Two Dutch teenagers arrested for attempting to spy on Europol for Russia

Teens found using WiFi sniffer device near Europol and Eurojust HQ

Two 17-year-old Dutch boys have been arrested for allegedly attempting to spy on Europol on behalf of Russian interests.

The teenagers, who were reportedly recruited via the encrypted messaging platform Telegram, were apprehended by Dutch authorities on 21 September, following a tip-off from the General Intelligence and Security Service (AIVD), the Netherlands’ primary intelligence agency.

According to a report by De Telegraaf, the teens were found using a WiFi sniffer device in areas near the Europol and Eurojust headquarters, as well as the Canadian embassy in The Hague.

WiFi sniffer devices can detect and intercept wireless network traffic and are a common tool used in the early stages of cyberattacks.

One of the boys was arrested at his family home while finishing his homework, according to sources cited by De Telegraaf. His parents were reportedly unaware of their son’s involvement in any illegal activity.

“We raise our children to prepare them for dangers in life: smoking, vaping, alcohol, and drugs. But not for something like this. Who would ever consider this a risk?” said the boy’s father.

The boys appeared before a judge on Thursday. One was remanded in custody, while the other was released under strict home supervision until a further court hearing scheduled within the next two weeks.

A Europol spokesperson said there is no evidence to suggest the agency’s systems were compromised.

“We are in close contact with the Dutch authorities regarding this case. Europol has a robust security infrastructure in place, and there is no indication that our systems have been compromised,” the spokesperson said.

The teens’ method of operation mirrors tactics used in previous Russian-backed cyber campaigns.

A 2024 report from US cybersecurity firm Volexity detailed how Russian state-sponsored hackers, known as APT28, used nearby WiFi networks to infiltrate the systems of a US enterprise in a technique called the “nearest neighbor attack.”

The case highlights a worrying trend of younger individuals being recruited for espionage and cyber operations in Europe.

While past incidents in Germany involved young people paid to carry out acts of sabotage and vandalism on critical infrastructure, this marks a significant escalation into digital surveillance against major international institutions.

The teenagers involved in this case were described as computer-savvy and fascinated by hacking, with one holding a part-time job at a supermarket.

The arrests come just months after Europol led a multinational crackdown on the pro-Russian cyber gang NoName057(16) in July. The operation, dubbed Operation Eastwood, resulted in the arrest of two suspects, the issuing of seven arrest warrants, and the seizure of 100 servers linked to widespread DDoS attacks across Europe.

More than 1,000 individuals connected to the group’s activity were formally notified of their legal liability.

Europol estimates that more than 4,000 individuals were actively engaged in NoName057(16)’s campaigns, making it one of the largest ideologically motivated cybercrime collectives in Europe.

The Europol case is not an isolated event. In 2024, authorities in the US and Germany collaborated to take down Hydra, a massive darknet marketplace with Russian ties.

Dutch authorities have not yet released the identities of the arrested teens due to their age, and both are expected to face serious charges under national security and espionage laws.