[HN Gopher] Finland's most-wanted hacker nabbed in France
___________________________________________________________________
Finland's most-wanted hacker nabbed in France
Author : impish9208
Score : 95 points
Date : 2023-02-05 20:44 UTC (2 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| m00dy wrote:
| >>> "It was a huge opsec [operational security] fail, because
| they had a lot of stuff in there -- including the user's private
| SSH folder, ..."
|
| no shit sherlock
| [deleted]
| hnthrowaway0315 wrote:
| I don't get the logic here. If I had the ability to pull off a
| sophisticated hack, why shouldn't I sell my skill to say a
| corporation or intelligence agency but instead tried to grab
| quick dough and got caught? Am I stupid enough to believe that I
| can be out of the radar of state power?
| [deleted]
| Hamuko wrote:
| Nothing about this was sophisticated.
| potrebitel wrote:
| > "Finnish police said Kivimaki also used the nicknames "Ryan",
| "RyanC" and "Ryan Cleary""
|
| There used to be a user on HN, going by the nickname "ryanlol"
| [0] who seemed to have (had) good hacking knowledge. Could be the
| same person, could be not. But they had good comments here and
| there, was fun to read back then.
|
| [0] : https://news.ycombinator.com/user?id=ryanlol
| jacquesm wrote:
| He got warned by his buddy nachash that he should unplug his
| internet connection if he didn't want to spend time in jail
| again.
|
| https://news.ycombinator.com/threads?id=nachash
|
| He didn't take that advice.
|
| He's been on HN under a large number of accounts, in particular
| giving people advice on obtaining alternate identification
| papers (Romania was mentioned in particular).
|
| So much for that I guess.
| rdl wrote:
| I assumed that was the "real" Ryan Cleary (LulzSec), not the
| Finland guy who was impersonating him.
| jacquesm wrote:
| https://stylometry.net/user?username=ryanlol
|
| The first 10 are afaik accurate, the last stopped posting 3
| days ago so that's a point of evidence.
| orwin wrote:
| I don't know if this is ridiculous or sad...
|
| The guy obviously need psychiatric advice and "hacked" then
| blackmail a psychiatric institute.
|
| But good job by the Courbevoie police. If it was any city north
| of Asniere i would have been more than impressed by the changes
| of our police force, but still, responding quickly to domestic
| violence even in a rich city is an improvement compared to five
| years ago. Still nowhere close to Spain, but baby steps.
| zoover2020 wrote:
| Shame their talent couldn't be used to do good indeed.
|
| Although posts about relatively young hackers who went the rogue
| black hat route always intrigue me.
|
| I used to be a super curious script kiddy but fortunately found
| my solace in programming (relatively unharmful) scripts for games
| and private servers that'd only affect virtual economies.
|
| But I also used to stroll gray/black hat forums out of curiosity
| and always wonder where I would've eventually end up if I did go
| down that path.
|
| Fortunately, I'm in FANG now and make good bucks to never have to
| consider black hat again.
|
| It's just in the back of my mind: what if ...?
| dry_soup wrote:
| There wasn't much talent involved in this hack. The CEO and
| solo self-taught developer of the psychotherapy place left a
| test server running on the public internet with the username
| and password root / root.
| rippercushions wrote:
| Context on his most notorious hack:
| https://en.wikipedia.org/wiki/Vastaamo_data_breach
|
| IMHO Zeekill represents the very worst kind of hacker: a greedy
| troll script kiddie who knows just enough to cause damage, and
| doesn't give a shit about the very real human cost.
| boeingUH60 wrote:
| > Security experts soon discovered Ransom Man had mistakenly
| included an entire copy of their home folder, where investigators
| found many clues pointing to Kivimaki's involvement.
|
| The bane of every criminal. You only have to make one mistake to
| get caught and there are many chances to make that mistake.
|
| Many criminals on the run assume they're smart, but luck plays a
| big role in getting caught or not...I mean, this guy got caught
| because of an unrelated case of domestic violence.
| ChuckNorris89 wrote:
| Indeed, a lot of criminals think they're smart and that they'll
| never get caught while they do stupid shit.
|
| An acquaintance of mine tried to dodge his mandatory military
| service by moving to the neighboring country and would
| (foolishly) drive to his family across the border every now and
| then thinking that because Schengen has no borders he would
| never get caught.
|
| And it worked for a couple of years, until one day when a
| police car stopped him for a busted tail light and handed him
| over to the military police.
|
| If you're gonna break the law, you at least gotta be smart and
| careful about it.
| ghaff wrote:
| Some variation of not breaking ties with (supposed) friends
| and family generally is a pretty common theme in people
| getting their cover blown.
| capableweb wrote:
| > And it worked for a couple of years, until one day when a
| police car stopped him for a busted tail light and handed him
| over to the military police.
|
| Hence the always-true adage: If you're gonna break the law,
| only break one law at a time, not multiple.
| namaria wrote:
| You only hear about criminals that get caught...
| GuB-42 wrote:
| Even if criminals do no get caught, we know they exist when a
| crime has been committed and we don't know who done it. In
| fact, there are famous criminals who never got caught. Like
| the Zodiac killer.
|
| Now, if you manage to hide your crime too...
| pasiaj wrote:
| This was one nefarious operation by the hacker:
|
| - He hacked the patient files of a psychotherapy center Vastaamo.
| This included therapy notes for more than 22.000 patients.
|
| - First the hacker blackmailed the therapy center.
|
| - Next he started blackmailing individual patients.
|
| - Finally he released the files online revealing very private
| information on thousands of patients.
|
| I can only imagine the horror felt by the people whose therapy
| notes were made public.
| jnsie wrote:
| Absolutely heinous
| tough wrote:
| and exactly why a paranoid person like me might abstain from
| ever seeking counsel from a therapist.
|
| Not worth it
| threatofrain wrote:
| I don't know if it would work but you might ask the
| therapist to have in writing that they will never take
| records of your sessions except for the bare minimum
| required by accounting.
| Sakos wrote:
| This depends on where you live and what the facility is
| like, no? At least in Germany, patient records like therapy
| notes are _only_ hard copy. I don 't see why they should
| ever be digitalized and I'd never go to a therapist or a
| facility that did have notes in digital form. I'm not
| particularly paranoid either, I'm just aware of how common
| it is for companies to be hacked and how rarely they face
| any consequences for not sufficiently investing in IT
| security.
| mikkohypponen wrote:
| Chapter from my book, about Case Vastaamo:
| https://ifitssmartitsvulnerable.com/s/vastaamo_excerpt.pdf
| jacquesm wrote:
| So, you get to add another set of paragraphs. Excellent
| writing by the way.
| moremetadata wrote:
| And you seriously think the State hasnt done this for years, in
| plain sight, starting the day you born? You have a lot to
| learn.
| bawolff wrote:
| I wish we would stop calling these types of people hackers and
| just call them extortionists. The fact a computer was used to
| commit the crime really changes nothing about the crime.
|
| If he physically broke in we wouldn't call him a nortorious
| lockpicker.
| grugagag wrote:
| Hacker turned extortionist sounds like a better description
| of this guy.
| momeunier wrote:
| I thought the problem with Vastaamo was that the CEO was in
| charge of the mysql database and he was basically a hobbyist
| that didn't care much for security. (yeah zero proper sources
| for that... my level of Finnish is terrible) And then Murphy's
| law kicked it. A vilain nabs the data for free and does his
| thing.
| [deleted]
| Hamuko wrote:
| MySQL server was without any kind of firewall protection for
| about 1.5 years, and the root account had no password.
|
| https://www.iltalehti.fi/digiuutiset/a/69314f2e-bb1c-4ea0-8a.
| ..
| Sakos wrote:
| The guy should be in jail with the hacker. That's crazy.
| jacquesm wrote:
| Jails would not be large enough if everybody that exposed
| customer data would end up in jail with the hacker.
| Sakos wrote:
| I think if it did start happening, CEOs and management
| types would start caring about IT security to avoid being
| put there.
| capableweb wrote:
| That was truly horrible, despicable.
|
| But I personally relate more to the horror the hacker put
| himself through:
|
| > security experts soon discovered Ransom Man had mistakenly
| included an entire copy of their home folder
|
| > "It was a huge opsec [operational security] fail, because
| they had a lot of stuff in there -- including the user's
| private SSH folder, and a lot of known hosts that we could take
| a very good look at,"
|
| What a huge flop! I can recall feelings myself publishing
| things I shouldn't, but the entire home directory, including
| private keys and everything? I'd die of shame.
|
| Still, really terrible behavior from him, he deserves whatever
| punishment is coming for him.
| closewith wrote:
| Does Finland have a legal doctrine that makes evidence
| inadmissible in court if it was illegally obtained? I wonder
| could law enforcement use admissions of criminal activity in
| the released notes as evidence against patients?
| to11mtm wrote:
| > I can only imagine the horror felt by the people whose
| therapy notes were made public.
|
| I might be in the minority here, but frankly I'd be -happy- to
| actually be able to see a therapist's notes on me. At least in
| my region, one of the first things you sign before any therapy
| begins usually contains a paragraph that such notes are 'IP' of
| the therapist/provider and thus something you as a patient are
| never allowed to see.
| MidnightBullet wrote:
| Sounds like something that would break GDPR
| closewith wrote:
| In the EU, at least, you have a right to all information that
| a healthcare provider holds about you, so either an
| administrative request or data subject access request will
| get you that data for free, and without the possibility of it
| being used against you by third parties.
| pasiaj wrote:
| [dupe]
| Hamuko wrote:
| > _hacked the patient files_
|
| By accessing a publicly available database server with default
| authentication details.
| sourcecodeplz wrote:
| Why would the records be in a database in the first place? That
| seems like such a sensitive type of info, at least don't attach
| real names to them geeZ.
| VWWHFSfQ wrote:
| where else should they put them
| sourcecodeplz wrote:
| On paper I imagine but I wouldn't know.
| lalopalota wrote:
| filing cabinet
| grugagag wrote:
| I was wondring too what's the need of overdigiting
| everything in psychiatry. Sure, stuff becomes searchable
| and is easy to archive but the the risks don't compare with
| locked down file cabinets.
| spyremeown wrote:
| Definition of a script kiddie with too much time on their
| hands... I hate people like him. Could've done something good
| with his life (like getting into info/cybersec!).
| boomskats wrote:
| > like getting into info/cybersec!
|
| I'd argue that's exactly what he did. He's just gone for the
| Mitnick method.
| spyremeown wrote:
| Mitnick was (is) great at social engineering. This dude is
| just an a-hole.
| bawolff wrote:
| Tbf the average infosec job is writing lots of policies,
| checking to see if people follow them, writing reports, nagging
| teams to update their outdated dependencies, etc. Of course
| there are many types of infosec professionals and not all
| infosec jobs are like this, but i kind of doubt someone like
| this would be all that happy in an entry level infosec job.
| kzrdude wrote:
| He's got a real named reddit account, that's an interesting
| choice.
| grugagag wrote:
| He could've used that as decoy while posting bad stuff with a
| different account.
| joemazerino wrote:
| Blackhats are notorious for bad opsec.
| namaria wrote:
| Blackhats that get caught get notorious...
| lefstathiou wrote:
| It's a losing proposition eventually even for the ones that
| don't. They are competing against significantly more people
| with significantly greater resources and access. It's like
| those hackers that held up the energy company a few years ago
| and woke up one day to find their anonymous crypto wallets
| empty. Was supposed to be impossible but that doesn't account
| for America literally owning the internet back bone. Cause
| enough trouble and they'll show up at your door. The only
| protection is state sponsorship (ie Russian and Chinese
| hackers on government payroll).
| namaria wrote:
| Limiting scope of activity is opsec
| seb1204 wrote:
| Came here to ask why he is called a hacker when he is clearly
| lacking in the responsibility and do no harm side. Cracker,
| Blackhat or script kid...
| ed25519FUUU wrote:
| Fitting that the criminal blackmailing people with their own
| personal information accidentally uploaded his home folder,
| including his SSH keys and known_hosts file.
| grugagag wrote:
| Sounds like kharma caught up with him swiftly
___________________________________________________________________
(page generated 2023-02-05 23:00 UTC)