Finland's Most-Wanted Hacker Nabbed in France:
Julius "Zeekill" Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest.
In late October 2022, Kivimäki was charged (and "arrested in absentia," according to the Finns) with attempting to extort money from the Vastaamo Psychotherapy Center. In that breach, which occurred in October 2020, a hacker using the handle "Ransom Man" threatened to publish patient psychotherapy notes if Vastaamo did not pay a six-figure ransom demand.
Vastaamo refused, so Ransom Man shifted to extorting individual patients — sending them targeted emails threatening to publish their therapy notes unless paid a 500-euro ransom.
When Ransom Man found little success extorting patients directly, they uploaded to the dark web a large compressed file containing all of the stolen Vastaamo patient records.
But as documented by KrebsOnSecurity in November 2022, security experts soon discovered Ransom Man had mistakenly included an entire copy of their home folder, where investigators found many clues pointing to Kivimäki's involvement. From that story:
"Among those who grabbed a copy of the database was Antti Kurittu, a team lead at Nixu Corporation and a former criminal investigator. In 2013, Kurittu worked on an investigation involving Kivimäki's use of the Zbot botnet, among other activities Kivimäki engaged in as a member of the hacker group Hack the Planet (HTP)."
"It was a huge opsec [operational security] fail, because they had a lot of stuff in there — including the user's private SSH folder, and a lot of known hosts that we could take a very good look at," Kurittu told KrebsOnSecurity, declining to discuss specifics of the evidence investigators seized. "There were also other projects and databases."
(Score: 4, Funny) by Opportunist on Tuesday February 07, @03:20PM (5 children)
If you pay once, why not ask for more later?
I was once targeted by a scammer trying to get me to send money or else he shows my camera pic of me masturbating. I didn't even know I have a camera, but just to make sure, I suggested he tried blackmailing the ones he wants to send the pictures to. I figured that they would pay to avoid the mental scarring rather than me paying to see what I already know everything about.
(Score: 2) by Tork on Tuesday February 07, @10:54PM (1 child)
Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
(Score: 2) by Opportunist on Wednesday February 08, @09:55AM
The reason the scam is profitable isn't that someone would see someone's dick. Hell, if you want that, I'm absolutely sure there's not only a lot of webpages but by now also some Whatsapp groups where guys post their dick pics all day long. The reason these things work is that people THINK that someone could see their dick. It's not that someone would be interested in it or would actually look, what matters is that people are ashamed someone COULD look.
That might be the reason why those things work better in countries where anything sexual is considered shameful. Doesn't work that well in countries where people would at best go "You got webcam pics of my dick? Dude, want some from my cellphone, far better resolution..."
(Score: 2) by tangomargarine on Wednesday February 08, @05:04PM (2 children)
Because if you get a reputation for that, nobody will ever pay you?
The whole con hinges on the fact that if they pay you, you abide by your word. Without trust, there is no reason for them to pay you.
I mean, if you're properly backed up you don't have any reason to pay them to begin with, just nuke and restore from backup. But yeah.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by Opportunist on Thursday February 09, @11:15PM (1 child)
You act as if there is only one extortionist out there and he cares about his reputation. It's not even like it is with drugs where the dealers have their "brand" and god help you if you dare to copy that logo, you will WISH it was the MAFIAA that is trying to sue you if they find you... no, sorry, nobody gives a fuck about any "reputation" in that business.
(Score: 2) by tangomargarine on Saturday February 11, @05:35AM
What? No.
Of course. An extortionist who nobody takes seriously is worth nothing. It's the fear of him doing what he threatens that compels you to obey.
I think that casually dismissing the hackers online isn't a good idea. Sure, most of them are probably harmless, but what happens if you run up against the odd one who isn't?
I never said that there is one ransomware conglomerate in play. But it's in each group's interest to prove that they can be trusted to fulfill their word; nobody hacks for fun anymore, but for money. If you get the reputation that you hack somebody then give up when they won't pay you, where is the incentive for anybody to pay you? If they won't pay you, you don't give them their data back. Period.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 3, Interesting) by Freeman on Tuesday February 07, @03:45PM (5 children)
"But as documented by KrebsOnSecurity in November 2022, security experts soon discovered Ransom Man had mistakenly included an entire copy of their home folder, where investigators found many clues pointing to Kivimäki's involvement. From that story:"
That's some epic fail moment there. He was apparently smart enough to get in and yoink all their data. Yet, after being stone-walled by the company and not being able to extort money from the patients themselves. He uploads a "revenge / spite / damaging" set of data on the Internet. But, he forgets to, you know, sanitize the data. I mean, how difficult is it to go, here's the naughty data. I'll only zip this stuff and publish that. Just shows that criminals can get caught for the dumbest stuff. Like Al Capone, not for anything that he "should have gone to jail forever for", but tax evasion.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Interesting) by canopic jug on Tuesday February 07, @03:51PM (2 children)
The inside help he had is still on the loose: Someone signed off on the purchase and deployment of M$ products within Vastaamo, thus leaving a way in for him, and they remain unarrested and on the loose. The guy they arrested is a crook to be sure, but he is simultaneously functioning as a scapegoat for and distraction from those that went out of their way to leave the door open for him. At best they committed willful negligence.
Money is not free speech. Elections should not be auctions.
(Score: 2) by Freeman on Tuesday February 07, @04:20PM (1 child)
I mean, it sounds like a lot of suspect things were going on. The Wired article is an interesting read.
https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/ [wired.com]
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Interesting) by Freeman on Tuesday February 07, @04:23PM
Whoa . . . https://en.wikipedia.org/wiki/Vastaamo_data_breach [wikipedia.org]
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1) by shrewdsheep on Tuesday February 07, @05:45PM
It's called an inverse leak and is strongly associated with a phenomenon called incontinence.
(Score: 0) by Anonymous Coward on Tuesday February 07, @08:24PM
> Just shows that criminals can get caught for the dumbest stuff.
Given how nasty this guy sounds, I wonder if there's any chance the zip file was created & later posted by one of his cronies--leaving in the incriminating information on purpose? Basically ratting (fairly cleverly) on your former partner.
(Score: 2, Offtopic) by progo on Tuesday February 07, @07:30PM (1 child)
What is the state of this 'hacker' as a person? Is he detained? Is he detained in the metaverse? Is his location known?
(Score: 2) by Freeman on Tuesday February 07, @10:50PM
Finland arrested him in absentia sometime in late October 2022. France actually caught the guy, due to the international arrest warrant. Literally was caught, because of a domestic violence report. If you read the Wired article, you get a much clearer picture of his character. I.E. "He's a real piece of work."
https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/ [wired.com]
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"