Brief Summary
This episode of Darknet Diaries features an interview with Joe Tidy, the BBC's cyber correspondent, about his book "Ctrl+Alt+Chaos," which details the Vastaamo psychotherapy center hack in Finland. The attack, considered one of the most cruel cybercrimes in history, involved the theft and threatened release of patients' therapy notes. The discussion covers the hacker's methods, the impact on victims, the police investigation, and the eventual capture and trial of Julius Kivimaki, a notorious cybercriminal.
- The Vastaamo hack involved stealing and threatening to release sensitive therapy notes of 33,000 patients.
- The hacker, known as "Ransom Man," later identified as Julius Kivimaki, attempted to extort both the company and individual patients.
- The attack had severe psychological impacts on victims, with some even committing suicide.
- The police investigation led to the identification and arrest of Kivimaki, who had a long history of cybercrime.
- The case highlighted the vulnerability of personal data and the devastating consequences of cyber attacks on individuals and organizations.
Introduction
Jack Rhysider introduces Joe Tidy, the BBC's cyber correspondent, and praises his ability to infiltrate the hacking world, referencing an interview Joe did with a 14-year-old video game cheat seller. Joe expresses surprise that hackers are often willing to talk, attributing it to a desire to brag and show off, facilitated by the anonymity of cybercrime.
Who is Joe Tidy?
Joe Tidy introduces himself as the BBC's cyber correspondent, covering hacking, cybersecurity, data protection, online harms, AI, and crypto. He recounts his start in cyber reporting with Sky News in 2014, when he was tasked with finding a member of Lizard Squad, a group that launched a massive DDOS attack on Sony PlayStation Network and Xbox Live during Christmas. Joe successfully got an interview with "Ryan" from Lizard Squad, who nonchalantly admitted to the attack, citing raising awareness of poor security and amusing themselves as motives.
Ctrl+Alt+Chaos: The Vastaamo Cyber Attack
Joe Tidy discusses the Vastaamo cyber attack in Finland in October 2020, calling it the "worst and most nasty, cruelest, darkest cyber attack in history." A hacker known as "Ransom Man" claimed to have stolen the personal details and therapy notes of 33,000 clients from Vastaamo, a well-known psychotherapy center. This information included names, addresses, social security numbers, and sensitive therapy notes, threatening to expose the deepest secrets of vulnerable individuals.
Ransom Man's Demands and Initial Data Release
Ransom Man demanded 400,000 euros from Vastaamo, threatening to release 100 patient records daily until paid. The Finnish police, already working with Vastaamo, archived the posts and confirmed the release of the first 100 records. These records were carefully chosen to be the most salacious and harmful, with Ransom Man searching for keywords like "rape fantasies" and "child abuse."
Public Reaction and Hacker's Mistake
Ransom Man posted the stolen data on darknet and clearweb forums, expecting support, but instead faced widespread anger and condemnation. Users called him a "script kitty" and expressed disgust at his actions. In a major blunder, Ransom Man accidentally posted his entire home directory, including the data of all 33,000 patients, while trying to provide a convenient download link.
Police Intervention and Server Seizure
Realizing his mistake, Ransom Man posted "whoopsie, enjoy big tar" but downplayed the situation. The police, quickly analyzing a portion of the leaked data, found a crucial IP address pointing to a cloud-hosting provider in Helsinki. In a race against time, police officers rushed to the provider, located the server, and unplugged it, preventing Ransom Man from deleting the evidence.
Extortion of Individual Victims
With his bargaining chips gone, Ransom Man resorted to directly extorting the victims. He emailed 27,500 patients, including their names and social security numbers, demanding 200 euros in Bitcoin (rising to 500 euros after 24 hours) to prevent their data from being published. This unprecedented move was described as a "nadir in cyber crime," causing immense distress and panic.
Impact on Victims and Government Response
The mass extortion attempts led to widespread panic and a surge in criminal complaints. The Finnish government, including the president and prime minister, convened meetings to address the crisis. While only about 20 people paid the ransom, the psychological impact on victims was devastating, with some comparing it to "digital rape" and some even committing suicide.
Investigation and Identification of Julius Kivimaki
Detective Marko Leponen, initially relieved by the server seizure, was overwhelmed by calls from distressed victims. He focused on identifying Ransom Man, eventually suspecting Julius Kivimaki, known for the 2014 Xbox and PlayStation network attacks. An Interpol Red Notice was issued to locate Kivimaki, who was in hiding.
Arrest and Trial of Kivimaki
Kivimaki was arrested in Paris in early 2023 following a report of domestic abuse. The Finnish police were overjoyed, having successfully apprehended their suspect. The trial, the largest criminal case in Finland's history, was packed with journalists and victims. Kivimaki was briefly released on bail but was quickly rearrested after defying the court's orders.
Legal Proceedings and Kivimaki's History of Cybercrime
Kivimaki faced numerous charges, including 9,600 counts of aggravated invasion of privacy and 21,000 attempted aggravated extortion attempts. The Finnish justice system is considering reforms to handle such large-scale cases. Kivimaki has a long history of cybercrime, including a conviction for 50,000 cybercrimes as a teenager, being part of various hacking groups like LulzSec, HTP, Lizard Squad and UGNazi.
Conclusion and Kivimaki's Sentence
Joe Tidy emphasizes Kivimaki's lack of remorse and his reputation as a hated hacker. On April 30th, 2024, Julius Kivimaki was sentenced to six years and three months in prison. Jack encourages listeners to read Joe Tidy's book, "Ctrl+Alt+Chaos," for the full story.
