them to run more convincing phishing scams or fraud. Datasets with information about things like hobbies and pets are sold for more money. The report mentions a man sentenced to 4 years in prison in November for trading in stolen data. He had 4,000 different databases with millions of personal data. According to the authorities, it is plausible that he had data for every single Dutch person.