[DataBreaches] I had been chatting with a blackhat. They had been working with a whitehat. We were both dealing with the same person.

On April 18, DataBreaches reported that more details had emerged on the arrest of three men by Dutch police in January. The three were suspected of hacking and extorting victims in the Netherlands and elsewhere, obtaining and selling data online, and money laundering. A fourth person linked to the suspects known as “DataBox” had previously been arrested in November 2022 and had been detained with restrictions until the arrest of the other three in January. DataBox, whose real name is Erkan Sezgin, has subsequently been sentenced in a separate case, and may be facing other charges in connection with alleged crimes by the others. According to the police statement in April about the other three, the prosecution’s prime suspect was a 21-year old man in Zaandvort. A media report at the time revealed that he was employed by Hadrian Security and that he also donated many hours each week at the Dutch Institute for Vulnerability Disclosure (DIVD) Foundation, where he would responsibly disclose vulnerabilities and help entities secure themselves. His name was reported as Pepijn van der S. With a little OSINT research, DataBreaches found and reported some of his usernames and accounts. DataBreaches also discovered the full names of all three suspects, but consistent with Dutch authorities, only reported their first names and last initials at the time. Days later, DataBreaches obtained other filings from the prosecutor and was somewhat stunned to spot some email addresses and other details that she recognized as being associated with a hacker she had been chatting with online since 2021. Less than 24 hours later, DataBreaches would get absolute confirmation that Pepijn Van der Stap was the blackhat hacker she knew as “Umbreon.” Since his arrest, Van der Stap has been detained. DataBreaches has heard from him on a fairly frequent basis by phone since April. He is not allowed to have any computer or internet access. Over the last two months, we have discussed his current situation, his treatment, his past, and his thoughts and hopes for the future. In this post, DataBreaches will start to relate some of what we have discussed. Because Van der Stap has neither been tried nor sentenced yet and his calls may be monitored, there are certain questions he cannot answer now or cannot answer in detail now. We will get to those questions or details in the future. The interview for this article was conducted by phone, in English, over days, and was recorded, but because the phone quality was poor and broke up at times, the following has been edited for clarity and length. D: Let’s start with aliases. I knew you as Espeon and then Umbreon. What were some of the other usernames that people might have known you by? P: There were several that I used. I cannot give you all of them now, but they included Lizardom, Egoshin, Espeon, Umbreon, Togepi, OFTF, and Rekt. D: I also knew you from RAIDForums and BreachForums, but what other forums did you frequent? P: I was on a bulletin board called Baphomet (no connection to the Baphomet who is the administrator on BreachForums), and I was also on Sinister.li, HackForums, Leakforums, and Maza. D: A Dutch media report I read described you as an “inverted cyber-Batman” because you were working at Hadrian Security during the day, DIVD at night, and according to the police, on dark matters at other hours of the night. Do you think “inverted cyber-Batman” is a good description of you? P: Media reporting on me has been exaggerated at times. I was never like Mr. Robot or ZeroCool. I was not trying to expose any companies for corporate greed or anything and I was not acting out of some ideology. I don’t have a cool cape or gadgets and this is not a joking matter. I’m just a person and I made mistakes. Any suggestion that I was up all night hacking is also wrong. I was exhausted from my day job and volunteer work and was trying to sleep at night. The majority of my criminal hacking activities took place before I started doing lawful work. I had already started cutting back on blackhat hacking before I started working for whitehat entities. Once I began working in legitimate jobs, I really started dedicating my skills to ethical purposes. For about 16 months before my arrest, I was not engaged in much illegal activity and wanted to get out altogether. But as much as I wanted to get out, it felt impossible at times. Note: Van der Stap estimates that in his volunteer work with DIVD, he made about 300,000 responsible disclosures to help entities secure themselves and he’s very proud of that. He also claims that he never misused access or any information he obtained while working with either group. Investigations by both organizations have reportedly found no evidence of any misuse of access or information. Some of his colleagues continue to support him as a person although they were all shocked to learn of his illegal activities and immediately terminated his access to their systems and his roles with them. D: On numerous occasions in our chats before you were ever arrested, you had mentioned suffering from Post Traumatic Stress Disorder (PTSD), panic attacks, flashbacks, insomnia, migraine headaches, anxiety, and paranoia. You said that at times, your anxiety was so severe that you’d temporarily lose consciousness. I would guess that being arrested and not knowing what you will be sentenced to would be very stressful, but in the past few weeks, you have sounded a lot stronger and with better mood and better mental health. Do you still have all the problems you told me about in the past? P: Migraines and panic attacks were unwelcome companions of my life at one point. But the walls that have confined me here physically have been a catalyst for self-reflection and growth. I have been getting EMDR therapy for my PTSD, and it has already helped me a lot. I […]

https://www.databreaches.net/i-had-been-chatting-with-a-blackhat-they-had-been-working-with-a-whitehat-we-were-both-dealing-with-the-same-person/

hinoshiba / news

[DataBreaches] I had been chatting with a blackhat. They had been working with a whitehat. We were both dealing with the same person. #736