159: Vastaamo

So you first came on my radar when I was researching a story. I think it was video game cheats. And I was like trying desperately to find video game people who are selling video game cheats. And nobody wanted to talk with me on the record. I found a couple people that were just willing to chat only, but never like audio. And then I found an interview you did with somebody who's just like, yeah, I sell video games. She's like 14 or something.

How did you find this guy? And so ever since then, I've had just so much respect. And reading this book is once again a testament of just how deep you can get into this community and reach these people. And so really, hats off to your... ability to infiltrate the hacking world. Thank you very much. Yeah, it's become something of a speciality. But I mean, really, I'm always surprised they want to talk, but they do. I think there is a... There is a thing in hacking and cybercrime where...

as well as the kind of anonymity that it brings. I think people like to brag and they like to show off. Yeah. Yeah. So I think that leads us right into the first question, which is, who are you and what do you do? And how did you get there? Well, my name is Joe Tidy, and I'm the BBC's cyber correspondents. That means I cover hacking, cybersecurity, data protection.

online harms ai and a bit of crypto as well and i um been working the bbc now for about i think it's seven years in this role and before that i was at sky news and i was a general correspondent at sky news doing all sorts of bits and bobs but

Then in 2014, there was this amazingly huge and incredible DDoS attack on Sony PlayStation. a network and xbox live which took down those services over christmas christmas eve and christmas day and it was headline news and my boss came in and said to me right These gang, these teenagers called Lizard Squad, you've got to find one of them. We want a lizard on air tonight is the phrase. Get me a lizard on air tonight.

Do they know what kind of ridiculous ask that is to get a lizard on air tonight, like on camera even? Yeah, exactly. Not even just a text interview. They wanted them on camera within, I think it was 10 hours. when we were going to be on air. And I thought to myself, well, this is impossible.

Joe miraculously pulled it off. He got someone from Blizzard Squad to come on TV and answer questions. Speaking to us from Finland, this man who calls himself Ryan says he is one of the hackers. Why? Why did you do this? so many people, it ruined Christmas for potentially millions of people. Why we did it? Mostly to raise awareness, to amaze ourselves. Also, one of the big aspects here was raising awareness.

regarding the low state of computer security at these companies because these companies make tens of millions every month from just their subscriber fees and that doesn't even include purchases made by their customers. They should have more than enough funding to be able to predict against these attacks. Do you not feel guilty that you've taken so much enjoyment of gaming away from more than 100 million people over this Christmas period?

I'd be rather worried if those people didn't have anything better to do than play games on their consoles on Christmas Eve and Christmas Day. I mean, I can't really say I feel bad. I might have forced a couple of kids to... spend their time with their families instead of playing games. I can't believe that clip. This kid calling himself Ryan, appearing on Sky News, not hiding his face or voice at all, admitting to taking down Xbox Live and PlayStation.

And I just can't believe Joe got that interview. It takes a certain amount of finesse and diligence to get hackers to talk. I should know. But he's got just what it takes to make it happen. And he just didn't give a damn. He didn't care. All the chaos that he was causing, all the headlines around the world, people going, what is going on with Xbox and Sony PlayStation? This is absolutely a monumental cybersecurity issue.

here and this kid was laughing at the whole thing and that just made me think wow the power that they can wield from keyboard and mouse. And it just really struck me. And from then on out, I was just hooked on hacking and cyber and have been ever since. These are true stories from the dark side of the internet. I'm Jack Recider. This is Darknet Diaries. This episode is sponsored by Threat Locker.

If you've worked in security long enough, you know that most breaches don't come from some genius exploit. They come from something simple, something that shouldn't have been allowed to run in the first place. And that's exactly why ThreatLocker was created. ThreatLocker is not just another alert system. It's a control solution that stops unapproved applications, scripts, and tools from ever executing no matter how they get in.

Default deny isn't a new concept. In fact, it's one of the oldest and most proven principles in cybersecurity. But let's be honest, implementing it at scale used to be a nightmare. It's too rigid, too manual, too risky for business continuity. Threat Locker makes it possible for real.

It gives you centralized, policy-based control over what's allowed and makes it simple to manage across even the most complex environments. That means real security without slowing your users or operations down. Thousands of organizations, from enterprises to critical infrastructure. are using ThreatLocker to reduce risk, lock down lateral movement, and reclaim control. If you're ready to make default deny a reality without creating more work for your team, visit ThreatLocker.com.

That's threatlocker.com slash darknet. This episode is brought to you by Red Canary. Red Canary is a leader in managed detection and response, also known as MDR. They serve companies of every size and industry, focusing on finding and stopping threats before they can have a negative impact.

As the cornerstone security operations partner for nearly 1,000 organizations, they provide MDR with industry-leading threat accuracy across identities, endpoints, and cloud, all with a world-class customer experience. Canary, visit redcanary.com. That's redcanary.com. The reason why I wanted to talk with Joe Tidy today is because he just published a book.

called Control Alt Chaos, and I just finished reading it. It's great. It starts out in 2020 with a cyber attack in Finland. There was this incredibly... sinister and cruel cyber attack in Finland. And it shocked the world. And it was, for my money, the worst and most nasty, cruelest, darkest cyber attack in history. The worst, most nasty, cruelest, and darkest cyber attack in history? Oh, I'm in. I want to drive straight into that story.

But before we hit the gas, let's try to guess at what it could be. What comes to mind when you hear that? Like maybe a hospital system brought to its knees where lives are on the line? Or maybe a pipeline gets shut down. There's fuel shortages, chaos everywhere. Or maybe an entire government agency gets compromised and state secrets are exposed. Well, those are all serious and probably scary, but I don't sound like the nastiest to me. Let's think smaller, closer to home, more personal.

Is there something, some piece of data on you that, if exposed, would make you feel fear? Like a deeply disturbing fear. Maybe it's your photos getting out. You probably just publish your photos online anyway, so that's probably not it. Okay, well, what about your text messages? Are those private enough that would cause a lot of fear if they got out? Maybe. Or your location data? Or maybe your password getting leaked? All right, fine. Guessing game is over. Let's hear what it was.

So the Vestamo cyber attack was in October 2020. And the first we heard of it was that there was someone on a forum in Finland on the darknet who was... saying that they were calling himself Ransom Man and they were saying, I have hacked the Vestamo Psychotherapy Centre. I have got all the personal details of all the clients of this ginormous... chain of psychotherapy centers. So this is a really well-known company in Finland, a kind of social good company that was very, very popular.

They were offering people psychiatrists, psychotherapists, that kind of thing. And they had dozens of centres popping up all over Finland. They had a very famous and recognisable logo of a green speech mark. I think the Starmo translates as the answer machine or the place to go for answers. So in a small country like Finland, everyone knew Vestamo because if you didn't go to it, you knew someone that probably went to it. So when this ransom man popped up on the dark net on a website,

which is now gone, but it was called Turi Lauta. And he said, I have hacked Vastama. I've got all of this information. Not only have I got the... information from the patients about like name, address, email, phone number, social security number. I've also crucially and cruelly got all their therapy notes as well. So that's 33,000 people.

They were potentially going to have their deepest, darkest secrets exposed online. There it is. The notes your therapist took when you spilled your most personal and private thoughts to them. That, in my opinion, is in fact the cruelest piece of personal data that someone could hold for ransom. Especially because you didn't do anything wrong. You were just talking to your therapist.

But this ransom man guy was talking with Vastamo, telling them, hey, I hacked your company, I stole your patient records, and all I want is Bitcoin or else I'm going to release it to the world. Vastamo contacted the police, who took over communication directly with this hacker, and they were trying to get as much information as they could from this guy. But that went on for six weeks.

And Ransom Man felt like it wasn't going anywhere and needed to up the pressure to show that he's serious. And Ransom Man said, I have been trying to get 400,000 euros. which I forget how many bitcoins it was at the time, but that's how much it equated to. I've been trying to get that off the CEO of Astamo and the company's refusing to pay. So now I'm going to release 100 records every day.

until they pay me. Of course, the Finnish police were already very aware of this situation because they were working with Vastamo to try to catch this guy. So they noticed this post right away and start archiving anything. looking for clues. And yes, the first day, he did release 100 records. Everyone's worst fears were a reality. It's the kind of stuff that

is a nightmare for people who are vulnerable. They're struggling already with their mental health. And then to have this kind of information out there, it's anything you can imagine. So we know now that Ransom Man took a lot of time choosing. which hundred to release. He wanted the most salacious ones he could find. He wanted the most harmful ones he could find. So he did searches for things like rape fantasies, child abuse.

police as well at one stage he was searching for for that kind of keywords in the database and he posted these these first hundred

Now, typically when you see someone post a snippet of breach data to a darknet forum saying, you hacked into something, people think it's funny and maybe even cheer for you. But he didn't see any of those kind of reactions. He chose... sites that you'd think that would be, you know, acceptable to this kind of crime and this kind of maverick approach to morals, I suppose you could put it that way. As well as posting on Turi Laute, he posted it to ClearWeb.

uh forum called Yolato which um was known as like Torilato known for being a place a bit like 4chan you know that horrible website 4chan where anything goes and edgelords rule and The more offensive you can be, the better. And those two places that he posted, what I was really surprised at looking back through the logs in research for the book was just how much hatred he got straight away.

There was no respect for him. There was no, wow, well done, you've done a crazy thing, awesome. Everyone was very, very angry. There wasn't much love at all for Ransom Man. And what I found really interesting is if you look through the back and forth. that he has over the hours that he's on both those websites. People are saying, you're a script kiddie, go and kill yourself, there's a special place in hell for you.

All these things being thrown at him. And quite quickly, his post got marked as being a sign of criminality on the Yalauta website. So they took it down. But on the Darknet one, it stayed there. And he carried through with his threats every day. He posted 100 more records. I mean...

I think this might even be an instance where I'd call him a script kitty myself. Normally, I would never call anybody that except maybe myself, because the term is usually derogatory. Script kitty is just a beginner hacker who doesn't know what he's doing.

But I like beginners. We all have to start somewhere. Beginners aren't a problem. But the reason why I might call this guy a script kitty is more because of the you don't know what you're doing part. Holding this kind of sensitive data hostage, dude. That's messed up. You can't mess around with that kind of data like that. This whole thing just strikes me as being so reckless and careless for other people's most inner private details getting out.

He's got an unbelievable amount of highly personal data and he's weaponizing it. In order to profit from it, it's like he doesn't care how much people he hurts from this just so he can try to extort this company. It does seem like he's really grasping for something here. What? Fame? Money? Respect?

But he's just not getting it from anyone. Ransom Man even joked about that. He said that getting into this database that was holding all this really private data was really easy. He said there was no password. It was root root. And he put that on the forum.

And people kind of laughed along with it in a sense. But then there was also the idea that he was out of his depth. People were accusing him, Ransoman, of being an amateur, of not knowing the difference between... profit gross profit net, accusing him of asking the company for too much money.

And what's funny about the exchanges on the forum is that he's constantly having to defend his actions as a hacker. He's saying like, no, no, no, I've done loads of hacks and this is just one of them and I know what I'm doing and trust me, I'm a serious cyber criminal. but people weren't really buying it but what was also quite troubling and scary is that there were a couple of people whilst most people on the forum were

having a laugh with it and trying to make him feel bad for what he's done. Some of them were posting saying, hang on a minute, this is my data. Please, please don't post it. So that was the first day. Already, it stirred up some people pretty bad. But Ransom Man promised another 100 more every day. And then, like clockwork the next day, another 100. And then like clockwork the next day, another 100. And obviously, as you can imagine, it was getting picked up now by...

news organizations around the world. People in Finland were getting extremely worried and concerned about it. And there was nowhere to turn to because Vistamo was in absolute chaos. Vastamo stayed quiet through all this, partially because they were working with the police to try to catch him, partially because they were speaking directly with Ransom Man over email. Their customers were freaking out, and they were trying to focus on this catastrophe at hand.

So 300 different patient records now on the internet for anyone to download. And all you had to do was click on one of the links and then you've got access to all of the data. And in some cases, some of these people would be... regular clients and patients of Vistamo so they would have maybe a year's worth of therapy notes and these are kind of like

typed out by the therapist then it'll be things like today we talked about this they wanted to say this i think it could be to do with this so you can you can imagine what types of information and details there are put in there by the therapist um And if you look at the whole

thousands of people that were affected by this. Some of them were regular Pistamo patients, so they would have had a huge amount of detail. Some of them were infrequent and some of them were, you know, only one or two visits. But the first 300 people that had there... notes exposed they were chosen specifically because they were the most deep and upsetting and i think you know we know now that he knew exactly what he was doing when he chose those

Gosh, how awful to be one of those people who trusted this company with their innermost secrets, only to have it all posted publicly for anyone to see. That would absolutely rattle me to my core. I would simply be frozen. for a solid week, unable to move, not knowing how my friends or family or co-workers will react if they read it. And I guess this is another lesson in protecting your own data.

Just because something is supposed to be safe and secure doesn't mean it is. Companies might say they treat your data with the utmost privacy, but actually, they don't do as good of a job as they should. And it's just one of those reminders that you are the only one who will treat your data with the privacy it deserves. So make sure you're doing it. But what he did next was...

he made probably the biggest mistake in the history of cybercrime because he thought i'm going to be helpful here so he told the forum users here's a large folder you can download the whole thing. Instead of having to go to 123, download links, here it all is. But what he accidentally did was posted his entire home directory.

and the entire list and all the data from the 33 000 patients so in that one upload he gave away all his bargaining chips He posted it late at night and went to sleep before realizing his mistake. Of course, by this point, a lot of cybersecurity researchers were keeping a close eye on him, including the police. And when they saw this post, they all immediately tried grabbing this tar folder with all the data. But since he posted it on the darknet, on Tor...

It was an extremely slow connection, so nobody could really grab it. There just wasn't enough bandwidth, and everyone was getting extremely slow download speeds. There was a couple of people on the forum in the morning who were talking about, oh, I've got five megabytes here, one megabyte here, but this file was 10 gigs.

big so you know and the kind of the slow internet speeds that you get on the dark net um meant that people weren't able to download the full thing plus there was a there was a little bit of luck that ransom man had as well he ran out of storage space or something and it kind of

It locked out and went down overnight, so it didn't allow many people to have full access to it. But there were some who did, and there were some that managed to get a decent chunk of that file. So nobody got the full file. But even just getting the first five megabytes had a lot of very interesting data in it. People were extracting what they could out of it and looking through it, and it had loads of patient details, but there was some other stuff in there.

Details about Ransom Man himself. Well, there's this moment where he wakes up and he realizes his mistake. And he posts on Turi Lauter. Whoopsie, enjoy Big Tar. And he puts a smiley face emoticon. What's interesting about that, of course, is that he's playing down what is a serious situation for him. He hasn't just given away his entire bargaining chip. He's given away really, really important information that he wanted to keep secret about himself. So very quickly...

it becomes clear to the police that if he knows what's happened, they need to be quick. And they very quickly, in the early hours of that morning, they started tearing through this two gigabyte file that they managed to download from the big tar. And they found an IP address. crucial IP address. It was a massive stroke of luck from the police. Not only that, bizarrely, the IP address was for a cloud hosting provider in Helsinki.

where the investigation was taking place. So there was this... I spoke to the head detective, Marco Leponen, and he said there was this mad race to try and get to the... the cloud service provider get that computer off the internet as quickly as possible to stop Ransom Man having any control over it. And he says there was a race against time between Ransom Man himself. He could see the files.

being deleted somehow and he said that he had to get two police officers in a car sirens going right the way across town to try and get to this place they had another officer on the phone trying to get through to them in the early hours They eventually got through on the phone. They had a guy from the company running through the warehouse, finding the server, unplugging it so that Ransom Man had his connection severed. Ransom Man trying to delete the evidence from his...

massive server, which had way more than the big tar, of course, that had everything on there. And he was only able to delete a certain amount because they got there just in time and pulled the plug. Wow, the police were really on the ball here. I mean, holy cow.

See, when you're on tour, the darknet, IP addresses are hidden. These files could be hosted anywhere in the world, and the police would have absolutely no idea where to look to find Ransom Man or where the files are hosted. But this file he posted... pointed exactly to where those files were hosted. It was a big mistake, and it gave the police their first huge piece of evidence. With this server seized, they took it back to the police station to analyze it.

yeah they took the server back to their lab in the cyber bureau the hq in helsinki and they started going into it and it gave them a wealth of information not just about that particular hack that took place but also about the kind of the network and the infrastructure that was being used what other cloud service storage providers that the ransom man was using receipts from certain things other little nuggets and little breadcrumbs that took them to

online accounts which they could, you know, subpoena Google for or whoever it was to get information about individuals. It was a treasure trove. It was an absolute, you know, a boon for the police. Sounds like Ransom Man has screwed up way too many times and the cops are closing in on him. What would you do if you were in a situation? Stay with us. We're going to take a quick break. But I guarantee you, he does something that you would never think to do.

This episode is sponsored by DeleteMe. DeleteMe makes it easy, quick and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable.

Delete.me knows your privacy is worth protecting. Sign up and provide Delete.me with exactly what information you want deleted and their experts will take it from there. Delete.me isn't just a one-time service. Delete.me is always working for you, constantly monitoring and removing the personal information.

you don't want on the internet. Privacy is a super important topic to me. So a year ago, I signed up and DeleteMe immediately got busy scouring the internet for my name and gave me reports on what they found. Then they got busy deleting things. It was great to have someone on my team when it comes to my privacy. Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for my listeners. Get 20% off your Delete Me plan.

And you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries. Enter code DD20 at checkout. That's joindeleteme.com slash darknightdiaries code DD20. So Ransom Man was toast.

All the data he was holding for ransom is now out there. So he's got nothing left to threaten Vastama with. And if it was me, I'd be like... Oh, crap. And I delete everything on my machine and close it and set it on fire and try to disappear as fast as I could. I don't know what goes through his mind, but he sort of thinks, OK, how can I make some money? I've come this far.

I need to make some money out of this. So the next step is really, really nasty. He finds the email addresses, obviously in the stolen data, of as many people of those 33,000 patients as he can find. i think it was something like 27 and a half thousand email addresses and then he emails them every single person all in one batch with their name in the email

personalized to them with their social security numbers. And he says, I've been trying to get Pastamo to pay me so I don't release your data. They are not paying me, so you're going to have to pay me now. Oh wow, he contacts every person he can to try to extort?

the users individually, that is cruel. Like already they're reeling from their deepest secrets being out there and now he's hitting them when they're down saying, give me money and I'll delete your data. Which is 200 euros worth of Bitcoin. And if they don't pay within 24 hours, it goes up to 500 euros in Bitcoin. Otherwise, their data will be published online. And of course, he cc'd the CEO of Estamo and their executives.

Vastamo goes into full panic mode at that point. Tons of people started calling in who are just now hearing about this, really worried. Not only were they calling Vastamo, but floods of people were calling the police too. And honestly, I can't recall a data breach where...

the hacker tried to extort all the victims whose data was in the breach. Yes, I know that people comb through data breaches looking for targets to hit. And so the people in the data breach are often victims themselves. But to extort them all like this, that is... That's just something new to me.

Yeah, certainly at this scale, never before seen. And if you speak to some of the security experts who are looking at it at the time, you know, this is a real nadir in cybercrime. This is the lowest of the low. This is a cyber criminal who...

did something despicable in the first place, failed in trying to extort the company, and now is going directly into the inboxes of these vulnerable people. And the impact that this had... is just awful i've spoken to probably i think about 15 of the victims and you hear some of the the stories of of the impact it had on them one of the women that i spoke to said it was

It felt like digital rape, she said, which really has always struck me as just such a horrible proposition and such a horrible description. But it does bring to life for me what it feels like, you know. Having your data stolen, you know, your private data can feel like a burglary, is what some of the victims said. But having this particular type of information stolen...

It's just such an invasion. Joe spoke to the lawyer of some of these victims who told him that some people couldn't handle this news and they chose to end their own life. rather than to face the shame of their data getting out there. It was truly an awful, dark, cruel time for these victims. Yeah, so at this point, the story went completely stratospheric, as you can imagine, because people started going online saying, I've got this email, I'm being ransomed directly.

If the country hadn't been doing much to help people up to this point, suddenly it kind of burst into gear. You had statements from the president and the prime minister. There were meetings held at the highest level of government. Trying to work out what you can do for these people, because of course...

The data's already out there. Although Ransom Man was asking for payment, not many people paid. I think about, we know for a fact about 20 people sent Ransom Man money, but... a lot of people were advised and they got the advice don't pay it's too late the data's out there if you pay you're wasting your money um and that was the advice that was given but the the police were getting calls from

We're talking, yeah, 33,000 people, potentially thousands of people all on that same night hit with this same email, the same threats. So that's an instant spike in criminal complaints. Criminal records and reports needed to be filed. They couldn't cope. There was phone lines set up by Verstamo to try and help people.

But they were overwhelmed. The police were overwhelmed. They said, please don't call 999 or whatever the equivalent is in Finland with an emergency. You need to go to this specific number. This was all happening during COVID as well. This was October 2020. So the country was already in a state of panic. There's this picture that I dug up for the book from Twitter.

which showed the Prime Minister and her cabinet sat around a circular table, all socially distanced, all with surgical masks on, looking at this big screen with the Vistamo details on it. And that just... really hit home to me you know this is such a time of already you know peril for society and then suddenly you've got this this ginormous hack which in a small country like finland five and a half million people As Mikko Hypenin said, everyone knows someone who was affected by this.

20 people paid the ransom. That's what, like $6,000 worth of ransom payments that he made from all this? And in total, that's about all he made from this whole thing.

Not a very big payday for him compared to how much damage he caused these victims. At this point, the police had been working on this case for almost six weeks and have started to collect some pretty interesting evidence. Well, the... the main detective marco leponen he uh obviously he's very very happy that they managed to to secure this um this server that ransom man was was using and running um and he thinks great you know i've managed to uh

to get something here that's going to really help us. But then, of course, it all comes crashing down for him when his phone just doesn't stop ringing because of victims who've managed to get hold of his number who are calling for help. And there's a sort of scene in the book where Marco...

feels relieved but then the phone is going and people are calling saying what am i going to tell my husband about my affair what am i going to how am i going to go into the office on monday with my colleagues find out what i've said about them And it really, really hits him hard and he breaks down and he's crying and he decides to change his phone number and concentrate on the criminal investigation, which is what he does. And he spends the next...

best part of over a year trying to figure out who ransom man is over a year wow yeah um and slowly it dawns on him that this kid or this cyber criminal who was famous when he was a kid, infamous rather, is probably the prime suspect. And the name Julius Kivamaki just keeps coming up. Julius Kivamaki? Of course his name would come up as a person of interest. It was in the back of a lot of people's minds from the beginning that it might be him. And you know what? You already know who that is.

Julius Kivimaki is the guy who took down the Xbox and PlayStation Network on Christmas 2014. The guy that Joe interviewed live on Sky News. You heard his voice at the beginning of this episode, the notorious hacker from Lizard Squad. He's from Finland. He's been involved with some pretty high-profile hacks in the past, and he just doesn't seem to care how much trouble he gets in or chaos he causes. Could Ransom Man be him? Speculators were thinking it.

But the investigator, Marco, was finding actual evidence that was pointing to him. But he can't find him. He can't find where Julius Kivamaki is to bring him in for an interview. He could be anywhere in the world. Nobody knows where he is. So Marco does the... quite extreme move of putting out an interpol red notice to try and find out where he is and i think it was in november 2022 that he put out the uh the red notice which means that if there is a police force

in Europe that comes across anyone that bears the liking of Julius Kivamaki or has any likeness to him in terms of the kind of aliases that he's using, that kind of thing, need to arrest him on sight. in order to send him back to Finland. And Marco puts out this red notice and obviously carries on with other cases and things and just hopes that somebody somewhere recognises Kivamaki and brings him in.

Julius was smart about evading capture. He was in hiding, using fake IDs, and in some other country. There was just no trace of him anywhere. But this is when Joe realized he's talked to this hacker before. As soon as the name came out, as soon as he was wanted with the Interpol Red Notice, the cybersecurity world were like, hang on a minute, this is the same kid, or not kid anymore, but this is the same person that was...

this notorious cybercriminal when he was a teenager. And I was like, wow, I couldn't believe it because I was trying to keep tabs. on this kid i had a feeling that he would be back after the lizard squad attacks and then he comes up and does this and you just think wow this this goes to show that if you don't catch

and deal with some of these cyber criminals, they will just keep coming back for more. It's sort of like an addiction. If you look at the history of people like Kivamaki, and in the book we go into... great detail about you know what he did as a teenager what kind of gangs he was in the people around him the culture around him there is a kind of element of just

addiction and power and greed when it comes to these individuals. And once you get a taste for that hacking life, I think it's hard to let go. Meanwhile, Vestamo is still reeling from this attack.

So if you ask the CEO of Astamo and the founder of Astamo, Villa Tapio, he would say that the company could have survived if he'd have been allowed to keep operating it and kind of steer the ship through this crisis. He was dropped very, very quickly as soon as the investigators began poking around. When Vestamo got the ransom note from Ransom Man...

they called the police and the police took over the situation. They took over the CEO's email and they were responding to Ransom Man, posing as the CEO. They were advising Vastamo how to react to everything. And the police weren't trying to save the reputation of the company.

They were trying to solve the case of who did it. So they had a totally different priority than maybe the Vestamo leadership. So the CEO of Vestamo didn't have control of the ship in the middle of this crisis. The police did. Not only had Ransom Man...

managed to get hold of this data in 2018 someone else somewhere we don't know who we don't know what happened they got hold of it in 2019 or they had access to it um and there was a there's still a lot of confusion here about whether or not there was a cover-up Tapio denies that vociferously. The IT team that he hired have gone dark. They haven't spoken to anybody. So we don't know exactly the nature of that, but the Verstamo hack, ransom man, plus this incident in 2019.

It just meant the company was in absolute chaos and crisis and legal problems as well. You can imagine data protection authorities breathing down their necks. They had fines to pay. And then you've just got the fact that there was... tens of thousands of people who just could no longer trust the company. And the way they handled it was atrocious. People were turning up.

at the therapy centers demanding their notes to be handed over and some of the staff were in tears and it was just utter, utter devastation and the company collapsed into administration. The company collapsed. Wow. It's pretty rare for a company to be damaged so badly from a cyber attack that it can't recover and has to shut down like this. And it's wild to think that your whole business could come to a catastrophic end.

All because of a hacker. But all this does make you wonder, whose fault is it for not securing the customer's data better? And shouldn't they be held responsible? Well, Villa Tapio, the CEO, he has been prosecuted for failing to protect the data. But he's appealing that, and we don't know what's going to happen with that. The CEO blames his IT team for failing to protect the data. And he blames the police for how badly the fallout was handled.

He says when he called the NBI, the National Bureau of Investigation, they locked him out of all decision-making, and he didn't even know what was being said in emails using his name. And pretty early in the investigation, the NBI filed a criminal complaint against the CEO, accusing him of a data protection violation, which led the board to remove him. as CEO, in the middle of this crisis, while people were trying to call 24-7 looking for help.

So the company was leaderless during all this. And not only was he dismissed as the CEO, but the parent company of Vestamo also sued him, accusing him of failing to protect user data. Villa Tapio, the CEO. was convicted in the District Court of Helsinki for data protection violations under the EU's General Data Protection Regulations.

He was sentenced to a three-month suspended prison sentence in April 2023 after being found guilty of not anonymizing or encrypting the personal data processed at Vestamo. But he doesn't agree with that, and he's actively trying to fight that to clear his name, so it's still yet to be seen where he lands. Around that time,

Someone phones up the Paris police and reports that there's a domestic abuse situation happening. They said there's scary noises. Sounds like a scared woman, an angry man. Something's going on. Check it out.

They get called out to a domestic abuse situation in Paris in early 2023. And the police arrive in the early hours, I think it's something like... half past six seven o'clock in the morning um to a very quiet part of paris uh in the north i think it's the northwest and they approach the door expecting potentially for there to be a serious situation of you know potentially a a man abusing um a girl a woman and they knock on the door

Eventually, a very bleary, tired-looking girl answers the door, and she's fine. And the police go in, and they find a six-foot-three, blonde-haired, green-eyed man, who's... traveling under the name Assam Amet. And they think, hang on a minute, this person doesn't look like they should be from Romania. So they run some checks, and it turns out this isn't a Romanian living in Paris with his girlfriend or wife at the time. This is the wanted cybercriminal Julius Kivamaki.

So the Vestamo hack happened in 2018, but the ransom attempt and public posting of this data didn't happen until two years later in 2020. And now Julius is arrested in 2023. So they very quickly arrest him. and drive him to the police station um and then of course the call goes into marco and the team in finland and they are

high-fiving around the office, they're screaming for joy because they didn't think that, you know, this red notice would be so successful. This was only a few months after they put the call out to other police for help and they had no idea where he was. So suddenly to have this arrest take place in Paris meant that they got their guy. So he's sent to jail in Helsinki, Finland, and has to face a judge there. So it takes some...

a good few months to get together the evidence that they need to start the trial. And the trial takes place in Finland, just outside Helsinki, and it's the biggest criminal case in Finland's history because of the number of victims.

And I went along to the first day when Kivamaki was in the dock doing his cross-examination. And it was an absolutely ram-packed courthouse, as you can imagine. So many people there. wanted to know what he would say and how he would sort of get around it. What was interesting as well was there was lots of people watching who were victims in a cinema, in a secret location as well, watching the live feed. But during the trial...

About halfway through the trial, somehow Kivamaki's legal team managed to convince the judges to let him out on bail because they thought that he wasn't a flight risk. So he was released from prison and he was allowed to do what he wanted as long as he was under certain conditions like he had to keep his phone on him and go to a police station every couple of days.

Just as soon as he was released, the police were like, whoa, whoa, whoa, you cannot let this guy go because he is a flight risk. He's going to disappear again. Because don't forget, he was wanted and there was a manhunt for him. previously plus you've got this massive history as well where he just doesn't seem to give a damn about the police so lo and behold they say

The judges change their mind and they say, right, come back to prison, please, Kivamaki. We don't know where you are, but come in because you've got to come back to prison. And he just refuses. He just says, he answers the phone saying, nah. i'm staying where i am uh i'll see you in court but i'm i'm still i'm chilling i'm not going to come into the police i'm not going to come to prison again um until that until the court case starts so you had this absolutely absurd situation where

a wanted cyber criminal who was found by accident in Paris, brought to Helsinki, largest criminal case in Finland's history, released on bail. Now they want him back and he's saying no. Mid-trial, I just think it's incredible because, of course, all the cases that I've covered, the defendants are always trying to be, you know, as good as possible and try and convince the jury and the judges that they are.

upstanding members of society and kibamaki just doesn't care um so the police had to start another manhunt to find out where he is and marco is so angry about this um and he's got All the police resources are out there trying to find him and eventually they manage to track Kivimaki down because he posts a picture of himself or posts a picture of a hand holding a really expensive champagne bottle and they recognize...

the room might be something from an airbnb and they managed to locate the airbnb he's in and rearrest him 9,600 counts of aggravated invasion of privacy. 21,000 attempted aggravated extortion attempts. So those are the emails that they know about. Yeah, and 20 counts of aggravated blackmail. I mean, this is crazy. 21,000.

aggravated extortion attempts. I've heard people get arrested for like seven counts of this, 13 counts of that, but 21,000 counts, holy mackerel. Yeah, and well, that's the kind of preposterous thing about... the Finnish justice system because... When you look at it, it's outrageous, isn't it? But actually, if you look at the numbers in detail, so the 9,231 aggravated dissemination of information infringing private life, those are the people that actually filed complaints.

Really? 9,000 people? Yeah. Almost like a class action lawsuit with 9,000 complainers. Yeah. Wow. And then the 20,000 are... the emails that they know of. So they were 27,000, I think there were some duplicates, and 20,000 were the ones that they kind of confirmed as being aggravated. And then you've got the 20 aggravated, which is the people that paid.

Yeah, in the U.S., we have civil cases, which is like a user of the site is claiming damage that the site caused them, reputational damage or whatever. But this is a criminal case where... People complained that this particular person, Kivamaki, has harmed their life. in ways. I think that's also unusual. Yeah, and they're actually thinking of changing the Finnish justice system to cope with this kind of thing they've never had.

a court case on this scale where so many individuals go after and accuse one individual of issues of criminality. So there's discussions in the country about how they're going to cope with something if this happens again. um because they you know they had to they're still working through it

To be honest, they are still working through the backlog of potential compensation to be paid. The company, Vestamo, is bankrupt, so they can't really pay very much. But Kivamaki has agreed to pay some people. But it's not going to be much. Of course, the scale of harm is very different depending on who you are as well. So there will be some people, I spoke to one guy who went there twice with his wife to help them with their divorce and he doesn't feel particularly aggrieved.

Or, you know, he's not feeling too invaded by that. But then you've got people who have been going there for years and they poured their hearts out to the therapist and now they're... absolutely terrified. If someone looks at them funny in the street, they're worried that that person's read their notes and they know the deepest, darkest secrets. There is a real difference in how it's affected people.

In the court there, they mention how many other crimes this guy has committed. and how it just goes back for almost a decade that this guy was a cyber thug. And that's where I think there's just so much more to your book, right? Yeah, and you mentioned the... the 30,000 crimes that the court accused him of or convicted him of. But if you go back not that long, Kivamaki has a history of cybercrime.

convicted of 50 000 cyber crimes um when he was a teenager because of various things he did because this this guy was really brought up in a time when teenage cybercrime gangs were absolutely coming to the fore. They were prolific. There's this period of time in the 2010s where you had this conveyor belt of cybercriminal teenage gangs that were, one after the other, passing the baton.

upping the ante they were worse than each other each time they tried to outdo each other in terms of the kind of things they could do get away with the kind of criminality and cruelty they could be responsible for i don't know if you remember any of these these gangs but i'll i'll go through some of them

So Lulsec probably started this whole thing. I don't know if you remember them, 2011. And then after that, you had HTP, which Kivamaki was part of and convicted for. He was actually, he was collared. when he went to DEFCON in, I think it was 2012, 2013, when he was a teenager. And the police, the FBI, managed to get him in a room, in a hotel room, and interrogate him for some of the stuff he was doing.

And then he was arrested by the Finnish police and spent time in prison and then eventually... the long slow way that the justice system works he was convicted but of course in that time he didn't stop and he carried on and then there were other gangs he was part of like Lizard Squad and UG Nazi, ISIS gang, all these types of gangs just came and went in this period, causing damage as they did so. He was convicted of 50,000 cybercrimes in the past?

Look, what we've covered in this episode is only the first few chapters of Joe Tidy's book, Control Alt Chaos. You've got to hear what else this guy did. So I encourage you to go get his book and hear the rest of the story. We only covered one of his hacks. here. But there are so many more this guy did. And I have a strong feeling that Julius Kivamaki will go down as one of the most notorious hackers in history.

And it's really amazing how close Joe was following this whole story, especially in this Pastamo case. Like, Joe was in the courtroom watching all this unfold. Yeah, I was there on the first day that he gave evidence, and it was packed full of... uh journalists from all over finland and also international journalists as well because of course by this time this was known as the biggest case in finland's history and the vastamo court case and the vastamo case itself was just such a big nasty story

And I went in and it was really interesting because Kivamaki sat there and he had a laptop in front of him and he was answering all his prepared questions from his lawyer and he was just... just not even thinking about it, just kind of like stroking the mouse keypad on the laptop back and forth, back and forth, and smiling while he was talking and cracking little jokes. He seemed really relaxed. And of course, when you look at his history...

When you look at the amount of cybercrime that he's carried out, the amount of run-ins with the police, convictions, that makes sense to me. This is the kind of world that he operates in. He doesn't seem to have much care for anything. Yeah. Yeah, it does seem like that. Just what can I do to set the world on fire kind of thing. Yeah, I think it is a bit of that. It's one of the really weird things about this whole case is like...

I've followed this guy for 10 years since he was a teenager. And the people that speak to him and know him... He's not a popular hacker. He falls out with people all the time. He did some nasty stuff even before the Vastamo hack. I would argue that he's probably the most hated hacker in history because... He didn't give a damn and doesn't give a damn. And people are confused by him, what his morals are, because he's got the money. Some people said that...

He just likes to cause damage and likes to cause chaos and enjoys it. On April 30th, 2024, Julius Kibimaki was sentenced to six years and three months in prison. He's currently sitting in prison. right now, serving his time. Thank you so much to Joe Tidy for sharing this incredible story with us. You have to hear the rest of the story, though. So go get his book. It's called Control Alt Chaos, and it releases this month.

I have to take a moment to just thank my premium subscribers. They are the real heroes to me for supporting this show. It really helps keep it going. I love you so much. Thank you. And if you're not already a premium subscriber and you want kisses from me, visit plus.darknetdiaries.com. And if you sign up, you'll get an ad-free version of the show, plus 11 bonus episodes. This episode was created by me, the Root Canal, Jack Rees Sider. Our editor is the...

Drop Tables, Tristan Ledger. Mixing done by Proximity Sound, and the intro music is by the Mysterious Breakmaster Cylinder. Of course I use a password manager. It's called the Dark Web. Have you heard of it? It's got everyone's password on there. You can look up mine or anyone else's. It's real easy. This is Darkness Diaries.