Full Report
Bungled link handed over sensitive docs, and when recipient didn't cooperate, police opted for cuffs Dutch police have arrested a man for "computer hacking" after accidentally handing him their own sensitive files and then getting annoyed when he didn't hand them back.…
Analysis Summary
# Incident Report: Unauthorized Access via Misconfigured Police Data Link
## Executive Summary
Dutch police accidentally provided a download link containing sensitive files to a member of the public in Ridderkerk instead of a secure upload link. When the recipient refused to delete the data and allegedly attempted to negotiate for its return, authorities arrested him for "computer hacking" (computervredebreuk). The incident resulted in the exposure of an undisclosed volume of confidential police documents and a secondary police investigation into the recipient.
## Incident Details
- **Discovery Date:** February 12, 2026
- **Incident Date:** February 12, 2026
- **Affected Organization:** Politie (Dutch National Police)
- **Sector:** Government / Law Enforcement
- **Geography:** Ridderkerk, Netherlands
## Timeline of Events
### Initial Access
- **Date/Time:** February 12, 2026
- **Vector:** Human Error / Misconfiguration (Insecure Direct Object Reference)
- **Details:** A citizen contacted police to share evidence. An officer sent a URL intended to be an upload portal, but the link instead granted download access to a repository of confidential police files.
### Lateral Movement
- **N/A:** The individual gained access directly to the data repository via the provided link; no network lateral movement was reported.
### Data Exfiltration/Impact
- **Details:** The individual accessed and downloaded confidential police documents. Upon being discovered, the individual allegedly refused to delete the files, reportedly demanding "something in return" for the data.
### Detection & Response
- **Detection:** Police identified the error shortly after sending the link and contacted the recipient.
- **Response actions:** Police demanded deletion; when the recipient refused, they initiated a criminal investigation, arrested the 40-year-old suspect on February 15, searched his residence, and seized all digital storage media.
## Attack Methodology
- **Initial Access:** Misconfiguration/Human Error (Recipient provided authorized link to unauthorized data).
- **Persistence:** Local storage (files were downloaded to the suspect's devices).
- **Privilege Escalation:** None; access was granted by the administrator (police officer).
- **Defense Evasion:** N/A.
- **Credential Access:** N/A.
- **Discovery:** Browse-and-click via a provided web link.
- **Lateral Movement:** N/A.
- **Collection:** Direct download of exposed files.
- **Exfiltration:** Standard web download.
- **Impact:** Compromise of confidential law enforcement documentation.
## Impact Assessment
- **Financial:** Undisclosed; costs associated with the raid, seizure, and forensic analysis of the suspect's devices.
- **Data Breach:** Exposure of confidential police documents (Scope and sensitivity unspecified).
- **Operational:** Police resources diverted to conduct a criminal investigation into their own data leak.
- **Reputational:** High; public criticism regarding the arrest of a citizen for an error committed by law enforcement.
## Indicators of Compromise
- **Network indicators:** hxxps[://]politie[.]nl (Official domain involved in the link delivery).
- **File indicators:** Digital storage devices seized from the Ridderkerk residence.
- **Behavioral indicators:** Refusal to comply with "cease and desist" requests; attempted extortion/negotiation regarding sensitive data return.
## Response Actions
- **Containment measures:** Attempted verbal demand for data destruction.
- **Eradication steps:** Physical seizure of storage devices via a police raid to ensure no copies remained.
- **Recovery actions:** Reporting the incident as a formal data breach to relevant oversight authorities.
## Lessons Learned
- **Key takeaways:** Human error in selecting "Upload" vs "Download" permissions can lead to a total compromise of data confidentiality.
- **What could have been done better:** The police systems should have strict RBAC (Role-Based Access Control) that prevents individual officers from generating broad "Download" links for sensitive repositories.
## Recommendations
- **Technical Safeguards:** Implement "Upload-Only" portals that use unique, one-time tokens and lack any directory listing capabilities.
- **Procedure Training:** Officers should undergo mandatory training on the platform used to receive evidence from the public.
- **Audit Logging:** Ensure all generated links are logged and reviewed to catch misconfigurations before they are shared externally.