Julius Kivimäki, one of Europe’s most sought-after cyber criminals, has been sentenced to more than six years jail for attempting to blackmail more than 30,000 individuals whose confidential therapy notes he pilfered.
Kivimäki, also known online under the moniker “Zeekill” obtained these notes by breaching the databases of Finland’s largest psychotherapy company, Vastaamo in late 2018 and early 2019.
Following a failed attempt to extort the company for 40 Bitcoins, which were equivalent to about 450,000 Euros at the time, Kivimäki resorted to directly reaching the patients via email and threatened them to expose the private information they had shared with their therapists.
Vastaamo data breach is considered as the largest and one of the most disturbing breaches in Finnish history with regards to the sheer overall impact of the hacking incident.
Despite maintaining his innocence throughout the proceedings, Kivimäki now aged 26, evaded authorities and was arrested in Paris under an assumed identity. Even during the trial, he absconded for over a week after refusing to return to prison as ordered by the court.
The judges, upon rendering their verdict, found Kivimäki guilty on all counts, condemning his blackmail as “ruthlessly taking advantage of another person’s vulnerability.” The BBC first reported the conviction.
The severity of Kivimäki’s sentence—six years and three months—marks the culmination of a cybercrime spree that commenced when he was merely 13 years old.
Kivimäki was a prominent figure amongst teenage cyber gangs that operated between 2009 and 2015. He was arrested in 2013 at the age of 15, but received a juvenile non-custodial two-year suspended sentence.
The lenient punishment likely failed to dissuade him, as Kivimäki was swiftly implicated in several other hacks carried out with adolescent cohorts before vanishing for years.
Kivimäki’s name resurfaced in 2020, in connection to the Vastaamo hack, where after failed negotiations with the company he demanded $240 from the patients in exchange of deleting their sensitive information.
Kivimäki himself led back law enforcement to him. Finnish investigators from the National Bureau of Investigation (KRP), in collaboration with Binance, followed the trail of payments to Kivimäki, who exchanged the funds for Monero and then exchanged them back to Bitcoin. The digital forensics and cryptocurrency tracing played pivotal roles in securing his conviction.
Taking into account Vastaamo’s position as a company producing mental health services, Kivimäki has caused great suffering or the risk of it to the interested parties,” BBC cited the verdict document saying.
Vastaamo’s CEO, Ville Tapio, was also found guilty of failing to safeguard customers’ confidential data. Investigations revealed that the company’s databases were susceptible to exploitation due to inadequate safeguards. Tapio received a suspended three-month prison sentence last year, while the Office of the Data Protection Ombudsman imposed an administrative financial sanction of 608,000 euros on Vastaamo.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
