Disgusting Hacker Gets 6 Years in Prison
TLDRIn a significant cybercrime case, Julius Kivimäki has been sentenced to six years in prison for a severe attack on Vastaamo, Finland's largest psychotherapy company, in 2018. Kivimäki stole and attempted to ransom thousands of sensitive patient records, leading to a substantial increase in police reports as patients contemplated suicide. Despite his extensive criminal history, Finnish law resulted in a relatively light sentence. Additionally, four major US cell networks faced a $200 million fine for selling customer location data to data brokers without consent. Meanwhile, white hat hackers have intervened in the dormant PlugX botnet, originally created by China's Ministry of State Security, by purchasing and sinkholing its command server, preventing its potential misuse by malicious actors.
Takeaways
- 😡 Julius Kivimäki, a hacker, was sentenced to 6 years in prison for a cyber attack on Vastaamo, Finland's largest psychotherapy company, where he stole and attempted to ransom tens of thousands of sensitive patient records.
- 📉 When Vastaamo refused to pay the ransom, Kivimäki began releasing 100 patient records daily, causing a significant increase in police reports and some patients taking their lives due to the potential exposure.
- 🔍 Kivimäki made a critical error by including his '/home' folder in the leaked data, which led to his identification and subsequent manhunt.
- 🏃 Kivimäki evaded capture by traveling the world on fake IDs and taunting his victims on social media platforms like Reddit.
- 🇫🇷 He was eventually arrested in France, despite maintaining his innocence throughout the trial.
- 🇫🇮 Finnish law allowed for a relatively light sentence due to the timing of his previous crimes, treating him as a first-time offender.
- 💰 Four major US cell networks were fined nearly $200 million for selling real-time customer location data to data brokers without proper consent.
- 📱 The FTC's fine was a result of an investigation that began after revelations of potentially unlawful practices by carriers, highlighting the abuse of services like Securus Technologies.
- 🚫 The selling of location data has since been halted, as carriers suspended their location selling programs five years ago.
- 🤖 White hat hackers targeted the abandoned PlugX botnet, which was created by China's Ministry of State security, to prevent it from being used maliciously.
- 🔑 Researchers at Sekoia bought the command and control server's IP for $7, effectively 'sinkholing' it to prevent further misuse.
- 🌐 The scale of the PlugX botnet was unexpectedly large, with nearly 2.5 million unique IPs attempting to connect to the server after it was taken over by the researchers.
Q & A
What was the most significant cyber attack conducted by Julius Kivimäki?
-Julius Kivimäki's most significant cyber attack was in 2018 when he gained unauthorized access to a server operated by Vastaamo, Finland's largest psychotherapy company, and stole tens of thousands of patient records, which included sensitive notes from conversations between patients and their therapists.
How did Julius Kivimäki attempt to monetize his cyber attack on Vastaamo?
-Julius Kivimäki attempted to monetize his cyber attack by demanding a ransom of roughly 500 thousand dollars from Vastaamo. When they refused to pay, he began leaking the records of 100 people each day and later demanded hundreds of euros in bitcoin from the affected individuals, threatening to leak their therapy notes if they did not comply.
What was the consequence of Julius Kivimäki's actions on the patients of Vastaamo?
-The consequences of Julius Kivimäki's actions were severe. The nationwide police reports in Finland more than doubled, and there were reports of some patients being unable to cope with the potential exposure of their inner thoughts, leading to suicides.
How was Julius Kivimäki eventually identified and caught?
-Julius Kivimäki was identified after he made a critical operational security (OPSEC) mistake when uploading the stolen records. He accidentally included a copy of his '/home' folder in the archive, which revealed his SSH keys, details of his other projects, and various log files. This mistake sparked an investigation that led to his identification. He was later arrested in France after a period of evading capture.
Why was Julius Kivimäki's prison sentence considered lenient despite his extensive criminal history?
-Julius Kivimäki's prison sentence was considered lenient due to a quirk in Finnish law. Despite his long criminal history, including previous convictions for thousands of cyber crimes and other offenses, the fact that those crimes occurred more than 5 years ago meant he was treated as a first-time offender, hence the lighter sentence.
What was the outcome of the investigation into the selling of customer location data by major US cell networks?
-The investigation by the Federal Communications Commission (FCC) resulted in fines of almost $200 million for four major US cell networks. These carriers were found to have sold access to the real-time locations of their customers, which was illegal as they did not obtain consent to sell this data.
How did the misuse of Securus Technologies' service by a US Marshall highlight the flaws in the system?
-The US Marshall pleaded guilty to abusing the Securus service to track a phone belonging to his ex. This was possible because the legal documents proving permission to track someone were not properly verified, allowing the Marshall to upload blank documents. This misuse highlighted the lack of oversight and verification in the system, which was exploited for personal reasons rather than for legitimate law enforcement purposes.
What was the issue with the 'Location Smart' service and how was it exploited?
-The 'Location Smart' service had a public demo page on the internet that allowed anyone to find the real-time location of any given phone number, provided the phone being tracked consented via SMS. However, the service's API was insecure and had no authentication, meaning anyone could find the real-time location of any phone in the US for free, which posed a significant privacy risk.
What action did white hat hackers take to neutralize the threat of the abandoned PlugX botnet?
-White hat hackers from Sekoia bought the IP address used to control the abandoned PlugX botnet for $7 and sinkholed it to prevent it from being used maliciously. This action ensured that the botnet could not be reactivated and used for harmful purposes.
Why did the researchers at Sekoia decide against using a self-deletion command to erase the PlugX botnet?
-The researchers considered the potential risks too high. If the self-deletion command went wrong, it could result in unintended data loss on victim PCs or other unintended consequences, which could lead to legal action against them. Additionally, there were concerns about reinfection from infected USB sticks that could still spread the malware.
What was the unexpected discovery made by the researchers after taking control of the PlugX botnet's command and control server?
-The researchers were surprised to find that almost 2.5 million unique IPs were trying to connect to the server, which was significantly more than the few thousand computers they initially believed were still active. This large number of bots might have been the reason why the botnet was abandoned by its original creators.
Outlines
🛡️ Julius Kivimäki's Hacking Conviction and Vastaamo Data Breach
Julius Kivimäki, the perpetrator of a severe cyber attack on Finland's largest psychotherapy company, Vastaamo, has been sentenced to six years in prison. In 2018, Kivimäki stole sensitive patient records and demanded a ransom of $500,000. When Vastaamo refused to pay, he began releasing records and directly contacted the affected individuals, threatening to leak their therapy notes for a bitcoin ransom. The aftermath saw a spike in police reports and tragic cases of patients taking their lives. Kivimäki's operational security (OPSEC) error led to his identification, but he evaded capture for some time, living lavishly and taunting his victims online. Despite his extensive criminal history, Finnish law treated him as a first-time offender, resulting in a relatively light sentence. The case concludes with the Vastaamo hack but raises concerns about future activities upon his release.
📱 US Cell Carriers Fined for Selling Location Data
Four major US cell carriers have been fined nearly $200 million for selling access to their customers' real-time locations. The carriers' actions were exposed in 2018 by a US senator, leading to a lengthy FTC investigation. Securus Technologies, a company that purchased location data to assist law enforcement, was found to have abused the system for unauthorized tracking. The investigation revealed that the data was sold without customer consent and was accessible to numerous companies, including Location Smart, which had a publicly accessible demo page vulnerable to misuse. The carriers have suspended their location selling programs and are appealing the fine, but the incident raises significant privacy concerns about the unauthorized sale and potential misuse of personal data.
🛡️ White Hat Hackers Target Abandoned Chinese Botnet
White hat hackers have taken action against the abandoned PlugX botnet, which was created by China's Ministry of State Security in 2008. The botnet, capable of screen capturing, keylogging, and other malicious activities, was left uncontrolled after its command and control IP went silent in 2023. Researchers at Sekoia, recognizing the potential threat if the botnet were to be reactivated, purchased the IP for $7 to prevent it from being used maliciously. Surprisingly, they discovered that the botnet was much larger than initially thought, with nearly 2.5 million unique IPs attempting to connect to the command server. The researchers considered a self-deletion command but decided to hand over the botnet to law enforcement to avoid potential legal issues and the risk of reinfection from infected USB sticks.
Mindmap
Keywords
💡Hacker
💡Cyber Attack
💡Ransom
💡Therapy Notes
💡OPSEC
💡SSH Keys
💡Lizard Squad
💡Finnish Prison
💡Cell Carriers
💡Location Data
💡White Hat Hackers
💡Botnet
Highlights
Hacker Julius Kivimäki is sentenced to 6 years in prison for a severe cyber attack on Vastaamo, Finland's largest psychotherapy company.
Kivimäki stole sensitive patient records and demanded a ransom of $500,000 from Vastaamo.
When Vastaamo refused to pay, Kivimäki began leaking patient records and demanded bitcoin ransoms from individuals.
The data leak led to a significant increase in police reports and some patients took their own lives.
Kivimäki accidentally leaked his own '/home' folder, which led to his identification.
Despite his criminal history, Kivimäki received a relatively light sentence due to Finnish law treating him as a first-time offender.
Four major US cell networks have been fined nearly $200 million for selling customer location data to data brokers.
The carriers did not obtain customer consent to sell this data, violating privacy policies.
AT&T, for example, sold location data to 88 companies, including 'Location Smart', which had a public demo page for tracking phone numbers.
The selling of location data has ceased, and the fine is the result of a four-year FCC investigation.
White hat hackers targeted the abandoned PlugX botnet, which was created by China's 'Ministry of State Security'.
The botnet was left dormant after its controlling IP went silent, potentially leaving millions of infected computers vulnerable.
Researchers at Sekoia bought the IP for $7 to prevent malicious use and discovered nearly 2.5 million unique IPs still trying to connect.
The PlugX botnet's worm capabilities may have caused it to grow too large for its management interface, leading to its abandonment.
The researchers decided to hand the botnet issue over to law enforcement to avoid potential legal issues.
The case of the Vastaamo hack concludes with Kivimäki's sentencing, but there are concerns he may continue criminal activities upon release.