Dutch police have arrested a man for “computer hacking” after accidentally handing him their own sensitive files and then getting annoyed when he didn’t hand them back.
The Politie said on Monday that a 40-year-old man from Ridderkerk was arrested on Thursday after he wound up with confidential documents thanks to what officers acknowledge was their own cock-up.
The chain of events reads less like a breach and more like an own goal. In connection with a separate investigation, the man contacted the police on February 12 to report he had images that might be relevant. An officer responded by sending him a link so he could upload the files – except the link sent was a download link, effectively giving him access to confidential police documents.
The man did not actively break in or exploit a vulnerability in the traditional sense; he simply clicked the link he was given and gained access to material he was never meant to see.
Dutch cops say they told him to stop and delete the material, but he allegedly refused, saying he would only do so if he “received something in return.”
He did, in the end, get something in return – a trip in the back of a police car.
Officers arrested the man Thursday evening, searched his home, and seized data storage devices to recover the documents and prevent them from being shared further. Police say they have also reported the incident as a data breach and are continuing their investigation.
Police also offered a lesson in link etiquette, writing: “If you receive a download link knowing you should be receiving an upload link, are clearly told not to download, and then choose to download the files anyway, you may be guilty of computer trespassing.”
Authorities have not disclosed what kind of documents were exposed, how sensitive the haul was, or whether the stash included personal data or files tied to ongoing investigations. The Dutch police did not respond to The Register’s questions.
The charge cited is “computervredebreuk,” which is broadly equivalent to unauthorized access to computer systems, though the circumstances – namely that the access was the result of a police blunder – may raise uncomfortable questions about where liability actually sits when the front door is left wide open. ®