{"id":24414,"date":"2024-04-30T07:17:07","date_gmt":"2024-04-30T15:17:07","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/04\/30\/news-18144\/"},"modified":"2024-04-30T07:17:07","modified_gmt":"2024-04-30T15:17:07","slug":"news-18144","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/04\/30\/news-18144\/","title":{"rendered":"Man Who Mass-Extorted Psychotherapy Patients Gets Six Years"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Tue, 30 Apr 2024 13:34:32 +0000<\/strong><\/p>\n

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients.<\/p>\n

\"\"<\/p>\n

On October 21, 2020, the Vastaamo Psychotherapy Center<\/strong> in Finland became the target of blackmail when a tormentor identified as \u201cransom_man\u201d demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly sensitive therapy session notes Vastaamo had exposed online.<\/p>\n

Ransom_man announced on the dark web that he would start publishing 100 patient profiles every 24 hours. When Vastaamo declined to pay, ransom_man shifted to extorting individual patients. According to Finnish police, some 22,000 victims reported extortion attempts targeting them personally, targeted emails that threatened to publish their therapy notes online unless paid a 500 euro ransom.<\/p>\n

Finnish prosecutors quickly zeroed in on a suspect: Julius “Zeekill” Kivim\u00e4ki<\/strong>, a notorious criminal hacker convicted of committing tens of thousands of cybercrimes before he became an adult. After being charged with the attack in October 2022, Kivim\u00e4ki fled the country. He was arrested four months later in France<\/a>, hiding out under an assumed name and passport.<\/p>\n

Antti Kurittu<\/strong> is a former criminal investigator who worked on an investigation involving Kivim\u00e4ki\u2019s use of the Zbot botnet, among other activities Kivim\u00e4ki engaged in as a member of the hacker group\u00a0Hack the Planet<\/a> (HTP).<\/p>\n

Kurittu said the prosecution had demanded at least seven years in jail, and that the sentence handed down was six years and three months. Kurittu said prosecutors knocked a few months off of Kivim\u00e4ki’s sentence because he agreed to pay compensation to his victims, and that Kivim\u00e4ki will remain in prison during any appeal process.<\/p>\n

“I think the sentencing was as expected, knowing the Finnish judicial system,” Kurittu told KrebsOnSecurity. “As Kivim\u00e4ki has not been sentenced to a non-suspended prison sentence during the last five years, he will be treated as a first-timer, his previous convictions notwithstanding.”<\/p>\n

But because juvenile convictions in Finland don’t count towards determining whether somebody is a first-time offender, Kivim\u00e4ki will end up serving approximately half of his sentence.<\/p>\n

“This seems like a short sentence when taking into account the gravity of his actions and the life-altering consequences to thousands of people, but it’s almost the maximum the law allows for,” Kurittu said.<\/span><\/p>\n

Kivim\u00e4ki initially gained notoriety as a self-professed member of the\u00a0Lizard Squad<\/a>, a mainly low-skilled hacker group that specialized in DDoS attacks. But American and Finnish investigators say Kivim\u00e4ki\u2019s involvement in cybercrime dates back to at least 2008, when he was introduced to a founding member of what would soon become HTP.<\/p>\n

Finnish police said Kivim\u00e4ki also used the nicknames \u201cRyan\u201d, \u201cRyanC\u201d and \u201cRyan Cleary\u201d (Ryan Cleary was actually a member of a rival hacker group \u2014 LulzSec<\/a>\u00a0\u2014 who was sentenced to prison for hacking).<\/p>\n

Kivim\u00e4ki and other HTP members were involved in mass-compromising web servers using known vulnerabilities, and by 2012 Kivim\u00e4ki\u2019s alias Ryan Cleary was selling access to those servers in the form of a DDoS-for-hire service. Kivim\u00e4ki was 15 years old at the time.<\/p>\n

In 2013, investigators going through devices seized from Kivim\u00e4ki found computer code that had been used to crack more than 60,000 web servers using a previously unknown vulnerability in\u00a0Adobe\u2019s ColdFusion<\/strong> software. KrebsOnSecurity detailed the work of HTP in September 2013, after the group\u00a0compromised servers inside data brokers LexisNexis, Kroll, and Dun & Bradstreet<\/a>.<\/p>\n

The group used the same ColdFusion flaws\u00a0to break into the National White Collar Crime Center (NWC3)<\/a>, a non-profit that provides research and investigative support to the\u00a0U.S. Federal Bureau of Investigation<\/strong>\u00a0(FBI).<\/p>\n

As KrebsOnSecurity reported at the time, this small ColdFusion botnet of data broker servers was being controlled by the same cybercriminals who\u2019d assumed control over SSNDOB<\/strong><\/a>, which operated one of the underground\u2019s most reliable services for obtaining Social Security Number, dates of birth and credit file information on U.S. residents.<\/p>\n

Kivim\u00e4ki was responsible for making an August 2014 bomb threat<\/a>\u00a0against former\u00a0Sony Online Entertainment President John Smedley<\/strong> that grounded an American Airlines plane.\u00a0Kivim\u00e4ki\u00a0also was involved in calling in multiple fake bomb threats and \u201cswatting\u201d incidents \u2014 reporting fake hostage situations at an address to prompt a heavily armed police response to that location.<\/p>\n

Ville Tapio,<\/strong> the former CEO of Vastaamo, was fired and also prosecuted following the breach. Ransom_man bragged about Vastaamo’s sloppy security, noting the company had used the laughably weak username and password “root\/root” to protect sensitive patient records.<\/p>\n

Investigators later found Vastaamo had originally been hacked in 2018 and again in 2019, but that Tapio never told anyone about the intrusions until ransom_man began his extortion spree. In April 2023, a Finnish court handed down a three-month sentence for Tapio<\/a>, but that sentence was suspended because he had no previous criminal record.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Tue, 30 Apr 2024 13:34:32 +0000<\/strong><\/p>\n

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[28511,31314,27899,31315,12086,16696,27901,28514,27903],"class_list":["post-24414","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-antti-kurittu","tag-coldfusion-botnet","tag-hack-the-planet","tag-julius-zeekill-kivimaki","tag-lizard-squad","tag-neer-do-well-news","tag-ransom_man","tag-vastaamo-psychotherapy-center","tag-ville-tapio"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24414"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24414\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}