A former Dutch cybersecurity professional, Pepijn Van der Stap, has been sentenced to four years in prison for hacking and blackmailing numerous companies in the Netherlands and around the world.
Van der Stap, along with his accomplices, engaged in cybercrimes targeting domestic and international companies between August 2020 and January 2023. They used blackmail tactics to extort money from these companies, threatening to release stolen data unless a ransom was paid. Additionally, Van der Stap infiltrated various networks to steal sensitive data, which he later sold on hacking forums.
In a detailed investigation conducted by the Dutch Public Prosecution Service, it was revealed that Van der Stap had been involved in these cybercrimes, including hacking into victims’ computers, extortion, and laundering at least 2.5 million euros in cryptocurrency. The court sentenced him to four years in prison, with one year being conditional, along with a three-year probationary period. Despite ongoing legal proceedings, not all affected organizations have reported their losses or been identified.
At one point, Van der Stap worked for Hadrian Security and volunteered at the Dutch Institute for Vulnerability Disclosure. He was also a member of hacking forums like RaidForums and BreachForums, where he traded and sold stolen sensitive data. These forums have faced law enforcement actions in recent years, as they were hubs for trading stolen databases. Van der Stap mentioned that most of his criminal hacking activities occurred before he started working in legitimate roles and expressed a desire to transition to ethical work in the cybersecurity field.