Cybercrime
,
Fraud Management & Cybercrime
‘Ransom_man’ Extortionist Faces 6-Year, 3-Month Prison Term
A Finnish court found Aleksanteri Tomminpoika Kivimäki guilty of hacking and leaking online the psychotherapy records of 33,000 individuals in a 2020 incident.
Kivimäki, the judge said, posed online as “ransom_man” and attempted to blackmail the now-shuttered Vastaamo psychotherapy clinic for approximately 4500,000 while also extorting payments from individuals to supposedly delete their data.
The District Court of Länsi-Uusimaa has sentenced Kivimäki, 26, to six years and three months in prison. Prosecutors requested a maximum penalty of seven years, but the court said a shorter sentence was justified after Kivimäki agreed on conditional settlements with Vastaamo victims, the Finnish district court said.
Kivimäki also requested that the sentence be eased because of the publicity surrounding the case, which the district court did not do.
Prosecutors charged Kivimäki with 9,598 counts of aggravated dissemination of information violating personal privacy, 21,316 counts of attempted extortion and 20 counts of aggravated extortion.
The trial included evidence such as an IP address that linked the identity of ransom_ man to Kivimäki. Authorities also traced a nominal bitcoin payment police made to the extortionist’s account, which they ultimately traced to Kivimäki’s bank account, despite an attempt to hide the trail by running the payment through multiple cryptocurrencies.
The district court found that evidence pointed toward Kivimäki as the perpetrator of the offenses, while no evidence proved him innocent.
The district court also took into consideration a message Kivimäki posted to a Finnish imageboard forum called Ylilauta regarding the breach.
“Kivimäki’s crimes have been very damaging because very sensitive information from the plaintowners has been distributed to the internet in full disregard of the plaintiff’s weak state,” the district court states in its judgment,” prosecutors said on Tuesday, according to a machine translation.
Kivimäki’s trial began in October following his February 2023 extradition from France. Parisian police arrested him after receiving a domestic disturbance report and being called to an apartment where he was staying. Kivimäki, who formerly used the first name Julius, used a false passport to tell police he was Romanian, but the name he used was a known alias for his real identity.
Prosecutors said Kivimäki used a compromised credential to connect to Vastaamo’s MySQL server to download the patients’ records. The authorities traced the identity of the hacker after Kivimäki made the mistake of not masking his IP address through a virtual private network.
Kivimäki had been under pretrial custody until a Finnish district court in February placed him under home detention. Authorities returned him to jail after he vanished in late February for approximately a week (see: Vastaamo Hacker Disappears Amid Ongoing Trial).
Defense attorneys argued the IP address wasn’t exclusively Kivimäki’s and was supplied by a broadband provider potentially used by several users. Kivimaki also testified in court, describing his programming skills as “pretty insignificant” (see: Finnish Hacker Denies Role in Psychotherapy Clinic Attack).
A Finnish court last decade found Kivimäki guilty of 50,700 “instances of aggravated computer break-ins” for a hacking spree that the then-17-year-old committed against U.S. universities and database provider MongoHQ. He received a suspended two-year sentence.
Kivimäki, under the alias of “zeekill” and “Ryan,” was part of a distributed denial-of-service gang know as Lizard Squad that, among other attacks, overwhelmed the servers for Xbox Live and the PlayStation Network on Christmas Day 2014.
An April 22 profile of Kivimäki by Business Week says he participated in multiple swatting incidents and a prolonged campaign of harassment against several individuals.