Prosecutors in the Netherlands are asking for three years in prison for a Dutch politician who hacked into women’s personal iCloud accounts and stole nude photos and other personal digital material belonging to them, then leaked some of it online.
The public prosecutor of the North Holland Public Prosecution Service has requested that Mitchel van der K., a member of the VVD political party in the Netherlands, face three years in prison for hacking into personal accounts of “women from his own environment, and of women he knew from the media,” according to a translated version of the request, which was made public during the case’s pre-sentencing process.
Van der K was part of what the media dubbed “The Fappening,” or “Celebgate,” in which the personal accounts of women, including some celebrities, were hacked and personal photos and other digital material—most of it sexually provocative–found on those accounts was publicly disseminated on social media.Van der K’s victims in the Netherlands included Dutch YouTube star Laura Ponticorvo and Dutch field hockey star Fatima Moreira de Melo. Celebrities in the United States also were part of the global incident, in which personal, nude photos from the iCloud accounts of celebrities including Jennifer Lawrence and Kirsten Dunst were leaked online. In response, Dunst publicly criticized iCloud for the breach.
In response to the hacks, Apple patched a vulnerability in its Find My iPhone app that likely was used by attackers in the breach.
In addition to intimate or nude photos, Van der K also stole myriad other personal material that he found in his victim’s accounts, including family photos, insurance documents and agendas, according to Dutch authorities. The extent of Van der K’s hacking “is unprecedented,” they said.
“He has invaded hundreds of accounts, frequently and repeatedly violating the privacy of the victims,” according to the prosecution’s sentencing request. “In their reports, the victims describe in a penetrating way what this invasion of their privacy has unleashed: ‘It feels like someone broke into my house. It feels like a digital assault. I feel dirty and I feel watched. I also have a private life and I am very careful with that.'”
Authorities believe Van der K began his involvement in the incident in 2015, but it wasn’t discovered until 2017, when he leaked nude photos and sexually explicit material that he stole from Ponticorvo’s account and she reported it to the police.
When he was apprehended, Van der K had just been elected to the city council of the town in which he was living, Almere. He promptly resigned after his troubles with authorities began, according to a published report.
Van der K has acknowledged that he frequently hacked or attempted to hack iCloud accounts, but said he was under pressure by an “unknown extortioner” or said that his own visual material would be leaked if he did not comply, according to Dutch authorities. The prosecutor in the case said he didn’t buy Van der K’s story, however.
“The cases that the police have investigated in detail show that more than half of the accounts hacked by the suspect were women who had no (national) fame, but who did interact with him in his work or private environment,” the prosecutor said in a statement. “Why an unknown extortioner would have forced suspects to browse their accounts for photos and videos, I don’t understand at all.”
Van der K should know his sentencing fate just in time for Christmas, as the Dutch court is expected to rule on the case on Dec. 24, according to the prosecution.
Free Threatpost Webinar: Risk around third-party vendors is real and can lead to data disasters. We rely on third-party vendors, but that doesn’t mean forfeiting security. Join us on Dec. 18th at 2 pm EST as Threatpost looks at managing third-party relationship risks with industry experts Dr. Larry Ponemon, of Ponemon Institute; Harlan Carvey, with Digital Guardian and Flashpoint’s Lance James. Click here to register.