Cybercrime
,
Fraud Management & Cybercrime
Extortion Money Found in Bank Account of Aleksanteri Kivimaki, Prosecutors Say
Prosecutors trying the case of a Finnish national accused of attempting to extort tens of thousands of psychotherapy patients and of later posting therapy notes online said Monday that they have traced the cryptocurrency wallet used by the blackmailer to the accused man.
See Also: OnDemand | Integrating Splunk and Panther for Real-Time Alerting and Custom Dashboarding
Aleksanteri Tomminpoika Kivimäki is on trial in a metro-Helsinki district court for multiple counts of extortion and leaking data after information belonging to roughly 33,000 patients of now-defunct psychotherapy clinical chain Vastaamo appeared online in October 2020. Kivimäki, who formerly used the first name Julius, has denied guilt.
Prosecutors questioned Kivimäki on Monday after he attempted, with the aid of defense attorneys on Friday, to poke holes in the police investigation and portray himself as no more than an interested spectator of the breach (see: Finnish Hacker Denies Role In Psychotherapy Clinic Attack).
Prosecutors said police made a fake purchase to the bitcoin address used by the Vastaamo extortionist, who as “ransom_man” emailed extortion demands worth up to 500 euros on pain of publishing online therapy notes. The cryptocurrency’s final destination was Kivimäki’s bank account, they said.
Kivimäki’s bank account also showed evidence of several payments during the time “ransom_man” was active, prosecutors said, leading the accused man to tell the court that the payments were likely made on behalf of someone else. Prosecutors alleged Kivimäki otherwise lacked income to support his lifestyle, which included prolonged stays in London and Dubai. A threat-scanning company named Scanifi that Kivimäki co-founded while in London had no income, prosecutors said.
They said that the Vastaamo hacker used the same technique that Scanifi proposed to monetize – scanning remote servers for open ports.
Kivimäki said his money came from an increase in the value of cryptocurrency he had bought years earlier and in income he made working in a travel agency, reported newspaper Helsingin Sanomat.
French police arrested Kivimäki in February after being called to an apartment in suburban Paris for a domestic disturbance. Finnish authorities have detained him since his extradition (see: Notorious Finnish Hacker ‘Zeekill’ Busted by French Police).
During questioning by defense attorneys on Friday, Kivimäki questioned the veracity of evidence previously submitted by Finnish police, including an IP address that authorities had traced to him. He said the IP address wasn’t exclusively his and was an address supplied by a broadband provider potentially used by several users.