Julius Kivimaki, a 17-year-old Finnish teen, was arrested for, taken to trial over, and has since been convicted of 50,700 cybercrime offenses, most of which are related to hijacking emails, blocking traffic to sites, and credit card theft.
Despite the relative severity and aggression of these crimes, Kivimaki – who used the nickname “Zeekill” – will not see any jail time. Instead, he’s received a two-year suspended prison sentence. He will also have to hand over his computer and pay approximately $7,300 USD for items he obtained through the crimes he committed.
“[The verdict] took into account the young age of the defendant at the time, his capacity to understand the harmfulness of the crimes, and the fact that he had been imprisoned for about a month during the pre-trial investigation,” said a statement from the court.
Judge Wilhelm Norrman noted Kivimaki committed a majority of his crimes between the ages of 15 and 16 years old, in 2012 and 2013. During this time, Kivimaki compromised more than 50,000 computer servers by exploiting vulnerabilities in a software program they ran called ColdFusion. Basically, he installed “backdoors” into tens of thousands of computers, which allowed him to retrieve information stored on them.
Prosecutors also accused him of adding malware to about 1,400 of the servers which, in turn, allowed him to create a botnet that he used to carry out denial of service attacks on other systems. For those unfamiliar, this action bombards affected computers with internet traffic, causing them to be overwhelmed.
Among the evidence presented were chat logs on Kivimaki’s computer in which he details how he had used the botnet to attack the news site ZDNet and the chat app Canternet.
Additionally, Kivimaki was accused of helping steal 7GB of data from email servers belonging to MIT. Educause, the company that provided MIT its email infrastructure, estimated it had incurred more than $213,000 USD worth of costs as a result of Kivimaki’s actions.
Kivimaki was also accused of obtaining credentials to access accounts belonging to MongoHQ, a website database provider. This information allowed him to search billing and payment card information belonging to its clients, which he then used to make online purchases 21 times; he also shared this information with others.
The last thing worth pointing out is that Kivimaki was found guilty of being involved in a money laundering scheme involving Bitcoin; evidence points to his having used the money he received from this arrangement to fund a trip to Mexico.
A cybercrimes consultant for Europol expressed concern about the relative lightness of the sentence.
“Whilst I'm sure the courts considered all the circumstances surrounding the conviction and the sentence that was warranted, there is a question as to whether such sentences will act as a deterrent to other hackers,” said the consultant, Alan Woodward. “It is not necessarily the place of the courts to factor in deterrence in their sentences.
“However, if I were another hacking group, was not that bothered about just having something on my record, and saw someone attract a suspended sentence for over 50,000 hacks, some of which caused significant damage, I don't think it would cause me much concern,” he added.
Kivimaki has been linked to the hacking group Lizard Squad, which has been accused of executing attacks on Sony and Microsoft. While none of Lizard Squad’s activities were mentioned during Kivimaki’s courtroom proceedings, members of the group were quick to take to Twitter to boast about the lightness of his sentence.
One tweet read: “Zeekill got a suspended sentence for 2 years. 0 time spent in prison.”
Another said: “Basically he'll be monitored for 2 years by the local police. Gotta love Finland :).”
A final message read: “All the people that said we would rot in prison don't want to comprehend what we've been saying since the beginning, we have free passes.”
Via BBC
Advertisement
Learn more about Electronic Products Magazine
