Ethical hacker gained admin access to IT infrastructure Arnhem
An ethical hacker was able to gain admin access to the digital infrastructure of the municipality of Arnhem by order of the municipal audit office via an inside-out attack. For example, he was able to view privacy-sensitive information from citizens and civil servants.
The security expert acted on behalf of Arnhem’s municipal audit office, which carried out a technical in-depth investigation into the information security of the municipality, in imitation of a previous research that focused on the effectiveness and efficiency of information security and privacy policy.
The mayor and aldermen indicated that they were shocked with the findings. It turned out that the inside-out vulnerability was already known, but not yet closed. The municipality’s own regular information security audits would focus primarily on outside-in attacks because they occur most, according to the municipality.
The court of auditors emphasizes that more vulnerabilities have been found and that De Connectie, the organization that handles the municipal ict network, ‘did not tackle the shortcomings identified with the greatest possible decisiveness’. The municipality points out that The Connection was started less than a year ago and was already working to improve information security.
The municipality has taken measures to prevent unauthorized access to the municipal network and to prevent the increase of duties. nevertheless network access has been obtained. The other vulnerabilities must be remedied in the short term.