Will there be a cyberbreach of a Dutch government organization in 2023?

Crime•Computing•Nederland•Resolution Pending•New Year's Market Resolutions 2022•New Year's Resolutions 2024

239

Ṁ2.5K

Ṁ768

resolved Jan 10

Resolved

ALL

Added:

If no hack is published by 31 January 2024 this will resolve to NO.

Added:

Between 6 May 2023 and 31 December 2023 (not retrospective) ...

Hackers break into a Dutch government organization and steal, publish or destroy confidential information. The incident will at least be published on the nos.nl newssite.

DDos does not count.

Hacking devices of a government employee and stealing the data from there does not count.

Personal errors of a government employee, like losing a USB stick does not count.

The "back end" of the government organization must be compromised.

Added:

Administrator error that does not need hacking, like leaving an Amazon bucket open, does not count.

Administrator error, like not applying patches, and then getting hacked, does count.

Get Ṁ200 play money

🏅 Top traders

#	Name	Total profit
1		Ṁ159
2		Ṁ71
3		Ṁ54
4		Ṁ48
5		Ṁ41

23 Comments

27 Holders

51 Trades

Sort by:

I was being pestered by some Manifold bot, so I resolved earlier than I had planned. No problem.

Any new revelations about 2023 will not count anymore.

There are no breaches per 10 January 2024.

Checked 24 december - 31 december 2023:

If nothing new comes to light in January 2024 the resolution will be NO:

This was a pentest, if it were a real attack it would count:

Brabantse gemeenten hebben beveiliging persoonsgegevens niet op orde - Security.NL

Insider threat, if it was a government it would count:

Erasmus MC onderzoekt ongeoorloofde inzage in dossier slachtoffer schietincident - Security.NL

I have opened a similar question for 2024:

https://manifold.markets/uair01/will-there-be-a-cyberbreach-of-a-du-33f20284342c?r=dWFpcjAx

I will open a similar question for 2024 soon.

Checked 11 november - 23 december 2023:

Adjacent but not a government service.

Cyberaanval zorgt voor landelijke storing bij noodknopsysteem ouderen - Security.NL

Adjacent but not a hack:

Gemeente Voorschoten krijgt boete voor bewaren afvalgegevens inwoners - Security.NL

Adjacent but privacy, not hack:

AP houdt toezicht op hersteloperatie UWV na illegale inzet algoritme - Security.NL

Adjacent but privacy, not hack:

Verzamelde gegevens ggz-patiënten na opt-out niet verwijderd - Security.NL

Adjacent, AI and privacy, but not hack:

Kabinet heeft geen zicht op hoog-risico algoritmes gebruikt door Rijksoverheid - Security.NL

Adjacent, privacy and algorithms, not hack:

SP wil opheldering over algoritmes Belastingdienst die niet aan AVG voldoen - Security.NL

Adjacent, but privacy, not hack:

AP: politie heeft wet overtreden met Schengen Informatiesysteem - Security.NL

I'm thinking about closing (not resolving) this bet around 20-25 december, otherwise it would be to easy. What do you think of that?

Does the breach have to be announced by December 31st? Is it the national government only, or any government organization at any level?

@dph121 Any government organization. In Dutch jargon: ZBO's, agentschappen, waterschappen, provincies, gemeenten. These all count. But, for example, not hospitals, schools and universities.

@dph121 Good question! I think I'll resolve this way:

If no hack is published by 31 January 2024 this will resolve to NO.

Checked period 13 September to 11 November on security.nl and nos.nl

CEO fraud, not a hack:

Gemeente Alkmaar maakt door ceo-fraude 236.000 euro over aan criminelen - Security.NL

Fraudeur die Alkmaar voor tonnen oplichtte deed zich voor als directeur - Security.NL

Data leak, not a hack:

UWV moet slachtoffer datalek schadevergoeding van 500 euro betalen - Security.NL

Germany, would probably count if it was Dutch:

Duitse gemeenten zonder systemen na ransomware-aanval op it-provider - Security.NL

Checked period 14 July on to 13 september on security.nl and nos.nl

No news of a Dutch government hack by this method, although claims that some governments were hacked:

https://nos.nl/artikel/2482567-chinese-hackers-braken-in-bij-e-mailaccounts-van-overheden-in-west-europa

Privacy concern, leak, not a hack:

https://www.security.nl/posting/804510/Actiegroep+start+in+september+rechtszaak+over+verzamelen+data+ggz-pati%C3%ABnten

https://www.security.nl/posting/805661/UWV+al+in+2020+gewaarschuwd+over+illegaal+data+verzamelen+via+cookies

https://www.security.nl/posting/805317/Politie+maakt+zonder+wettelijke+basis+gebruik+van+webcrawlers

https://www.security.nl/posting/806576/Etten-Leur+stuurt+brief+naar+mogelijke+slachtoffers+van+datalek+Nebu

https://www.security.nl/posting/808370/De+Jonge+moet+opheldering+geven+over+beveiliging+gegevens+bij+Kadaster

https://www.security.nl/posting/809329/OM+erkent+fouten+bij+identificatie+van+demonstranten+via+social+media

https://nos.nl/artikel/2488620-psychiaters-beschuldigen-toezichthouder-van-ongerichte-surveillance-van-patienten

Insider threat, leak, not hack:

https://www.security.nl/posting/807215/Datalek+bij+politie+door+ontslagen+medewerker+die+telefonisch+gevoelige+informatie+opvroeg

Fraud and document countefeting, not hack:

https://www.security.nl/posting/804866/Digitale+handtekening+moet+vervalsen+rapporten+DigiD-aansluiting+tegengaan

Historic infiltration and espionage, not hack:

https://www.security.nl/posting/806629/NRC%3A+politieke+partijen+structureel+geïnfiltreerd+en+afgeluisterd+door+BVD

Governent hack, but too long ago:

https://nos.nl/artikel/2474876-gemeente-hof-van-twente-moet-miljoenenschade-na-hack-zelf-betalen

Funny hack, but not overnment:

https://nos.nl/artikel/2483313-hack-bij-bedrijf-statiegeldautomaten-problemen-bij-sommige-inleverpunten

Checked period 23 June to 14 July on security.nl and nos.nl:

https://www.security.nl/posting/801788/Apeldoorn+lekt+gegevens+inwoners+na+software-update+van+burgerportaal

Leak, does not count

https://www.security.nl/posting/802896/Twents+zorgbureau+lekt+gegevens+cli%C3%ABnten+door+fout+met+cc-mail

Leak, does not count

https://www.security.nl/posting/803344/Leiden+lekt+opnieuw+gegevens+van+inwoners+met+betalingsachterstand

Leak, does not count

https://nos.nl/artikel/2472027-na-aivd-wijst-ook-mivd-op-chinese-spionagepraktijken

No attacks on government organizations

Checked period 17 May to 22 June 2024 on Security.nl and NOS.nl

Does not count: leak:

https://www.security.nl/posting/798284/Datalek+Nederlands+waterschap+HHNK+door+fout+met+uitnodigingsmail

Does not count: leak:

https://www.security.nl/posting/798409/ABP+lekt+gegevens+honderden+gepensioneerden+door+fout+met+cc-mail

Does not count: library:

https://www.security.nl/posting/798654/Bibliotheek+Gouda+getroffen+door+ransomware-aanval

Does not count: leak:

https://www.security.nl/posting/799601/Montfoort+waarschuwt+inwoners+voor+mogelijk+datalek+via+onderzoeksbureau,

Does not count. School:

https://www.security.nl/posting/799686/Hengelose+Scholengemeenschap+OSG+sluit+deal+met+ransomwaregroep

I propose not to let this count because it did not compromise the back end and it happened in 2022:

https://www.security.nl/posting/797002/Gemeente+Asten+getroffen+door+datalek+na+inbraak+op+twee+e-mailaccounts

bought Ṁ30 of NO

hmm it would be quite something to hit all those rules. afaik a ton of hacking and security penetration is built around social techniques and human error, not raw technological force and skill

@Stralor I don't think it's that bad. If a government employee loses a USB stick or makes an error that makes a hack of the back end possible, it will count.

Getting phished and giving a hacker access to an internal share, will count.

I just want to exclude cases like: employee loses unencrypted USB stick.

predicted NO

@uair01 ah! okay at first pass I read it differently