A suspected hacker was charged today with breaking into the police’s IT system and stealing vast amounts of private information including social security (CPR) numbers.
The 20-year-old Dane was arrested yesterday following a police investigation that was started in January when Swedish authorities alerted the Danish national police, Rigspolitiet, that their IT system may have been broken into.
Gottfrid Svartholm Warg, the notorious Swedish hacker and co-founder of filesharing website the Pirate Bay, has also been charged by the Danish police, who are demanding his extradition.
Warg is currently in custody in Sweden after being arrested on suspicion of hacking into the bank Nordea and the Swedish equivalent of the CPR register, the Folkbokföringsregistret.
The Danish suspect is accused of hacking into Rigspolitiet’s IT system, which is run by CSC, a computer firm that protects a number of sensitive databases belonging to the police and other public authorities.
The IT professional, whose name was not released, is charged with stealing around 4,000,000 pieces of information from CSC’s database last year and passing them onto Warg, who attempted to use them to earn money.
The data included the email addresses and passwords of 10,000 policeman as well as CPR numbers from the driving licence database and information about wanted persons in the Shengen region.
Rigspolitiet chief Jens Højberg stated in a press release that much of the stolen data was not legibile and that CPR numbers stolen from the driving licence database were not connected to people’s names.
Despite there being no evidence the hackers had abused the information, Højberg said that the incident was very serious.
“It’s a major attack on the IT system used for the police databases and which we expect CSC to protect for us,” Højberg stated. “That is why the police are treating the case very seriously. It is of course completely unacceptable that it was possible to access the police’s database despite the very high security standards that we demand and expect from our contractors.”
Rigspolitiet has called upon the domestic intelligence agency, PET, and the counter-cybercrime division of defence intelligence agency FE to help with the investigation.
“We will assess the extent of the security breach and whether other public IT systems have been affected, and also to ensure that the necessary security measures are taken to remedy the situation,” Jacob Scharf, the head of PET, wrote in a press release. “The police’s IT systems will be thoroughly examined.”