Feeds

Pirate Bay Warg accused of hacking international police database

Danish cops and taxmen also raided

SANS - Survey on application security programs

Pirate Bay co-founder Gottfrid Svartholm Warg has been named as a suspect in the hacking of a European database containing data about wanted criminal suspects and missing people.

According to Denmark's justice minister, two hackers are alleged to have accessed "some information" from the Schengen Information System, a controversial database which allows cops from 26 countries to share information. They are also accused of hacking into Denmark's police driving register, which contains personal identity numbers, and databases held by the Tax Authority and the Modernisation Agency.

A 20-year-old Danish man was detained on Wednesday in connection with the case but 28-year-old Warg is currently languishing in a Swedish prison ahead of a trial for what authorities previously described as the biggest hack in the country's history. He was arrested in Cambodia during September of last year at the request of Swedish police before being deported back to his home country.

Under Danish privacy laws, the police are not allowed to officially name the suspects. But speaking to the Associated Press, a government source was quoted as saying one of the suspects was the Pirate Bay old hand.

National police chief Jens Henrik Hoejbjerg said that about four million pieces of data were copied, but was not able to find any evidence that they had actually been used in any illegal manner. He reassured the Danish public, telling them that some hackers access sensitive data for financial gain, while others do it just to show they can. Sweden's Security and Intelligence Agency has now been tasked with making sure the country is safe from any further cyber attacks.

It has been widely reported that the databases were held on systems operated by CSC, a major American IT firm. The Register has contacted CSC's UK office to confirm this and we are currently awaiting a response.

Danish Justice Minister Morten Boedskov said: "This is a very serious hacking attack on Danish police registers."

"I can fully understand people who are worried about a security failure involving police registers, and I can fully understand those who want an answer as to whether the failure has any influence on their affairs,” he added.

Before appearing in a Danish court Warg will first face trial in Sweden, where police have claimed a group of hackers accessed the personal data of thousands of people held by IT firm Logica, by hacking into the firm's IBM mainframe, resulting in the online publication of 9,000 personal identity numbers. These hackers also tried to transfer large sums of money from accounts held by the the Nordea Bank, according to the police.

If Warg is found guilty in Sweden, he may have to serve his sentence before being deported to Denmark to face the next case, although the exact details of this have not been made clear.

Danish cops were first tipped off about the alleged hack attack when Swedish bobbies handed them a Danish IP address they uncovered during an investigation into the Logica incident. Danish police then realised their own databases had been attacked.

The unnamed Danish man has plead not guilty, while Warg has yet to enter a plea. The Danish suspect will be held for four weeks before facing trial.

The European Commission's website says the Schengen Information System is used by "border guards as well as by police, customs, visa and judicial authorities throughout the Schengen Area". Britain and Ireland are not part of the Schengen Area, which is the name for a bloc of nations that agreed to allow their citizens to freely travel by dropping passport and immigration controls at their borders. The site continues:

It holds information on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons, in particular children, as well as information on certain property, such as banknotes, cars, vans, firearms and identity documents, that may have been stolen, misappropriated or lost. Information is entered into the SIS by national authorities and forwarded via the Central System to all Schengen States. The SIRENE Manual lays down the procedures for EU States' exchanges of supplementary information on alerts stored in SIS.

®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.