Cyberattack exposes Public Prosecution weakness
In the series Cracked by Jordens, we look at cyber security for consumers and businesses in the Netherlands.
Published on July 30, 2025
As editor-in-chief, Aafke oversees all content and events but loves writing herself. She makes complex topics accessible and tells the stories behind technology.
Following suspicions of a hack, the Public Prosecution Service (OM) took its systems offline on July 17. This was prompted by a report from the National Cyber Security Center (NCSC) about vulnerabilities in the widely used Citrix systems. The OM is still offline. It has not been confirmed, but it is suspected that Russian hackers managed to penetrate the system. For cybersecurity expert Patrick Jordens, this comes as no surprise. “We have to stop being surprised when this happens. This is reality.”
Patrick Jordens
Patrick Jordens (1969) is an entrepreneur with a passion for digital security. He is the director of the Trusted Third Party (TT3P) and founder of DMCC Group, which helps organizations comply with all external laws and regulations and internal policies in the field of privacy and consumer law. He is also a guest lecturer in marketing, data privacy, and ethics at Rotterdam University of Applied Sciences.
The Public Prosecution Service disconnected all its systems from the internet. What did you think when you read the news?
“It was no surprise. If you look at how cyberattacks are developing – especially in the field of espionage and disruption – this is the rule rather than the exception. Organizations such as the Public Prosecution Service are prime targets. This is just the tip of the iceberg.”
What exactly do you think happened here?
"According to the information currently available, Russian hackers may have been in the systems for weeks. They probably gained access through a vulnerability in Citrix NetScaler, software used for remote access. The National Cyber Security Center warned about this vulnerability on June 17. But it took seven days before it was patched. In that time, a hacker could have dug in deep. And that is probably what happened."
* ‘Patching a network’ refers to closing a security vulnerability in software or systems running within a network. A patch is essentially a software update released by the supplier to fix errors, vulnerabilities, or leaks.
Why is it taking so long for the Public Prosecution Service's systems to come back online?
“A good hacker does not reveal themselves immediately. They take their time to look around, open back doors, and then disappear again. If you then close the vulnerability, you can still be ‘visited’ through those back doors. That's why you have to conduct a thorough forensic investigation, and that takes time. Especially when you manage sensitive information, as is the case with the Public Prosecution Service.”
Could this have been prevented?
"If a country like Russia wants to hack an organization, it will eventually succeed. And that means more than just technology. You also need to have everything in order organizationally. So being hacked is one thing, but how you deal with it as an organization is another. Think of monitoring, awareness, and governance.
And that's often where the shoe pinches. A report was made to the NCSC on June 17, and the gap was closed on June 24. That means hackers had seven days to wander around the systems. During that time, they were able to plant backdoors everywhere. That's why the systems were taken offline in July, and the consequences are now so extensive, and why it's taking so long for the Public Prosecution Service to go back online. And of course, there could be a good reason why it took them seven days to patch their network, but I can hardly imagine what that might be. The alarm bells should have rung sooner."
What exactly do you mean by monitoring?
"Recognizing that something is wrong is based on monitoring security data. For example, you see that someone is trying to log in 200 times a minute. Or a login attempt is made from the other side of the world. Then you know something is wrong. But that kind of detection requires specialists, tools, 24/7 monitoring – and that is expensive. Still, you have to ask yourself: if you manage such sensitive files, can you afford to cut corners?
I think that much of the reporting on this news remains too superficial. The Public Prosecution Service's obligation to citizens goes further than that. Suppose all the data from the MH17 file is now in Russia. That is extremely sensitive information. What impact does that have on the relatives? I think organizations should ask themselves that question more often. You see that there is an underestimation of what a hack ultimately does to the people involved in that information."
