Cybercrime , Fraud Management & Cybercrime
Finnish Hacker Denies Role In Psychotherapy Clinic Attack
Aleksanteri Kivimäki Disputed In Court Evidence Collected by PoliceA Finnish man accused of hacking and leaking mental health records online downplayed his programming skills and said during a centerpiece cross-examination in court that he had no part in the data breach.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Aleksanteri Tomminpoika Kivimäki is on trial in a metro-Helsinki district court for multiple counts of extortion and leaking data after information belonging to roughly 33,000 patients of now-defunct psychotherapy clinical chain Vastaamo appeared online in October 2020. Kivimäki allegedly hacked the firm between November 2018 and March 2019. Kivimäki, who formerly used the first name Julius, has denied guilt.
Finnish newspaper Iltahlehti reported Friday that Kivimäki responded to defense attorney questioning by asserting that he learned about the data leak from a Finnish imageboard called Ylilauda or possibly from a news website. He acknowledged posting a link on imageboard to stolen patient information but said the act wasn't intentional.
Prosecutors in October charged Kivimäki with 9,598 counts of aggravated dissemination of information violating personal privacy, 21,316 counts of attempted extortion, and 20 counts of aggravated extortion. They say Kivimäki went by the online aliases "Zeekill," "Ryan," and "ransom_man" (see: Finnish Hacker Charged With Multiple Counts of Extortion).
Kivimäki told the court he's been engaged with computers since he was a toddler aged three but described his programming skills as "pretty insignificant," Finnish public broadcaster Yle reported.
A hacker with the "ransom_man" handle initially published therapy session notes of 300 patients and later emailed victims with an extortion demand of 200 euros in cryptocurrency, an amount the hacker said would increase to 500 euros after 24 hours. Vastaamo received an extortion demand of 450,000 euros.
Prosecutors said police identified the hacker after he made the mistake of not masking his IP address through a virtual private network, leading authorities to trace the online alias "ransom_man" to Kivimäki. He told the court Friday that the IP address wasn't exclusively his, but an address supplied by a broadband provider potentially used by several users.
The Vastaamo hacker used a compromised credential to connect to the chain's MySQL server to download the patients' records, Iltalehti reported in September.
Investigators found Vastaamo patient data on a server used by a threat scanning company named Scanifi that Kivimäki co-founded while living in London, Yle reported.
French police arrested Kivimäki in February after being called to an apartment in suburban Paris for a domestic disturbance. Finnish authorities have detained him since his extradition (see: Notorious Finnish Hacker 'Zeekill' Busted by French Police).
A Finnish court last decade found Kivimäki guilty of 50,700 "instances of aggravated computer break-ins" for a hacking spree that the then-17-year-old committed against U.S. universities and database provider MongoHQ, the BBC reported in 2015. The court imposed a two-year suspended prison sentence.