Dutch police have arrested the teen accused of sowing a period of chaos in national telecoms giant KPN that ended up with the company suspending customer access to 2 million email accounts.
Using the nicknames ‘xS’, ‘Yoshioka’ and ‘Yui’, the unamed 17 year-old is accused of launching attacks on a variety of organisations, including Norway's Trondheim University and the Korea Advanced Institute of Science and Technology (KAIST) in addition to several hundred KPN servers on 16 January.
The youth is said by prosecutors to have confessed to the hacks after being picked up on 20 March at his home in the town of Barendrecht along with laptops, an encrypted PC and other storage media.
It is the KPN attacks that had the most dramatic effects after the details of 539 user accounts turned up on Pastebin in early February. Aware for some days that their servers had been hacked and fearing a serious breach, KPN’s admins suspended access to the company’s 2 million email accounts as a precaution.
This now appears to have been unnecessary. The leaked account details had been stolen from the Baby-Dump.nl website by a separate hacker. The arrested suspect is accused of trading stolen credit card data.
KPN has been left severely embarrassed by events that saw a youngster access its core routers at will and its customers denied email service after a possible over-reaction. With 2 million account holders made to change their passwords, the company found itself making an unusual public apology and offering token compensation.
The server breach followed a serious incident in November 2011 when the company had to suspend issuing SSL certificates after its sales system was apparently undermined.
The company has now said it will create a cybersecurity unit headed by a chief security officer to avoid a repeat of the incursions.