Prosecutors in Finland this week commenced their legal trial towards Julius Kivimäki, a 26-year-old Finnish man charged with extorting a as soon as common and now-bankrupt on-line psychotherapy apply and 1000’s of its sufferers. In a 2,200-page report, Finnish authorities laid out how they linked the extortion spree to Kivimäki, a infamous hacker who was convicted in 2015 of perpetrating tens of 1000’s of cybercrimes, together with information breaches, fee fraud, working a botnet and calling in bomb threats.
In November 2022, Kivimäki was charged with making an attempt to extort cash from the Vastaamo Psychotherapy Heart. In that breach, which occurred in October 2020, a hacker utilizing the deal with “Ransom Man” threatened to publish affected person psychotherapy notes if Vastaamo didn’t pay a six-figure ransom demand.
Vastaamo refused, so Ransom Man shifted to extorting particular person sufferers — sending them focused emails threatening to publish their remedy notes until paid a 500-euro ransom. When Ransom Man discovered little success extorting sufferers straight, they uploaded to the darkish internet a big compressed file containing all the stolen Vastaamo affected person data.
Safety consultants quickly found Ransom Man had mistakenly included a whole copy of their dwelling folder, the place investigators discovered many clues pointing to Kivimäki’s involvement. By that point, Kivimäki was now not in Finland, however the Finnish authorities nonetheless charged Kivimäki in absentia with the Vastaamo hack. The two,200-page proof doc towards Kivimäki suggests he loved a lavish way of life whereas on the lam, frequenting luxurious resorts and renting fabulously costly automobiles and dwelling quarters.
However in February 2023, Kivimäki was arrested in France after authorities there responded to a home disturbance name and located the defendant sleeping off a hangover on the sofa of a lady he’d met the evening earlier than. The French police grew suspicious when the 6′ 3″ blonde, green-eyed man introduced an ID that said he was of Romanian nationality.
Finnish prosecutors confirmed that Kivimäki’s bank card had been used to pay for the digital server that hosted the stolen Vastaamo affected person notes. What’s extra, the house folder included within the Vastaamo affected person information archive additionally allowed investigators to look into different cybercrime initiatives of the accused, together with domains that Ransom Man had entry to in addition to a prolonged historical past of instructions he’d executed on the rented digital server.
A few of these domains allegedly administered by Kivimäki had been set as much as smear the reputations of various firms and people. A type of was a web site that claimed to have been authored by an individual who headed up IT infrastructure for a serious financial institution in Norway which mentioned the concept of legalizing youngster sexual abuse.
One other area hosted a faux weblog that besmirched the fame of a Tulsa, Okla. man whose identify was hooked up to weblog posts about supporting the “white pleasure” motion and calling for a pardon of the Oklahoma City bomber Timothy McVeigh.
Kivimäki seems to have sought to sully the identify of this reporter as nicely. The two,200-page doc exhibits that Kivimäki owned and operated the area krebsonsecurity[.]org, which hosted numerous hacking instruments that Kivimäki allegedly used, together with packages for mass-scanning the Web for methods weak to identified safety flaws, in addition to scripts for cracking database server usernames and passwords, and downloading databases.
Mikko Hyppönen, chief analysis officer at WithSecure (previously F-Safe), stated the Finnish authorities have performed “wonderful work,” and that “it’s uncommon to have this a lot proof for a cybercrime case.”
Petteri Järvinen is a revered IT skilled and writer who has been following the trial, and he stated the prosecution’s case thus far has been robust.
“The Nationwide Bureau of Investigation has performed job and Mr Kivimäki for his half some elementary errors,” Järvinen wrote on LinkedIn. “This sends an vital message: on-line crime doesn’t pay. Traces are left within the digital world too, even when it is vitally tedious for the police to gather them from servers all around the globe.”
Antti Kurittu is an info safety specialist and a former legal investigator. In 2013, Kurittu labored on an investigation involving Kivimäki’s use of the Zbot botnet, amongst different actions Kivimäki engaged in as a member of the hacker group Hack the Planet (HTP). Kurittu stated it stays to be seen if the prosecution could make their case, and if the protection has any solutions to all the proof introduced.
“Based mostly on the general public pretrial investigation report, it appears to be like just like the case has a number of particulars that appear very inconceivable to be coincidental,” Kurittu informed KrebsOnSecurity. “For instance, a full copy of the Vastaamo affected person database was discovered on a server that belonged to Scanifi, an organization with no affordable enterprise that Kivimäki was affiliated with. The leaked dwelling folder contents had been additionally linked to Kivimäki and had been discovered on servers that had been underneath his management.”
The Finnish each day yle.fi reports that Kivimäki’s attorneys sought to have their consumer launched from confinement for the rest of his trial, noting that the defendant has already been detained for eight months.
The courtroom denied that request, saying the defendant was nonetheless a flight threat. Kivimäki’s trial is anticipated to proceed till February 2024, partially to accommodate testimony from a lot of victims. Prosecutors are in search of a seven-year sentence for Kivimäki.