<p>When a massive cyberattack took out everything from Swedish supermarkets to New Zealand kindergartens this month, a group of Dutch ethical hackers breathed a collective sigh of frustration. They had been so close to stopping it.</p>.<p>If the Dutch Institute for Vulnerability Disclosure (DIVD) sounds obscure, that's in keeping with its discreet presence on the internet.</p>.<p>This volunteer army of unpaid tech geeks have quietly prevented hundreds of cyberattacks since 2019 by finding holes in websites and software that could be exploited by hackers.</p>.<p>"You can see us as a volunteer fire brigade," said DIVD chairman Victor Gevers in an interview from his home in The Hague, a dog yapping at his ankles.</p>.<p><strong>Also Read | <a href="https://www.deccanherald.com/international/world-news-politics/fallout-continues-from-biggest-global-ransomware-attack-1005401.html" target="_blank">Fallout continues from biggest global ransomware attack</a></strong></p>.<p>"Your house is on fire, there's flames coming out of it, and then random people with a Dutch accent show up and start putting out the fire."</p>.<p>The bearded hacker declined to give his age, but he has been carrying out these "responsible disclosures" for the best part of two decades.</p>.<p>Most famously, he successfully accessed Donald Trump's Twitter account -- not once, but twice.</p>.<p>Just before the 2016 US election swept Trump to power, Gevers and two friends decided to make sure the then-candidate wasn't using a password that had previously been leaked online.</p>.<p>A huge hack of LinkedIn revealed that the password "yourefired" -- Trump's catchphrase from his days on TV show The Apprentice -- had been used for an account in his name on the business networking site.</p>.<p>And after trying the same password on Twitter alongside several different email addresses, the Dutch hackers were horrified to see Trump's personal page load up before their eyes.</p>.<p>They rushed to inform Trump's campaign and US authorities, stressing that if they could access his account, so might more malevolent hackers. But they never heard back.</p>.<p>So when Gevers succeeded in hacking Trump's Twitter again last year -- this time, with the password "maga2020!" -- his heart sank.</p>.<p>"Honestly, it was like, 'Oh God, why him?'," Gevers recalled. He knew that he would again have to make rigorous efforts to contact Trump, which would likely be ignored -- all the while leaving his account open to attack.</p>.<p>That was an alarming prospect. Trump's febrile Twitter presence gave him a megaphone to directly address some 90 million people. And as the violence at the US Capitol showed a few months later, his posts were capable of fuelling an incendiary atmosphere.</p>.<p><strong>Also Read | <a href="https://www.deccanherald.com/international/world-news-politics/ransomware-attack-on-us-tech-firm-forces-swedish-store-closures-1004667.html" target="_blank">Ransomware attack on US tech firm forces Swedish store closures</a></strong></p>.<p>"Imagine there was a tweet that said something like, 'start throwing axes at police officers'," Gevers said. "There would be a lot of followers who blindly followed him."</p>.<p>This time, instead of being ignored, Gevers' hack sparked international headlines and a stressful criminal investigation.</p>.<p>While the White House denied it had ever happened, Dutch prosecutors said in December that they were satisfied Gevers had indeed accessed Trump's account.</p>.<p>And fortunately for Gevers, they determined that he "met the criteria that have been developed in case law to go free as an ethical hacker".</p>.<p>This law makes it easier for ethical hackers to operate in the Netherlands than countries like the US or UK, where forays into people's accounts -- even when well-intentioned -- run greater legal risks, says Gevers.</p>.<p>He has also founded the GDI, a similar "online fire brigade" working internationally, from India to Portugal.</p>.<p>"We do this volunteering work because we have to leave behind something that is good for the next generation," he said.</p>.<p>During the pandemic, the volunteers have grown increasingly worried about weak spots in VPNs and other tools that allow computers to be managed remotely -- tools that are being used more and more, with no end in sight to the working-from-home trend.</p>.<p><strong>Also Read | <a href="https://www.deccanherald.com/international/white-house-reaching-out-with-assistance-to-latest-ransomware-victims-1004981.html" target="_blank">White House reaching out with assistance to latest ransomware victims</a></strong></p>.<p>Kaseya, the Miami-based IT company targeted in a spectacular cyberattack on July 3, had been in the DIVD's sights for months. Thousands of companies use its software to manage their networks of printers and computers.</p>.<p>Fellow DIVD researcher Wietse Boonstra had spotted a major problem with Kaseya's software in April, and the ethical hackers had been frantically helping the company develop a fix.</p>.<p>To their dismay, the Russian-speaking hacking outfit REvil got there first. They exploited the vulnerability to stage a massive ransomware attack, encrypting the data of hundreds of companies and demanding $70 million in bitcoin in exchange for its release.</p>.<p>"It sucks," Gevers said. "I don't mind that the bad guys are faster -- what I mind is that there are victims."</p>.<p>The hack hit around 1,500 businesses worldwide and wiped out the cash registers of Swedish supermarket chain Coop. Gevers is still working with those affected.</p>.<p>"If the Red Cross can help victims worldwide, why not us?" Gevers said. "The only thing is that we do it from behind a keyboard."</p>
<p>When a massive cyberattack took out everything from Swedish supermarkets to New Zealand kindergartens this month, a group of Dutch ethical hackers breathed a collective sigh of frustration. They had been so close to stopping it.</p>.<p>If the Dutch Institute for Vulnerability Disclosure (DIVD) sounds obscure, that's in keeping with its discreet presence on the internet.</p>.<p>This volunteer army of unpaid tech geeks have quietly prevented hundreds of cyberattacks since 2019 by finding holes in websites and software that could be exploited by hackers.</p>.<p>"You can see us as a volunteer fire brigade," said DIVD chairman Victor Gevers in an interview from his home in The Hague, a dog yapping at his ankles.</p>.<p><strong>Also Read | <a href="https://www.deccanherald.com/international/world-news-politics/fallout-continues-from-biggest-global-ransomware-attack-1005401.html" target="_blank">Fallout continues from biggest global ransomware attack</a></strong></p>.<p>"Your house is on fire, there's flames coming out of it, and then random people with a Dutch accent show up and start putting out the fire."</p>.<p>The bearded hacker declined to give his age, but he has been carrying out these "responsible disclosures" for the best part of two decades.</p>.<p>Most famously, he successfully accessed Donald Trump's Twitter account -- not once, but twice.</p>.<p>Just before the 2016 US election swept Trump to power, Gevers and two friends decided to make sure the then-candidate wasn't using a password that had previously been leaked online.</p>.<p>A huge hack of LinkedIn revealed that the password "yourefired" -- Trump's catchphrase from his days on TV show The Apprentice -- had been used for an account in his name on the business networking site.</p>.<p>And after trying the same password on Twitter alongside several different email addresses, the Dutch hackers were horrified to see Trump's personal page load up before their eyes.</p>.<p>They rushed to inform Trump's campaign and US authorities, stressing that if they could access his account, so might more malevolent hackers. But they never heard back.</p>.<p>So when Gevers succeeded in hacking Trump's Twitter again last year -- this time, with the password "maga2020!" -- his heart sank.</p>.<p>"Honestly, it was like, 'Oh God, why him?'," Gevers recalled. He knew that he would again have to make rigorous efforts to contact Trump, which would likely be ignored -- all the while leaving his account open to attack.</p>.<p>That was an alarming prospect. Trump's febrile Twitter presence gave him a megaphone to directly address some 90 million people. And as the violence at the US Capitol showed a few months later, his posts were capable of fuelling an incendiary atmosphere.</p>.<p><strong>Also Read | <a href="https://www.deccanherald.com/international/world-news-politics/ransomware-attack-on-us-tech-firm-forces-swedish-store-closures-1004667.html" target="_blank">Ransomware attack on US tech firm forces Swedish store closures</a></strong></p>.<p>"Imagine there was a tweet that said something like, 'start throwing axes at police officers'," Gevers said. "There would be a lot of followers who blindly followed him."</p>.<p>This time, instead of being ignored, Gevers' hack sparked international headlines and a stressful criminal investigation.</p>.<p>While the White House denied it had ever happened, Dutch prosecutors said in December that they were satisfied Gevers had indeed accessed Trump's account.</p>.<p>And fortunately for Gevers, they determined that he "met the criteria that have been developed in case law to go free as an ethical hacker".</p>.<p>This law makes it easier for ethical hackers to operate in the Netherlands than countries like the US or UK, where forays into people's accounts -- even when well-intentioned -- run greater legal risks, says Gevers.</p>.<p>He has also founded the GDI, a similar "online fire brigade" working internationally, from India to Portugal.</p>.<p>"We do this volunteering work because we have to leave behind something that is good for the next generation," he said.</p>.<p>During the pandemic, the volunteers have grown increasingly worried about weak spots in VPNs and other tools that allow computers to be managed remotely -- tools that are being used more and more, with no end in sight to the working-from-home trend.</p>.<p><strong>Also Read | <a href="https://www.deccanherald.com/international/white-house-reaching-out-with-assistance-to-latest-ransomware-victims-1004981.html" target="_blank">White House reaching out with assistance to latest ransomware victims</a></strong></p>.<p>Kaseya, the Miami-based IT company targeted in a spectacular cyberattack on July 3, had been in the DIVD's sights for months. Thousands of companies use its software to manage their networks of printers and computers.</p>.<p>Fellow DIVD researcher Wietse Boonstra had spotted a major problem with Kaseya's software in April, and the ethical hackers had been frantically helping the company develop a fix.</p>.<p>To their dismay, the Russian-speaking hacking outfit REvil got there first. They exploited the vulnerability to stage a massive ransomware attack, encrypting the data of hundreds of companies and demanding $70 million in bitcoin in exchange for its release.</p>.<p>"It sucks," Gevers said. "I don't mind that the bad guys are faster -- what I mind is that there are victims."</p>.<p>The hack hit around 1,500 businesses worldwide and wiped out the cash registers of Swedish supermarket chain Coop. Gevers is still working with those affected.</p>.<p>"If the Red Cross can help victims worldwide, why not us?" Gevers said. "The only thing is that we do it from behind a keyboard."</p>