Disgusting Hacker Gets 6 Years in Prison

Seytonic
6 May 202408:26

TLDRIn a significant cybercrime case, Julius Kivimäki has been sentenced to six years in prison for a severe attack on Vastaamo, Finland's largest psychotherapy company, in 2018. Kivimäki stole and attempted to ransom thousands of sensitive patient records, leading to a substantial increase in police reports as patients contemplated suicide. Despite his extensive criminal history, Finnish law resulted in a relatively light sentence. Additionally, four major US cell networks faced a $200 million fine for selling customer location data to data brokers without consent. Meanwhile, white hat hackers have intervened in the dormant PlugX botnet, originally created by China's Ministry of State Security, by purchasing and sinkholing its command server, preventing its potential misuse by malicious actors.

Takeaways

  • 😡 Julius Kivimäki, a hacker, was sentenced to 6 years in prison for a cyber attack on Vastaamo, Finland's largest psychotherapy company, where he stole and attempted to ransom tens of thousands of sensitive patient records.
  • 📉 When Vastaamo refused to pay the ransom, Kivimäki began releasing 100 patient records daily, causing a significant increase in police reports and some patients taking their lives due to the potential exposure.
  • 🔍 Kivimäki made a critical error by including his '/home' folder in the leaked data, which led to his identification and subsequent manhunt.
  • 🏃 Kivimäki evaded capture by traveling the world on fake IDs and taunting his victims on social media platforms like Reddit.
  • 🇫🇷 He was eventually arrested in France, despite maintaining his innocence throughout the trial.
  • 🇫🇮 Finnish law allowed for a relatively light sentence due to the timing of his previous crimes, treating him as a first-time offender.
  • 💰 Four major US cell networks were fined nearly $200 million for selling real-time customer location data to data brokers without proper consent.
  • 📱 The FTC's fine was a result of an investigation that began after revelations of potentially unlawful practices by carriers, highlighting the abuse of services like Securus Technologies.
  • 🚫 The selling of location data has since been halted, as carriers suspended their location selling programs five years ago.
  • 🤖 White hat hackers targeted the abandoned PlugX botnet, which was created by China's Ministry of State security, to prevent it from being used maliciously.
  • 🔑 Researchers at Sekoia bought the command and control server's IP for $7, effectively 'sinkholing' it to prevent further misuse.
  • 🌐 The scale of the PlugX botnet was unexpectedly large, with nearly 2.5 million unique IPs attempting to connect to the server after it was taken over by the researchers.

Q & A

  • What was the most significant cyber attack conducted by Julius Kivimäki?

    -Julius Kivimäki's most significant cyber attack was in 2018 when he gained unauthorized access to a server operated by Vastaamo, Finland's largest psychotherapy company, and stole tens of thousands of patient records, which included sensitive notes from conversations between patients and their therapists.

  • How did Julius Kivimäki attempt to monetize his cyber attack on Vastaamo?

    -Julius Kivimäki attempted to monetize his cyber attack by demanding a ransom of roughly 500 thousand dollars from Vastaamo. When they refused to pay, he began leaking the records of 100 people each day and later demanded hundreds of euros in bitcoin from the affected individuals, threatening to leak their therapy notes if they did not comply.

  • What was the consequence of Julius Kivimäki's actions on the patients of Vastaamo?

    -The consequences of Julius Kivimäki's actions were severe. The nationwide police reports in Finland more than doubled, and there were reports of some patients being unable to cope with the potential exposure of their inner thoughts, leading to suicides.

  • How was Julius Kivimäki eventually identified and caught?

    -Julius Kivimäki was identified after he made a critical operational security (OPSEC) mistake when uploading the stolen records. He accidentally included a copy of his '/home' folder in the archive, which revealed his SSH keys, details of his other projects, and various log files. This mistake sparked an investigation that led to his identification. He was later arrested in France after a period of evading capture.

  • Why was Julius Kivimäki's prison sentence considered lenient despite his extensive criminal history?

    -Julius Kivimäki's prison sentence was considered lenient due to a quirk in Finnish law. Despite his long criminal history, including previous convictions for thousands of cyber crimes and other offenses, the fact that those crimes occurred more than 5 years ago meant he was treated as a first-time offender, hence the lighter sentence.

  • What was the outcome of the investigation into the selling of customer location data by major US cell networks?

    -The investigation by the Federal Communications Commission (FCC) resulted in fines of almost $200 million for four major US cell networks. These carriers were found to have sold access to the real-time locations of their customers, which was illegal as they did not obtain consent to sell this data.

  • How did the misuse of Securus Technologies' service by a US Marshall highlight the flaws in the system?

    -The US Marshall pleaded guilty to abusing the Securus service to track a phone belonging to his ex. This was possible because the legal documents proving permission to track someone were not properly verified, allowing the Marshall to upload blank documents. This misuse highlighted the lack of oversight and verification in the system, which was exploited for personal reasons rather than for legitimate law enforcement purposes.

  • What was the issue with the 'Location Smart' service and how was it exploited?

    -The 'Location Smart' service had a public demo page on the internet that allowed anyone to find the real-time location of any given phone number, provided the phone being tracked consented via SMS. However, the service's API was insecure and had no authentication, meaning anyone could find the real-time location of any phone in the US for free, which posed a significant privacy risk.

  • What action did white hat hackers take to neutralize the threat of the abandoned PlugX botnet?

    -White hat hackers from Sekoia bought the IP address used to control the abandoned PlugX botnet for $7 and sinkholed it to prevent it from being used maliciously. This action ensured that the botnet could not be reactivated and used for harmful purposes.

  • Why did the researchers at Sekoia decide against using a self-deletion command to erase the PlugX botnet?

    -The researchers considered the potential risks too high. If the self-deletion command went wrong, it could result in unintended data loss on victim PCs or other unintended consequences, which could lead to legal action against them. Additionally, there were concerns about reinfection from infected USB sticks that could still spread the malware.

  • What was the unexpected discovery made by the researchers after taking control of the PlugX botnet's command and control server?

    -The researchers were surprised to find that almost 2.5 million unique IPs were trying to connect to the server, which was significantly more than the few thousand computers they initially believed were still active. This large number of bots might have been the reason why the botnet was abandoned by its original creators.

Outlines

00:00

🛡️ Julius Kivimäki's Hacking Conviction and Vastaamo Data Breach

Julius Kivimäki, the perpetrator of a severe cyber attack on Finland's largest psychotherapy company, Vastaamo, has been sentenced to six years in prison. In 2018, Kivimäki stole sensitive patient records and demanded a ransom of $500,000. When Vastaamo refused to pay, he began releasing records and directly contacted the affected individuals, threatening to leak their therapy notes for a bitcoin ransom. The aftermath saw a spike in police reports and tragic cases of patients taking their lives. Kivimäki's operational security (OPSEC) error led to his identification, but he evaded capture for some time, living lavishly and taunting his victims online. Despite his extensive criminal history, Finnish law treated him as a first-time offender, resulting in a relatively light sentence. The case concludes with the Vastaamo hack but raises concerns about future activities upon his release.

05:04

📱 US Cell Carriers Fined for Selling Location Data

Four major US cell carriers have been fined nearly $200 million for selling access to their customers' real-time locations. The carriers' actions were exposed in 2018 by a US senator, leading to a lengthy FTC investigation. Securus Technologies, a company that purchased location data to assist law enforcement, was found to have abused the system for unauthorized tracking. The investigation revealed that the data was sold without customer consent and was accessible to numerous companies, including Location Smart, which had a publicly accessible demo page vulnerable to misuse. The carriers have suspended their location selling programs and are appealing the fine, but the incident raises significant privacy concerns about the unauthorized sale and potential misuse of personal data.

🛡️ White Hat Hackers Target Abandoned Chinese Botnet

White hat hackers have taken action against the abandoned PlugX botnet, which was created by China's Ministry of State Security in 2008. The botnet, capable of screen capturing, keylogging, and other malicious activities, was left uncontrolled after its command and control IP went silent in 2023. Researchers at Sekoia, recognizing the potential threat if the botnet were to be reactivated, purchased the IP for $7 to prevent it from being used maliciously. Surprisingly, they discovered that the botnet was much larger than initially thought, with nearly 2.5 million unique IPs attempting to connect to the command server. The researchers considered a self-deletion command but decided to hand over the botnet to law enforcement to avoid potential legal issues and the risk of reinfection from infected USB sticks.

Mindmap

Keywords

💡Hacker

A person who uses computer systems and networks to gain unauthorized access to information or to breach system security. In the video, Julius Kivimäki is the hacker who stole patient records from a psychotherapy company and attempted to extort money by threatening to leak the sensitive data.

💡Cyber Attack

An offensive action taken against computer systems, infrastructure, or data with the intent of causing harm or breaching security. The video discusses a particularly damaging cyber attack where a hacker stole and threatened to release confidential therapy records.

💡Ransom

A demand for payment in exchange for not causing harm or for stopping an activity that is causing harm. Julius Kivimäki demanded a ransom from the psychotherapy company Vastaamo to prevent him from leaking the stolen patient records.

💡Therapy Notes

Confidential records of conversations between patients and their therapists, which are sensitive and private. In the video, the therapy notes were stolen by the hacker and used as leverage for his ransom demands.

💡OPSEC

Operational security; the process of protecting critical or confidential information from falling into the wrong hands. Julius made an OPSEC mistake by including his personal files in the data dump, which led to his identification.

💡SSH Keys

Secure Shell (SSH) keys are cryptographic network protocol keys used to authenticate a user to a remote machine. In the video, the hacker's SSH keys were inadvertently leaked, which provided clues to his identity.

💡Lizard Squad

A group of hackers known for their cyber-attacks. Julius Kivimäki is associated with Lizard Squad, which is mentioned in the context of his extensive criminal history.

💡Finnish Prison

A reference to the prison system in Finland, which is known for being relatively comfortable compared to prisons in other countries. The video discusses the hacker's sentencing to a Finnish prison.

💡Cell Carriers

Companies that provide mobile network services, allowing mobile phones to connect to a network for telephony and data services. The video mentions that major US cell carriers were fined for selling customer location data.

💡Location Data

Information that can determine the position of a mobile device or user. In the video, it is discussed how cell carriers sold access to real-time location data of their customers, which is a significant breach of privacy.

💡White Hat Hackers

Ethical hackers who use their skills to identify and fix security vulnerabilities. In the video, white hat hackers target a defunct Chinese botnet to prevent it from being used maliciously.

💡Botnet

A network of private computers infected with malicious software and controlled as a group without the owners' knowledge. The video discusses the PlugX botnet, which was abandoned by its creators and targeted by white hat hackers to prevent future misuse.

Highlights

Hacker Julius Kivimäki is sentenced to 6 years in prison for a severe cyber attack on Vastaamo, Finland's largest psychotherapy company.

Kivimäki stole sensitive patient records and demanded a ransom of $500,000 from Vastaamo.

When Vastaamo refused to pay, Kivimäki began leaking patient records and demanded bitcoin ransoms from individuals.

The data leak led to a significant increase in police reports and some patients took their own lives.

Kivimäki accidentally leaked his own '/home' folder, which led to his identification.

Despite his criminal history, Kivimäki received a relatively light sentence due to Finnish law treating him as a first-time offender.

Four major US cell networks have been fined nearly $200 million for selling customer location data to data brokers.

The carriers did not obtain customer consent to sell this data, violating privacy policies.

AT&T, for example, sold location data to 88 companies, including 'Location Smart', which had a public demo page for tracking phone numbers.

The selling of location data has ceased, and the fine is the result of a four-year FCC investigation.

White hat hackers targeted the abandoned PlugX botnet, which was created by China's 'Ministry of State Security'.

The botnet was left dormant after its controlling IP went silent, potentially leaving millions of infected computers vulnerable.

Researchers at Sekoia bought the IP for $7 to prevent malicious use and discovered nearly 2.5 million unique IPs still trying to connect.

The PlugX botnet's worm capabilities may have caused it to grow too large for its management interface, leading to its abandonment.

The researchers decided to hand the botnet issue over to law enforcement to avoid potential legal issues.

The case of the Vastaamo hack concludes with Kivimäki's sentencing, but there are concerns he may continue criminal activities upon release.