Disgusting Hacker Gets 6 Years in Prison
TLDRIn a significant cybercrime case, Julius Kivimäki, the hacker responsible for a severe attack on Vastaamo, Finland's largest psychotherapy company, has been sentenced to six years in prison. Kivimäki stole and leaked sensitive patient records, demanding a ransom and causing a national crisis with a surge in police reports and suicides. Despite his extensive criminal history, including cyber crimes and bomb threats, Finnish law treated him as a first-time offender, resulting in a lighter sentence. Additionally, four major US cell networks have been fined nearly $200 million for selling real-time customer location data to data brokers without consent. Lastly, white hat hackers have intervened in the PlugX botnet, once controlled by China's Ministry of State Security, which has been dormant and at risk of being reactivated by malicious actors. The researchers have taken control of the botnet's command server to prevent misuse and have handed the issue over to law enforcement.
Takeaways
- 👨💻 Julius Kivimäki, a hacker, was sentenced to 6 years in prison for a cyber attack on Vastaamo, Finland's largest psychotherapy company, where he stole and attempted to ransom sensitive patient records.
- 🗑️ When Vastaamo refused to pay the ransom, Kivimäki began leaking patient records and demanded payment in bitcoin from individuals, causing a significant societal impact including a spike in police reports and suicides.
- 🔑 Kivimäki made a critical error by including his '/home' folder in the data leak, which contained his SSH keys and other sensitive information, leading to his identification.
- 🧳 After being identified, Kivimäki fled and was pursued internationally, living a lavish lifestyle and taunting his victims on social media.
- 🇫🇷 Kivimäki was eventually arrested in France and, despite his extensive criminal history, received a relatively light sentence due to Finnish law treating him as a first-time offender.
- 📱 Four major US cell networks were fined nearly $200 million for selling access to real-time customer locations without proper consent.
- 💸 The selling of location data was facilitated by companies like Securus Technologies and Location Smart, which exploited the lack of verification and consent from cell carriers.
- 🔍 The FTC's investigation into the sale of location data began in 2018 and led to the recent fines, though the carriers plan to appeal.
- 🤖 The PlugX botnet, once controlled by China's Ministry of State security, has been left dormant after its command server went silent, leaving infected computers without direction.
- 🏛️ Researchers at Sekoia bought the dormant command server IP for $7 and sinkholed it to prevent future malicious use.
- 🌐 To their surprise, the researchers discovered that the botnet was much larger than expected, with nearly 2.5 million unique IPs attempting to connect to the server.
- ⚖️ The researchers decided to hand over the botnet issue to law enforcement instead of attempting a self-deletion command, which could have caused unintended harm and legal issues.
Q & A
What crime did Julius Kivimäki commit in relation to the Vastaamo psychotherapy company?
-Julius Kivimäki hacked into the server of Finland's largest psychotherapy company, Vastaamo, and stole tens of thousands of patient records, including highly sensitive therapy session notes.
What was Julius Kivimäki's ransom demand to Vastaamo, and what did he do when they refused to pay?
-Julius demanded approximately 500 thousand dollars from Vastaamo. When they refused, he began leaking the therapy records of 100 people daily and later tried to extort money directly from the patients.
What significant mistake did Julius make that led to his identification and arrest?
-While uploading the stolen data, Julius included a copy of his '/home' folder in the archive by mistake. This folder contained his SSH keys, details of his other projects, and various log files, which led to his identification.
How long was Julius sentenced to prison, and why is the sentence considered light?
-Julius was sentenced to 6 years in prison. The sentence is considered light because Finnish law treated him as a first-time offender due to his previous crimes occurring over 5 years ago, and Finnish prisons are known for being comfortable.
What major privacy breach involved four major US cell carriers, and what was the outcome?
-Four major US cell carriers were fined almost $200 million for selling access to the real-time locations of their customers without consent. This led to a long investigation by the FTC, resulting in significant fines.
What security issues did the 'Location Smart' service expose?
-Location Smart had a demo page that allowed anyone to track the real-time location of any phone number. Although consent via SMS was required, the API was insecure and lacked proper authentication, posing a major privacy risk.
Describe the PlugX botnet and its original purpose.
-The PlugX botnet, created by China's Ministry of State Security in 2008, allowed Chinese hackers to perform activities like screen capturing and keylogging. It was extensively used in various cyber campaigns for 15 years.
What did researchers at Sekoia do when they discovered the abandoned PlugX botnet?
-Researchers at Sekoia bought and sinkholed the controlling IP of the abandoned PlugX botnet for just $7, preventing it from being used maliciously and observed connections from nearly 2.5 million unique IPs.
Why did the Chinese creators abandon the PlugX botnet?
-The Chinese creators likely abandoned the PlugX botnet because its management interface wasn't designed to handle the large number of bots, particularly after worm capabilities were added, causing it to spiral out of control.
What challenges did the researchers face in potentially erasing the PlugX botnet?
-The researchers considered using a self-deletion command to erase the botnet, but this posed risks of accidentally causing damage to victim PCs, which could lead to legal repercussions. They ultimately handed the task over to law enforcement.
Outlines
🔒 Julius Kivimäki's Cyber Attack and Prison Sentence
Julius Kivimäki, the perpetrator of a severe cyber attack on Finland's largest psychotherapy company, Vastaamo, has been sentenced to six years in prison. In 2018, he stole sensitive patient records and demanded a ransom of $500,000. When Vastaamo refused, he began leaking records and directly blackmailed patients. The fallout was significant, with a surge in police reports and cases of suicide. Kivimäki's operational security (OPSEC) error led to his identification, but he evaded capture for a time. Despite his extensive criminal history, Finnish law treated him as a first-time offender, resulting in a relatively light sentence.
📱 Major US Cell Carriers Fined for Selling Location Data
Four major US cell carriers have been fined nearly $200 million for selling access to customers' real-time locations without consent. The carriers' actions were exposed in 2018 by a US senator, leading to an FTC investigation. Securus Technologies, a company that purchased location data, was found to have misused it for unauthorized tracking, including by a US Marshall tracking his ex's phone. The investigation revealed that AT&T alone sold location data to 88 companies. One such company, Location Smart, had a public demo page that could be exploited to find any phone's real-time location in the US. The carriers have suspended their location selling programs and plan to appeal the fine.
🛡️ White Hat Hackers Target Abandoned Chinese Botnet
The PlugX botnet, created by China's Ministry of State Security, has been neutralized by white hat hackers after its command and control IP went silent in 2023. The botnet, which has been used in numerous campaigns over 15 years, was left dormant with infected computers waiting for instructions that never came. Researchers at Sekoia bought the IP for $7 to prevent it from being misused. Surprisingly, they discovered that nearly 2.5 million unique IPs were still trying to connect to the server. The botnet's scale and a worm feature added in 2020 may have been reasons for its abandonment. The researchers decided to hand over the botnet issue to law enforcement to avoid potential legal issues and the risk of reinfection via infected USB sticks.
Mindmap
Keywords
💡Hacker
💡Cyber attack
💡Patient records
💡Ransom
💡OPSEC
💡SSH keys
💡FCC
💡Data brokers
💡Botnet
💡White hat hackers
💡Sinkholing
Highlights
Julius Kivimäki, the hacker behind a major cyber attack, has been sentenced to 6 years in prison.
Kivimäki accessed and stole tens of thousands of patient records from Finland's largest psychotherapy company, Vastaamo.
He demanded a ransom of $500,000 from Vastaamo, and when refused, began leaking patient records.
Kivimäki targeted 33,000 individuals, threatening to leak their therapy notes unless they paid in bitcoin.
The fallout from the data leak led to a significant increase in police reports and some patients committing suicide.
Kivimäki accidentally included his '/home' folder in the data dump, which led to his identification.
Despite his extensive criminal history, Finnish law treated Kivimäki as a first-time offender, resulting in a light sentence.
Four major US cell networks have been fined nearly $200 million for selling access to customers' real-time locations.
The fine is a result of a 4-year long FCC investigation that began after a US senator exposed potentially unlawful practices.
Securus Technologies was found to have purchased and misused real-time location data for law enforcement purposes.
A US Marshall pleaded guilty for abusing the Securus service to track his ex's phone without proper authorization.
AT&T was discovered to have sold location data to 88 companies, including 'Location Smart' which had a public demo page.
The selling of data has since been halted, and the carriers intend to appeal the $200 million fine.
White hat hackers targeted the abandoned PlugX botnet, which was created by China's Ministry of State Security.
Researchers at Sekoia bought the hosting IP for $7 to prevent it from being used maliciously.
The PlugX botnet was believed to be inactive, but researchers observed 2.5 million unique IPs attempting to connect.
The researchers considered a self-deletion command for the botnet but decided to hand the issue over to law enforcement.