Last week, 200 homes of Germans were raided by police across the state of Rhineland-Palatinate, this is being reported. Also reported is that the Government had paid €4m for the data that lead to these arrests. It’s unknown if the person that leaked this information is an insider employee or an external hacker, both equate to the same thing really, either way the data was retrieved illegally.

There would have been no illegal action if this person had advised the police where this data existed and assisted authorities in gathering it, but that’s not what happened, they simply paid for stolen property.

An interesting simple question here is did the government commission this crime, or did the thief go to the government with an offer. Which leads to another question, if the hacker had been caught, would he have been able to plead mitigation as he was stealing with intention to sell to the Government?

Does that mean that any hacker in Germany can penetrate any system looking for information to sell to the government? €4m that’s a big incentive and totally the wrong message to be sending out. This should reinforce the message to everyone is even though you are breaking no laws, strong controls to protect data are essential, and encryption should be the second line of defence with the first being controlling access.