[DataBreaches] Umbreon Unplugged: Unraveling the Sequel to Failures

[github-actions[bot]]

On June 23, DataBreaches published the first of a series of interviews with Pepijn Van der Stap, aka “Umbreon.” Van der Stap, 21, was arrested in January and remains in detention, awaiting trial on charges that include hacking, data exfiltration, extortion, sale of stolen data, and money laundering.  At the end of the first article, DataBreaches invited people to submit questions for Pepijn. The first question, posed by one of his former colleagues, relates to the Hack_Right program and why Pepijn never really talked about it with them. For those not familiar with Hack_Right, it is a government diversion program intended to discourage cybercrime reoffending in young people who have already gotten into trouble and to encourage ethical hacking. The program’s partners include the Police and Public Prosecution Service (OM), Halt (the Netherlands’ juvenile crime agency), the Dutch Probation Service, and the Child Care and Protection Board. When the program opened in 2018, a number of companies volunteered to provide internships for Hack_Right participants.  Pepijn was reportedly one of the first young people to enter the Hack_Right project. But before we get to his experience with Hack_Right, the colleague’s question, and Pepijn’s thoughts on getting out of the scene when it feels impossible, we need to back up, because Hack_Right wasn’t Pepijn’s first encounter with the law stemming from illegal internet activities. This interview was conducted in English by telephone over a one-week period. The transcript has been edited for length and clarity. Dissent Doe (D):  How old were you the first time law enforcement came knocking on your door? Pepijn (P): I was about 12 when they made their unexpected visit. Memories of it only recently came back to me from EMDR therapy. I remember being in my living room and seeing the police looking in the window. I told my mother and we let them in. They met with her for a while, and I guess they were trying to explain to her what I had done. Then they met with me. D: What had you done? P:  I believe it started over an argument on Skype. I got angry at someone and I used 40 websites that I had previously shelled to DoS him. But it turned out that his father ran a business from their home and my actions were affecting his father’s business. Our internet service provider had even sent a message to us a few weeks before the police showed up, saying there was unusual activity from our home network. Of course, my mother had no idea what that was about. When the police came to talk to me, they told me that usually when they would go to a child’s house to talk to them, it would be for something like theft. They said this was the first time in their lives that they came to talk to a child about something on the internet. D: You had shelled dozens of websites by age before age 12? How did you learn to do that and why did you even want to learn to do that at that age? P:  I pretty much taught myself when I was around 10. But at an even earlier age, I had gotten curious about things. Like when I noticed that when I logged in to a website, I could see my name in the corner of the screen.  I wondered why other kids could see their names on their screens when we were on the same website. It got me interested in programming in PHP. At around the same time, I got on Skype with the other kids I had been gaming with and I witnessed them shelling websites. That sparked more curiosity to explore it myself. I began researching and experimenting, which led me to discover my first n-day vulnerability which I decided to use. I could put some code on a website, but to be honest, I didn’t really understand what I was doing or what it could do. I was pretty much just a script kiddie at that time. D: Did the police give you a stern lecture and a warning or threaten you with jail or what? P: They let me off with a warning. But that became a defining moment in my life. It stirred up a lot of emotions. I felt fear, shame, confusion, and remorse. A lot of other things happened as a result that sent my life on a downward course. I do not want to talk about those things. D: That’s okay. So what happened that actually led to the Hack_Right program? How old were you and what had you done? P: I think I was about 16. I was going to a school for computer studies and I wanted to get a certificate. I  was in the first year of the program and was really bored after a few weeks. So I did something to the school network. I’m not allowed to discuss details of what happened. D:  Did the school report you to the police? Are you allowed to say? P: Yes. But the director of the school didn’t suspend me. They gave me an assignment to write out what I had done. I wrote them about 30-50 pages about their security and my recommendations. They were very grateful for that. I also had to give them something on my self-reflections. So some good came out of it because the director saw that I was bored and was way ahead of the program. After the first few weeks in their program, they skipped me to the next year. He helped me get through the program much faster — like in two years instead of three or four. I think it was about a year later — in 2019 or so — when the police finally got around to my case. I met with them, and they mentioned the Hack_Right project. They wouldn’t tell me how long I might be in jail if I didn’t choose to go […]

https://www.databreaches.net/umbreon-unplugged-unraveling-the-sequel-to-failures/

[github-actions[bot]]

This issue is stale because it has been open 1 day with no activity. Remove stale label or comment or this will be closed in 1 day.

[github-actions[bot]]

This issue was closed because it has been stale with no activity.