Julius Kivimaki, a 17 year old teenager has been found guilty of 50,700 instances of computer hacks in Finland. The teen was also known as “Zeekill” and “Ryan” was convicted of a variety of hacking and other charges including credit card fraud. The teen was arrested in September 2013.
Lizard Squad claimed notoriety back in 2014 for offering DDOS (Distributed Denial of Service) services for just $6 per month, although their site and twitter account now appear to have been shut down.
Despite the large nature of the attacks Julius has not been jailed, but instead sentenced by the District Court of Espoo to a two-year suspended prison sentence. In addition, the teen had his computer confiscated and was ordered to hand over €6,588 ($7,300) worth of property determined to be have been obtained directly from his crimes.
The judge appears to have taken into account the age of Julius who was only 15 \ 16 at the time of the crimes back in 2012 and 2013:
Some concerns have been raised about the leniency of the sentence, and whether it would act sufficiently as a deterrent for other people to carry out similar crimes.
The teen was linked to the hacking group Lizard Squad, which later claimed responsibility for the PSN and Xbox Live Christmas downtime. This was their response at the verdict:
And referencing possible charges in the US:
Adobe’s ColdFusion Vulnerability
Many of the attacks were a result of a vulnerability in Adobe’s ColdFusion software. Julius was able to install “backdoors” into many thousands of computers, allowing personal and confidential information to be retrieved from them.
In addition, it was reported that Julius had installed software onto about 1,400 of the computers in order to turn them into a botnet, allowing him to launch DDOS attack. DDOS works by bombarding the targeted server with requests causing it to become overwhelmed until it becomes unresponsive.
Other attacks included:
- Attacks on ZDNet & chat tool Canternet – Chat logs were found on the teen’s PC that indicated he used the botnet to attack these sites.
- Attack on Massachussetts Instistute of Technology (MIT) email system – The teen apparently set up a site on a server run by Harvard University and redirected all MIT internet traffic through it, where it could be examined. Educause, the provider of MIT’s email system incurred more than $213,000 in costs dealing with the attack.
- MongoHQ – The teen was also accused of obtaining login details to the Californian database provider and retrieving payment card and other billing information. This was then used to make online purchases (including champagne and shop vouchers) on at least 21 occasions and it was noted that the information was also passed on to third parties.
- Money Laundering – By using the Virtual Currency Bitcoin proceeds of crime were then laundered. The teen apparently used this to fund a trip to Mexico.