Hackers steal Danish children’s identities with cunning Russian code

Illustration: romrodinka | Bigstock

In an international wave of cyber attacks aimed at underage gamers, at least 32 Danish children have had their computers taken over by unknown attackers and their data stolen and put up for sale. This was found in an investigation of data posted on the so-called dark web, carried out by Ingeniøren’s IT media site Version2.

The large amount of data on the children makes it incredibly easy to identify them and tell all about their behaviour in cyberspace as well as how their system and accounts on social media can be hacked. There are pictures taken of the children’s computer desks, which for some of the affected children and young people also reveal their sexual preferences.

All in all, it is an extremely sensitive and highly usable dataset created for one purpose: to be resold to other hackers. Version2 has spoken to 23 of the young people and several of their parents to verify that the stolen data is genuine and that it is not a scam on the part of the hackers.

The data that Version2 has seen serves as a teaser for the main directory containing data of over 20,000 gamers, so the number of affected Danish gamers is probably much higher than 32. However, in order not to support the criminals’ business, Version2 has not bought access to the complete dataset.

One of the programs the hackers used was RedLine Stealer, which first appeared on a Russian subsite on the dark web in 2020. Since then, the malware has been one of the preferred ways to steal data from browsers in particular. Illustration: Mads Lorenzen | Screendump

The cyber attack on Danish children stands out, says Lucas Lundgren, CTO at IT security company Cypro, who makes a living from hacking companies to test their IT security:

“This is really excessive, and no matter how much the children cry, they will never get all this data back,” he says, noting in particular that the data also contains login information for MitID and NemID, which makes the children vulnerable to identity theft and greatly violates their privacy.

“This is a targeted attack, the likes of which we usually only see directed at important people in larger companies, politicians, etc. But these are children, for God’s sake!” Lucas Lundgren says.

None of the children knew that their data was freely available online until Version2 contacted them. Version2 has also approached the Danish Police's National Cyber Crime Center (NC3), which deals with digital crime. NC3 stated that they are not aware of the specific cases.

All the kids tell the same story: they tried to install software to tinker with their games, they were lured to turn off their firewall, and they instantly lost all control of the computer.

One of the victims explained how he tried to stop the hack:

“All of a sudden everything on my desktop disappeared, the background turned black. I didn’t know what to do, so I tried all sorts of things. I was just having fun playing Roblox,” says “Sigurd”, whose true identity is known to the editors and the only one of the 23 young people Version2 has been in contact with who is 18 years old.

But it was too late at that point. All his information was stolen and he has just ordered a new payment card after Version2 told him which information was involved in the leak.

Sign up for V2 Security 2022 | Denmark’s largest expo on cyber security

Illustration: Teknologiens Mediehus

Sign up for the expo here