Man convicted of hacking the Hague GP’s website has been acquitted

The court in The Hague has acquitted a 31-year-old man from Tiel. In 2020 he was sentenced to two months in prison for hacking the website of a GP post in The Hague. The man appealed the verdict and was proved right.

Found the hack place in August 2017. De Tielenaar had broken into the website of the GP through a security leak. The man called the director of the GP and said he had access to all the doctors’ personal details. These included bank account numbers, passwords and usernames.

Later, the director received a quote from the Tielenaar, who asked for an amount between 16,500 and 23,000 euros to fix the leak. In addition to the amount, there was a comment on the quote. In it, the suspect wrote that the GP would probably be fined if the security vulnerability was made public and suffered a lot of reputational damage.

The director then went to the police, who launched an investigation. This eventually led to the Tielenaar, who was arrested for “intentionally and unlawfully intruding into an automated work”. In June 2020, he was sentenced by a judge to two months in prison, one of which was suspended, and was given two years’ probation.

The man subsequently appealed the verdict. The court acquits the man on Tuesday of “deliberate and unlawful intrusion into a computerized work”. A website is not an automated work as described in Article 80sexies of the Criminal Code, says the Court of Appeal. An automated work is understood to mean a physical object and a website is not. “Now that a website actually only consists of a combination of data, has no physical form and therefore lacks the character of a ‘device’, there is sufficient reason on the basis of the foregoing not to designate a website as automated work.”

The judge’s verdict is quashed. The Tielenaar also gets his confiscated equipment back.