Dutch police arrest man for "hacking" after accidentally sending him confidential files

Well, this is embarrassing.

Police in The Netherlands say they have arrested a 40-year-old man on suspicion of hacking... after police officers accidentally sent him a link granting him access to their own confidential documents.

On February 12, the unnamed man from Ridderkerk contacted the Dutch National Police in connection with a separate investigation, telling them that he had images that might be helpful to their case.

The police officer handling the contact sent the man a link intended to allow him to upload the images. However, by mistake, the link that was sent to the man actually allowed him to access and download confidential files.

D'oh!

The man proceeded to download the documents. When police told him to stop and delete the downloaded material he reportedly refused, saying that he would only agree if he "received something in return."

Details of precisely what the man may have wanted as a "reward" has not been shared, but I think nobody would be surprised if it was of a financial nature.

Mistake as it was for the police to carelessly share a link which allowed confidential files to be downloaded, you cannot help but think that the member of the public was also not making the wisest decision of his life in blackmailing the authorities.

At around 7pm that evening, police arrested the man, searched his home, and seized digital devices in an attempt to recover their lost files and prevent their further distribution.

An investigation is now being undertaken into what wrong, and a data breach has been formally reported to regulators. Dutch police say that there is no indication that any of the leaked files have been shared more widely.

Announcing that they were charging the man with "computervredebreuk" — the Dutch legal term for unauthorised access to computer systems - polce attempted to justify their decision:

"If you receive a download link knowing you should be receiving an upload link, are clearly told not to download, and then choose to download the files anyway, you may be guilty of computer trespassing. The recipient can reasonably assume that the download link and the files shared with it were not intended for them."

The nature of the leaked documents has not been disclosed, and it is unclear whether the material included personal data or information related to active police investigations.

Mistakes like the one which has befallen the Dutch police are painful reminder of just how easy it is for humans to foul up. A simple check of whether a link is an upload or download URL before firing it off to a member of the public would seem like a sensible precaution, particularly when the files on the other end belong to a law enforcement agency.

Right now the unnamed man faces a potential future prospecution for accessing files that he was in a very real sense, invited to access. Whatever the outcome of any court case (if it gets that far), one has to hope that the police will be more careful with the links that they send out in future.