DataBreaches previously reported that Dutch police arrested a 25-year-old man from Almere in November of 2022. Erkan S., known as “DataBox” on RaidForums, has been in custody since then. He was charged with dumping the GIS (Gebühren Info Service GmbH) data of nine million Austrians and listing it for sale on RaidForums in May 2020. But that wasn’t his only listing.
According to reporting this week on AD.nl, Erkan S. offered sixteen databases for sale on RaidForums, including medical data of 4.4 million Colombians, information from members of the Royal Dutch Climbing and Mountain Sports Association, and data from Lazada. He allegedly sold two databases for a few thousand euros and was caught when Austrian agents pretended to be buyers of the GIS data “and eventually ended up in Almere. S. does not deny that he wanted to sell the dataset and offered other sets for sale.” [Google translated]
Why S. agreed to meet with the buyer and in his own locale was not explained, but the sale of GIS data was not the only charge against him. Based on official records, DataBox was suspected of four types of crimes: possession or making non-public data available, possession of phishing software and hacker tools, computer trespass, and habitual money laundering. According to om.nl, the habitual money laundering charge related to cryptocurrency transactions totaling 450,000 euros in 2022.
Erkan S. went on trial in Amsterdam yesterday. His defense was that some of the numerous datasets found in his possession were not his and that he had been given them by someone he would not name. He also claimed that the online wallets were not his and that he kept them for an online friend, whom he also declined to name.
Unsurprisingly, the prosecutor did not believe him and asked the court to impose a four-year sentence. Erkan’s lawyer argued that the theft of coins charge was not adequately proven and asked that charge be dropped.
The court will rule on June 19 (this is a bench trial, not a jury trial).
However the court rules next month, it will not be over for DataBox, a graduate of ROC in Amsterdam and, until his arrest six months ago, a data engineer for a properties management firm in Amsterdam. He is also a suspect in a second large case involving three arrests made in February that were also previously reported on this site. That case involves what may be dozens of victims from various sectors, hacking charges, and attempted extortion of companies, including Ticketcounter.
If S. is convicted and sentenced in the second case, whether any sentence would be served consecutively or concurrently is unknown to DataBreaches. It seems clear that the prosecution wants to make a point with these cases.
DataBreaches will continue to monitor these cases for developments.