Original URL: http://www.theregister.co.uk/2013/06/07/pirate_bay_founder_named_as_suspect_in_paneuropean_police_database_hack/

Pirate Bay Warg accused of hacking international police database

Danish cops and taxmen also raided

By Jasper Hamill

Posted in Security, 7th June 2013 11:44 GMT

Pirate Bay co-founder Gottfrid Svartholm Warg has been named as a suspect in the hacking of a European database containing data about wanted criminal suspects and missing people.

According to Denmark's justice minister, two hackers are alleged to have accessed "some information" from the Schengen Information System, a controversial database which allows cops from 26 countries to share information. They are also accused of hacking into Denmark's police driving register, which contains personal identity numbers, and databases held by the Tax Authority and the Modernisation Agency.

A 20-year-old Danish man was detained on Wednesday in connection with the case but 28-year-old Warg is currently languishing in a Swedish prison ahead of a trial for what authorities previously described as the biggest hack in the country's history. He was arrested in Cambodia during September of last year at the request of Swedish police before being deported back to his home country.

Under Danish privacy laws, the police are not allowed to officially name the suspects. But speaking to the Associated Press, a government source was quoted as saying one of the suspects was the Pirate Bay old hand.

National police chief Jens Henrik Hoejbjerg said that about four million pieces of data were copied, but was not able to find any evidence that they had actually been used in any illegal manner. He reassured the Danish public, telling them that some hackers access sensitive data for financial gain, while others do it just to show they can. Sweden's Security and Intelligence Agency has now been tasked with making sure the country is safe from any further cyber attacks.

It has been widely reported that the databases were held on systems operated by CSC, a major American IT firm. The Register has contacted CSC's UK office to confirm this and we are currently awaiting a response.

Danish Justice Minister Morten Boedskov said: "This is a very serious hacking attack on Danish police registers."

"I can fully understand people who are worried about a security failure involving police registers, and I can fully understand those who want an answer as to whether the failure has any influence on their affairs,” he added.

Before appearing in a Danish court Warg will first face trial in Sweden, where police have claimed a group of hackers accessed the personal data of thousands of people held by IT firm Logica, by hacking into the firm's IBM mainframe, resulting in the online publication of 9,000 personal identity numbers. These hackers also tried to transfer large sums of money from accounts held by the the Nordea Bank, according to the police.

If Warg is found guilty in Sweden, he may have to serve his sentence before being deported to Denmark to face the next case, although the exact details of this have not been made clear.

Danish cops were first tipped off about the alleged hack attack when Swedish bobbies handed them a Danish IP address they uncovered during an investigation into the Logica incident. Danish police then realised their own databases had been attacked.

The unnamed Danish man has plead not guilty, while Warg has yet to enter a plea. The Danish suspect will be held for four weeks before facing trial.

The European Commission's website says the Schengen Information System is used by "border guards as well as by police, customs, visa and judicial authorities throughout the Schengen Area". Britain and Ireland are not part of the Schengen Area, which is the name for a bloc of nations that agreed to allow their citizens to freely travel by dropping passport and immigration controls at their borders. The site continues:

It holds information on persons who may have been involved in a serious crime or may not have the right to enter or stay in the EU. It also contains alerts on missing persons, in particular children, as well as information on certain property, such as banknotes, cars, vans, firearms and identity documents, that may have been stolen, misappropriated or lost. Information is entered into the SIS by national authorities and forwarded via the Central System to all Schengen States. The SIRENE Manual lays down the procedures for EU States' exchanges of supplementary information on alerts stored in SIS.

®