Who is Aleksanteri ‘Julius’ Kivimäki, Europe’s most wanted who started out as a teenage cyber thug? – Firstpost | #cybercrime | #infosec

A Europol wanted poster for Julius Kivimaki in 2022. Image Courtesy: Europol

Imagine you are going to a therapist, and one fine day you receive an email that your innermost, personal thoughts that you have shared will be made public if you don’t pay a ransom.

That’s exactly what happened to nearly 33,000 patients in Finland when records were hacked from databases of Finland’s largest psychotherapy company, Vastaamo. However, victims of this cybercrime can now heave a sigh of relief after a Finnish hacker, found to be the mastermind of the crime, was found guilty and sentenced to six years and three months in prison.

On 30 April, Aleksanteri ‘Julius’ Kivimäki, a 26-year-old Finnish hacker, was found guilty of stealing confidential therapy notes to blackmail thousands of patients and sentenced to six years and three months in prison.

The judges found the 26-year-old guilty of all counts, which included 9,231 counts of disseminating information violating personal privacy and 20,745 counts of attempted aggravated extortion.

The judges described his blackmail as “ruthlessly taking advantage of another person’s special weakness.”

“Taking into account Vastaamo’s position as a company producing mental health services, Kivimäki has caused great suffering or the risk of it to the interested parties,” the verdict document said.

The verdict brings to an end a cybercrime spree that started when Kivimäki was just 13 years old.

But who is Kivimäki, the hacker behind what is dubbed as Finland’s largest crime? How did he carry out this spree of hacks? We explore this here.

Who’s Kivimäki?

Twenty-six-year-old Kivimäki is no stranger to hacking. Also calling himself Zeekill, he began hacking in his teenage years. As per a BBC report, in 2010, he along with other hacking teams — Lizard Squad and Hack the Planet —revelled in causing chaos.

He carried out several high-profile hack attacks until the age of 17 when he was arrested in 2014 and subsequently found guilty of 50,700 hacking offences. However, he wasn’t jailed — a decision that shocked many and was criticised by several cyber-security world.

A Bloomberg report states that Kivimäki, who grew up in Espoo in Helsinki’s western neighbour, started playing around with the family computer at the age of three. In 2014, he is believed to have hacked Playstation Network and Xbox Live on Christmas eve. It was because of him that tens of millions of gamers were unable to download games, register new consoles or play with their friends online.

A gang member of Zeekill’s Lizard Squad gang described him in a BBC report as a vindictive teen who loved to get revenge on rivals and show off his skills online. “He was very good at what he did and didn’t care about the consequences. He would always go further than others in attacks.”

What’s the Vastaamo hack?

In 2018, Vastaamo, which oversaw dozens of psychotherapy centres throughout the Nordic nation, reported a massive data breach in which records of tens of thousands of patients were stolen.

Authorities note that Kivimäki was behind the hack and that he sent ransom mails to patients of Vastaamo, demanding that they pay him €200 (Rs 17,975) within 24 hours otherwise he would publish their information. If they didn’t meet that deadline he increased it to €500 (Rs 45,000).

Exterior view of the offices of Vastaamo psychotherapy centre, in Pasila, Helsink. A Finnish court sentenced a 26-year-old man to six years and three months in prison for hacking tens of thousands of patient records at a private psychotherapy centre and seeking ransom from some patients over the sensitive data. AP

A trove of confidential information then surfaced on the dark web, including patients’ personal details, social security numbers, and sensitive therapist and doctor notes from sessions.

For instance, WIRED reported how one man’s abusive relationship with his parents and his drug and alcohol use was leaked.

The hack caught the attention of the country not just for the scale of the attack but also its cruelty. As Mikko Hyppönen, a leading Finnish cybersecurity researcher, told Bloomberg: “Everyone knows someone who knows someone whose information was in there.”

In fact, the crime prompted then Prime Minister Sanna Marin to call a meeting of key ministers to discuss a government response. The Finnish president described the attack and leak as “mercilessly cruel.” Hanna Sarkkinen, a member of Parliament who was soon to become the country’s minister for health and social affairs, compared it to “an act of terrorism.”

How was Kivimäki caught?

It took Finnish authorities two years to gather evidence against Kivimäki and for the Interpol to issue a Red Corner Notice against him. He soon became known as Europe’s most wanted criminals.

A BBC report states that he was tracked down last February when the police in Paris went to his apartment on receiving a false domestic disturbance call. They found him living with forged identity documents under a fake name. He was then extradited to Finland where he would face perhaps the country’s biggest and most high-profile trials.

Detective Ch Supt Marko Leponen lead the case and says it was the biggest of his career. “We had more than 200 officers on the case at one point and it was an intense investigation with so many victim statements and stories to go through.”

Leponen said it wasn’t easy to prove that it was Kivimäki but he and his team used different techniques and methods to prove that it was indeed the 26-year-old who was at the keyboard when the commands were executed. “The path from the crime to the suspect was not a straight line,” said Leponen to Bloomberg. But there were many connections. “It is a spider web, and in the middle of this web is Kivimäki.”

Throughout the trial, Kivimäki maintained his innocence.

It took Finnish authorities two years to gather evidence against Kivimäki. After much investigations, the Finnish court found him guilty in the Vastaamo data breach and sentenced him to six years in prison. Image used for representational purposes

What next?

While Kivimäki has been sentenced, it’s not the end of the matter. For the victims of the hack, they feel justice has not been served. Tiina Parikka, one of the victims, was quoted as telling BBC: “So many people were affected by this in so many ways – 33,000 people is a lot of victims and it’s affected our health, and some have been targeted with financial scams as well using the stolen data too.”

They are also waiting to see if there is any compensation from the case.

As for Kivimäki, there’s a chance that he is likely to serve only half his prison sentence because of time already served and the Finnish justice system.

With inputs from agencies

Find us on YouTube


Source link


Click Here For The Original Source.


National Cyber Security