Finland’s Most-Needed Hacker Nabbed in France – Krebs on Safety | App Tech

Julius “Zeekill” Kivimaki, A 25-year-old Finnish man accused of extorting cash from a neighborhood on-line psychotherapy follow and leaking remedy notes for greater than 22,000 sufferers on-line, was arrested this week in France. A infamous hacker convicted of finishing up tens of 1000’s of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to look in court docket and Finland issued a world warrant for his arrest.

In late October 2022, Kivimäki was charged (and “arrested in absentia”, based on the Finns) with making an attempt to extort cash from Vastaamo Psychotherapy Heart. In that breach, which occurred in October 2020, a hacker utilizing the username “Ransom Man” threatened to launch the affected person’s psychotherapy notes if Vastaamo didn’t pay a six-figure ransom demand.

Vastaamo refused, so Ransom Man went on to blackmail particular person sufferers, sending them focused emails threatening to launch their remedy notes until they paid a €500 ransom.

When Ransom Man had little success extorting sufferers straight, he uploaded to the darkish net a big compressed file containing all the stolen Vastaamo affected person data.

However as documented by KrebsOnSecurity in November 2022, safety specialists quickly found that Ransom Man had mistakenly included a whole copy of his startup folder, the place researchers discovered many clues pointing to Kivimäki’s involvement. From that story:

“Amongst those that took a duplicate of the database was Antti Kurittua staff chief in Nixu Company and a former legal investigator. In 2013, Kurittu labored on an investigation associated to Kivimäki’s use of the Zbot botnet, amongst different actions through which Kivimäki participated as a member of the hacker group Hack the Planet (HTP).”

“It was a terrific opsec [operational security] they failed, as a result of they’d a whole lot of stuff in there, together with the consumer’s personal SSH folder and a whole lot of identified hosts that we have been in a position to analyze very effectively,” Kurittu instructed KrebsOnSecurity, declining to debate particulars of the proof seized by investigators. “There have been additionally different initiatives and databases.”

In line with the French information website actu.fr, Kivimäki was arrested round 7 a.m. on February 3, after authorities in Courbevoie responded to a report of home violence. Kivimäki had earlier dated a girl at a neighborhood nightclub, and the 2 later returned to his home however reportedly bought right into a heated argument.

Police responding to the scene have been admitted by one other girl, probably a roommate, and located the person inside nonetheless sleeping via the evening. When woken up and requested for identification, the 6’3′ blond, green-eyed man offered identification stating that he was a Romanian nationwide.

The French police had doubts. After consulting the data of essentially the most needed criminals, they shortly recognized the person as Kivimäki and took him into custody.

Kivimäki initially gained notoriety as a self-proclaimed member of the Lizard Squad, a primarily low-skilled hacker group that specialised in DDoS assaults. However American and Finnish investigators say Kivimäki’s involvement in cybercrime dates again to at the very least 2008, when he was launched to a founding member of what would quickly grow to be HTP.

Finnish police stated Kivimäki additionally used the nicknames “Ryan”, “RyanC” and “Ryan Cleary” (Ryan Cleary was truly a member of a rival hacker group, LulzSec, who was sentenced to jail for hacking).

Kivimaki and different HTP members have been concerned in mass-compromising net servers utilizing identified vulnerabilities, and in 2012, Kivimäki’s alias Ryan Cleary was promoting entry to these servers within the type of a DDoS service for rent. Kivimäki was 15 years previous on the time.

In 2013, researchers reviewing seized Kivimäki gadgets discovered pc code that had been used to hack greater than 60,000 net servers utilizing a beforehand unknown vulnerability in Adobe Chilly Fusion software program.

KrebsOnSecurity detailed HTP’s work in September 2013, after the group compromised servers inside information brokers LexisNexis, Kroll, and Dun & Bradstreet.

The group used the identical ColdFusion flaws to interrupt into the Nationwide White Collar Crime Heart (NWC3), a nonprofit group that gives analysis and investigative assist to criminals. US Federal Bureau of Investigation (FBI).

As KrebsOnSecurity reported on the time, this little ColdFusion botnet of information dealer servers was being managed by the identical cybercriminals who had taken over ssndob[.]MSthat operated some of the trusted underground providers for acquiring social safety numbers, dates of start, and credit score file info for US residents.

A number of legislation enforcement sources instructed KrebsOnSecurity that Kivimäki was answerable for making a bomb risk in August 2014 towards former Sony’s President of On-line Leisure John Smedley that grounded an American Airways aircraft. That incident was extensively reported to have began with a tweet from the Lizard Squad, however Smedley and others stated it began with a name from Kivimäki.

Kivimäki additionally participated in a number of false bomb threats and “battering” incidents, reporting false hostage conditions at an deal with to impress a closely armed police response at that location.

Kivimäki’s obvious indifference to cowl his tracks attracted the curiosity of Finnish and American cybercrime investigators, and shortly Finnish prosecutors charged him with a sequence of cybercrime violations. At trial, prosecutors offered proof displaying that he had used stolen bank cards to purchase luxurious gadgets and buying coupons, and he participated in a cash laundering scheme that he used to finance a visit to Mexico.

Kivimäki was finally convicted of orchestrating greater than 50,000 cybercrimes. However largely as a result of he was nonetheless a minor on the time (17), he was given a 2-year suspended sentence and ordered to forfeit €6,558.

As I wrote in 2015 after the Kivimäki trial:

“The hazard of such a call is that it emboldens malicious younger hackers by reinforcing the already common notion that cybercrime dedicated by individuals below the age of 18 has no penalties.

Kivimäki now boasts concerning the sentence; He modified the outline on his Twitter profile to “untouchable hacker god.” The Lizard Squad Twitter account triumphantly tweeted the information that Kivimäki was not sentenced: “All of the individuals who stated we might rot in jail do not wish to perceive what we have been saying all alongside, we have got free passes.”

One thing tells me that Kivimäki will not go free this time, assuming he is efficiently extradited to Finland. A Finnish police assertion says they’re looking for Kivimäki’s extradition and hope the method goes easily.

Kivimäki couldn’t be reached for remark. However he is been discussing his case on Reddit utilizing his authorized title: alexanteri (He stopped utilizing his center title Julius when he moved overseas a number of years in the past.) In a put up dated January 31, 2022, Kivimäki responded to a different Finnish-speaking Reddit consumer who stated that he was a fugitive from justice.

“Identical factor,” Kivimäki replied. “Ought to we begin some form of membership? A assist group for needed individuals?