What happened
A Dutch court sentences hacker to seven years for port systems breach after a 44‑year‑old individual was convicted for compromising computer systems at the Port of Rotterdam and Port of Antwerp to facilitate drug trafficking and other crimes. The Amsterdam Court of Appeal upheld the conviction on January 12, 2026, rejecting challenges to evidence obtained from intercepted encrypted communications. Prosecutors said the attacker exploited internal port infrastructure by persuading an employee to install malware via a USB stick, creating a backdoor for remote access, data exfiltration, and control of logistics systems. The man was also convicted of attempted extortion and drug importation.
Who is affected
The Port of Rotterdam and Port of Antwerp systems and their operational technology environment were directly compromised, posing risks to logistics, container handling, and supply‑chain operations.
Why CISOs should care
Breaches of critical maritime infrastructure highlight vulnerabilities in OT and IT convergence, demonstrating how malware installed via social engineering can compromise logistics hubs and facilitate wider criminal activity. Strategic risk extends beyond data to physical supply chains.
3 practical actions
- Strengthen OT/IT segmentation: Separate operational systems from corporate networks and enforce strict controls on removable media.
- Enhance insider threat programs: Monitor for anomalous access patterns and require multi‑factor authentication for sensitive systems.
- Audit and train staff: Conduct phishing resistance training and verify processes for introducing external devices into secure environments.