MSA Intel

In the past two days, four letter bombs were sent to various offices in the Netherlands, in a series of incidents in which an extortionist is demanding payment from the businesses in the cryptocurrency Bitcoin. Yesterday morning, at approximately 8:00am local time, the first letter bomb detonated at an ABN Amro bank mail-sorting office in Amsterdam. The second letter bomb exploded less than an hour later in a mailroom of Japanese electronics group Ricoh, located in the Dutch town of Kerkrade, approximately 140 miles away from the initial blast. No injuries or substantial damage were reported in either incident. In both cases, mailroom staff reported hearing a “hissing sound” coming from the letter bombs before detonating. Law enforcement officials stated that the two blasts were “comparable to a small fireworks explosion” and would have caused nonfatal injuries.

Earlier this morning, authorities disarmed the third letter bomb at the office of U.S. information technology firm Unisys, located in Utrecht. No one was injured during the incident. A few hours later, the fourth letter bomb was sent to the banking group ING, located in Amsterdam. According to authorities, the letter bomb caught fire when an employee opened the envelope.

The initial letter bomb that exploded in Amsterdam on Wednesday was reportedly accompanied by a demand note, which threatened further letter bombs if payment was not received. Police believe the blasts are linked to the spate of parcel bombs and warning letters sent to a range of businesses last month, as the “same demand was made.” The previous letter bombs were all intercepted before they could detonate. Previous targets have included a hotel, a gas station, a real estate agent and a bill collection service. No arrests have been announced in the investigation.


Parcel bombs have been used in the past as a means of extortion in the Netherlands. In 2015, an extortionist mailed a number of letter bombs to Jumbo supermarkets throughout the country. The 58- year-old offender was later arrested and sentenced to eight years in prison after investigators tied him to the attacks using DNA evidence. Extremists and other nefarious actors continue to exploit the postal and shipping sectors in various ways, including mailing and shipping explosives, delivering threats, propagating hoaxes, and testing security measures for dry-run attacks. Security officials in the past have warned that the accessibility of the postal and shipping sector, combined with publicity surrounding suspicious package incidents, will continue to spur ongoing or increased interest by nefarious actors to employ this tactic in their plots. Additionally, the recent incidents in the Netherlands demonstrate the likelihood of copy-cat attempts and the potential for individuals to be inspired by publicized attacks or similar incidents.

According to the Federal Bureau of Investigation (FBI), a suspicious letter or package might have some of the following characteristics: no return address; possibly mailed from a foreign country; delivery address is to a title only; contains an incorrect title; package is lopsided or uneven, rigid, or bulky; presence of excessive taping or string, oily stains, discolorations or crystallization; protruding wires; and possibly exhibits a strange smell. The short-term security implications include swift, clear protocols to effectively screen and dispose of suspicious mail and packages. The establishment of routine screening measures and procedures can provide faster resolution to the receipt of suspicious packages and other mail. The propensity of bomb detection measures available today, coupled with cameras and advanced mail tracking abilities, has made it more difficult for suspects to successfully send packages through normal delivery services.

Subscribe to Blog