Finland’s most wished hacker trapped in France – Krebs on Safety | Loop Tech

Julius “Zeekill” Kivimaki, A 25-year-old Finnish man accused of extorting cash from a neighborhood on-line psychotherapy follow and leaking remedy notes for greater than 22,000 sufferers on-line, was arrested this week in France. A infamous hacker convicted of finishing up tens of hundreds of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to seem in court docket and Finland issued a world warrant for his arrest.

In late October 2022, Kivimäki was charged (and “arrested in absentia”, in line with the Finns) with trying to extort cash from Vastaamo Psychotherapy Middle. In that breach, which occurred in October 2020, a hacker utilizing the username “Ransom Man” threatened to launch the affected person’s psychotherapy notes if Vastaamo didn’t pay a six-figure ransom demand.

Vastaamo refused, so Ransom Man went on to blackmail particular person sufferers, sending them focused emails threatening to launch their remedy notes except they paid a €500 ransom.

When Ransom Man had little success extorting sufferers immediately, he uploaded to the darkish internet a big compressed file containing the entire stolen Vastaamo affected person data.

However as documented by KrebsOnSecurity in November 2022, safety specialists quickly found that Ransom Man had mistakenly included a whole copy of his startup folder, the place researchers discovered many clues pointing to Kivimäki’s involvement. From that story:

“Amongst those that took a duplicate of the database was Antti Kurittua group chief in Nixu Company and a former legal investigator. In 2013, Kurittu labored on an investigation associated to Kivimäki’s use of the Zbot botnet, amongst different actions during which Kivimäki participated as a member of the hacker group Hack the Planet (HTP).”

“It was an incredible opsec [operational security] they failed, as a result of that they had numerous stuff in there, together with the consumer’s personal SSH folder and numerous identified hosts that we have been in a position to analyze very effectively,” Kurittu instructed KrebsOnSecurity, declining to debate particulars of the proof seized by investigators. “There have been additionally different tasks and databases.”

In keeping with the French information web site actu.fr, Kivimäki was arrested round 7 a.m. on February 3, after authorities in Courbevoie responded to a report of home violence. Kivimäki had earlier dated a girl at a neighborhood nightclub, and the 2 later returned to his home however reportedly bought right into a heated argument.

Police responding to the scene have been admitted by one other lady, probably a roommate, and located the person inside nonetheless sleeping by means of the night time. When woken up and requested for identification, the 6’3′ blond, green-eyed man introduced identification stating that he was a Romanian nationwide.

The French police had doubts. After consulting the data of probably the most wished criminals, they shortly recognized the person as Kivimäki and took him into custody.

Kivimäki initially gained notoriety as a self-proclaimed member of the Lizard Squad, a primarily low-skilled hacker group that specialised in DDoS assaults. However American and Finnish investigators say Kivimäki’s involvement in cybercrime dates again to no less than 2008, when he was launched to a founding member of what would quickly turn into HTP.

Finnish police mentioned Kivimäki additionally used the nicknames “Ryan”, “RyanC” and “Ryan Cleary” (Ryan Cleary was truly a member of a rival hacker group, LulzSec, who was sentenced to jail for hacking).

Kivimaki and different HTP members have been concerned in mass-compromising internet servers utilizing identified vulnerabilities, and in 2012, Kivimäki’s alias Ryan Cleary was promoting entry to these servers within the type of a DDoS service for rent. Kivimäki was 15 years outdated on the time.

In 2013, researchers reviewing seized Kivimäki units discovered laptop code that had been used to hack greater than 60,000 internet servers utilizing a beforehand unknown vulnerability in Adobe Chilly Fusion software program.

KrebsOnSecurity detailed HTP’s work in September 2013, after the group compromised servers inside knowledge brokers LexisNexis, Kroll, and Dun & Bradstreet.

The group used the identical ColdFusion flaws to interrupt into the Nationwide White Collar Crime Middle (NWC3), a nonprofit group that gives analysis and investigative help to criminals. US Federal Bureau of Investigation (FBI).

As KrebsOnSecurity reported on the time, this little ColdFusion botnet of information dealer servers was being managed by the identical cybercriminals who had taken over ssndob[.]MSthat operated one of the crucial trusted underground providers for acquiring social safety numbers, dates of start, and credit score file info for US residents.

A number of legislation enforcement sources instructed KrebsOnSecurity that Kivimäki was chargeable for making a bomb risk in August 2014 towards former Sony’s President of On-line Leisure John Smedley that grounded an American Airways aircraft. That incident was extensively reported to have began with a tweet from the Lizard Squad, however Smedley and others mentioned it began with a name from Kivimäki.

Kivimäki additionally participated in a number of false bomb threats and “battering” incidents, reporting false hostage conditions at an deal with to impress a closely armed police response at that location.

Kivimäki’s obvious indifference to cowl his tracks attracted the curiosity of Finnish and American cybercrime investigators, and shortly Finnish prosecutors charged him with a sequence of cybercrime violations. At trial, prosecutors introduced proof exhibiting that he had used stolen bank cards to purchase luxurious objects and procuring coupons, and he participated in a cash laundering scheme that he used to finance a visit to Mexico.

Kivimäki was in the end convicted of orchestrating greater than 50,000 cybercrimes. However largely as a result of he was nonetheless a minor on the time (17), he was given a 2-year suspended sentence and ordered to forfeit €6,558.

As I wrote in 2015 after the Kivimäki trial:

“The hazard of such a call is that it emboldens malicious younger hackers by reinforcing the already standard notion that cybercrime dedicated by individuals below the age of 18 has no penalties.

Kivimäki now boasts in regards to the sentence; He modified the outline on his Twitter profile to “untouchable hacker god.” The Lizard Squad Twitter account triumphantly tweeted the information that Kivimäki was not sentenced: “All of the individuals who mentioned we’d rot in jail do not need to perceive what we have been saying all alongside, we have free passes.”

One thing tells me that Kivimäki will not go free this time, assuming he is efficiently extradited to Finland. A Finnish police assertion says they’re in search of Kivimäki’s extradition and hope the method goes easily.

Kivimäki couldn’t be reached for remark. However he is been discussing his case on Reddit utilizing his authorized title: alexanteri (He stopped utilizing his center title Julius when he moved overseas a number of years in the past.) In a publish dated January 31, 2022, Kivimäki responded to a different Finnish-speaking Reddit consumer who mentioned that he was a fugitive from justice.

“Similar factor,” Kivimäki replied. “Ought to we begin some sort of membership? A help group for wished individuals?