Europol data on terrorism investigations was accessible via the internet
The TV program Zembla has found more than 700 pages of digital Europol documents on a network drive connected to the internet. The documents concern analyzes of terrorist groups, including the Hofstad group.
The files had been taken home by an employee of the National Police against the rules and ended up via a backup on a Lenovo iOmega network drive, according to Zembla. This drive did not have a password and was accessible via the Internet. The police officer was employed by Europol until the beginning of this year. The partly classified documents date from a period between 2006 and 2008 and contain information on a total of 54 terrorism investigations by Europol. The organization speaks of a ‘very serious incident’ and has launched an investigation in eight different member states.
Among the documents are analyzes of the Hofstad group and the Madrid bombings. Europol states that the leaking of the documents does not affect ongoing investigations. It is not clear whether people have had access to the data: “I do not consider it likely given the research we have done, but I cannot rule it out one hundred percent either,” said Europol deputy director Wil van Gemert. The fact that people from the documents were part of an investigation ten years ago could also mean that these people are still interesting for the organization.
Terrorism expert Jelle van Buuren informs Zembla that the incident may have consequences for the cooperation between police services and Europol. The incident could potentially have damaged trust in the organization, as Europol appears to be unable to protect sensitive information. Lenovo states in a response to the program that users are responsible for protecting their devices, for example by setting a password. A spokesperson makes the comparison with securing a Wi-Fi network.
According to Zembla, it was only mandatory for the last generation of iOmega disks to choose a password when using it. Computer security professor Herbert Bos calls the incident a ‘gigantic blunder’ and argues during the broadcast, which will take place on Wednesday at 21.15 at VARA, for legislation that makes manufacturers liable for security leaks in their products.