Suspect Arrested in Cyber Investigation

Gebied: Oost-Brabant / Dordrecht

On February 10, the police arrested a 21-year-old man from Dordrecht in a cybercrime investigation by Team Cybercrime East Brabant. He is suspected of distributing a system that intercepted one-time passwords. This is the third arrest in the investigation.

The investigation already led to the arrests of the developer and co-developer of the system in April and August 2025. The system, better known as a so-called One-Time Password bot, was named JokerOTP. The man from Dordrecht sold the bot via a Telegram account to other cybercriminals. He also possessed license keys for the bot himself.

How the bot works

A one-time password is a temporary password that can only be used once for authentication. It is often used as an extra security measure in online transactions or login processes. This code is usually sent via SMS or email and expires after use or after a short time. With the JokerOTP bot, it was possible to call victims automatically to then entice them to enter a one-time password, thereby gaining access to someones account.

Anouk Bonekamp, team leader Team Cybercrime: ‘Victims were automatically called by the bot with the message that criminals were trying to access their account. The bot then asked for the one-time password to be entered. Victims think they are protecting themselves by cooperating in providing information. This plays on feelings of insecurity and fear. While such a one-time password is intended to prevent unauthorized logins to your account. With the help of the bot, two-step verification can be bypassed, allowing the cybercriminal to access victims accounts with the intent to commit fraud.’

Further investigation

The investigation by Team Cybercrime is not yet finished. Dozens of Dutch buyers of the JokerOTP bot have emerged in the investigation. ‘The goal is to eventually track them down so the Public Prosecution Service can prosecute them. They deliberately buy a tool with which they can defraud victims. For example, they gain access to an app for online investing or a webshop account to then buy expensive items for which the victim receives the bill. They create many victims, causing not only financial damage but also emotional harm such as stress and shame.’

Shame

‘Victims are ashamed that they fell for it. That is unnecessary because cybercriminals operate cleverly. It can happen to anyone. Therefore, be extra alert to the urgency the criminal tries to impose on you. Criminals do this in many forms of fraud. They try to pressure you to act immediately or you will lose your money. If you are ordered to do something immediately or asked to provide your password or PIN in an unusual way, alarm bells should go off. It is also wise to check if your data appears in a data breach via haveibeenpwnd.com and via www.politie.nl/checkjehack,’ says Anouk Bonekamp.

Instant happiness ☕

You happy with the news, we happy with coffee. Life can be that simple.

Buy us a coffee ❤️

Share this article

Source: Politie

Suspect Arrested in Cyber Investigation

How the bot works

Further investigation

Shame

Instant happiness ☕

Latest news