Jack Rhysider

So you first came on my radar when I was researching a story. I think it was video game cheats. And I was like, trying desperately to find video game people who are selling video game cheats and nobody wanted to talk with me on the record. I found a couple people that were just willing to chat only, but never, like, audio. And then I found an interview you did with somebody who's just like, yeah, I sell video game cheats. He's like 14 or something. And I'm like, how did you find this guy? And so ever since then, I've had just so much respect.

Joe Tidy

Respect.

Jack Rhysider

And reading this book is once again a testament of just how deep you can get into this community and reach these people. And so, really, hats off to your ability to infiltrate the hacking world.

Joe Tidy

Thank you very much. Yeah, it's become something of a specialty. But, I mean, really, I'm always surprised they want to talk, but they do. I think there is a thing in hacking in cybercrime where, as well as the kind of anonymity that it brings, I think people like to brag and they like to show off.

Jack Rhysider

Yeah, yeah. So. So I think that leads us right into the first question, which is, who are you and what do you do? And how did you. And how'd you get there?

Joe Tidy

Well, my name is Joe Tidy and I am the BBC's cyber correspondent. That means I cover hacking, cybersecurity, data protection online, harms, AI and a bit of crypto as well. And I been working the BBC now for about. I think it's seven years in this. And before that I was at Sky News and I was a general correspondent at Sky News, doing all sorts of bits and bobs. But then in 2014, there was this amazingly huge and incredible DDoS attack on Sony PlayStation Network and Xbox Live, which took down those services over Christmas, Christmas Eve and Christmas Day, and it was headline news. And my boss came in and said to me, right, these gang, these teenagers called Lizard Squad, you gotta. You gotta find one of them. We want a lizard on air tonight. Is the phrase lizard on air. Me, a lizard on air tonight? Yeah.

Jack Rhysider

Do they know what kind of ridiculous ask that is to get a lizard on air tonight? Like on camera even?

Joe Tidy

Yeah, exactly. Yeah, not even. Not even. Just, you know, text interview. They wanted them on camera within, I think it was 10 hours when we were going to be on air. And I thought to myself, well, this is impossible.

Jack Rhysider

Joe miraculously pulled it off. He got someone from Blizzard Squad to come on TV and answer questions.

Joe Tidy

Speaking to us from Finland, this man who calls himself Ryan, says he is one of the hackers. Why? Why did you do this? It affected so many people. It ruined Christmas for potentially millions of people.

Julius Kivimaki (as 'Ryan' in interview)

Why? We did it mostly to raise awareness, to amaze ourselves. Also, one of the big aspects here was raising awareness regarding the low state of computer security at these companies, because these companies make tens of millions every month from just their subscriber fees, and that doesn't even include purchases made by their customers. They should have more than enough funding to be able to protect against these attacks.

Joe Tidy

Do you not feel guilty that you've taken so much enjoyment of gaming away from more than 100 million people over this Christmas period?

Julius Kivimaki (as 'Ryan' in interview)

I'd be rather worried if those people didn't have anything better to do than play games on their consoles on Christmas Eve and Christmas Day. I mean, I can't really say I feel bad. I might have forced a couple of kids to play, spend their time with their families instead of playing games.

Jack Rhysider

I can't believe that clip. This kid calling himself Ryan appearing on Sky News, not hiding his face or voice at all, admitting to taking down Xbox Live, PlayStation. And I just can't believe Joe got that interview. It takes a certain amount of finesse and diligence to get hackers to talk, I should know. But he's got just what it takes to make it happen and he just.

Joe Tidy

Didn'T give a damn. He didn't care. All the, all the chaos that he was causing, all the headlines around the world, people going, what is going on with Xbox and, and, and Sony PlayStation? This is absolutely a monumental cyber security issue here. And this kid was laughing at the whole thing. And that just made me think, wow, the power that they can wield from keyboard and mouse. And it just really struck me. And from then on, it then on out, I was just, yeah, hooked on, on hacking and cyber and have been ever since.

Jack Rhysider

These are true stories from the dark side of the Internet. I' Jack Resider. This is Darknet Diaries. This episode is sponsored by Deleteme. Deleteme makes it easy, quick and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable. Deleteme does all the hard work of wiping you and your family's personal information from data brokers, websites and then continues to monitor and remove personal information that you don't want on the web. Plus, the New York Times wirecutter has named Deleteme their top pick for data removal services. Privacy is super important topic to me. So a few years ago, I signed up and Deleteme immediately got busy scouring the Internet from my name and gave me reports on what they found. Then they got busy deleting things. And it's great to have someone on my team when it comes to my privacy. Take control of your data and keep your private life private by signing up for Delete Me now at a special discount for my listeners. Get 20% off your delete Me plan when you go to join deleteme.com darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to join deleteme.com darkNETdiaries and enter code DD20 at checkout. That's join deleteme.com duo darknet diaries code DD20 this episode is sponsored by Shopify. Starting a new solo project is really overwhelming. When I started this podcast, I suddenly had to worry about writing, editing, researching, interviewing, and so much more all alone. When you're starting something new, finding the right tool that not only helps you out, but simplifies everything can be a game changer for millions of businesses. That tool is Shopify. Shopify is the commerce platform behind millions of businesses around the world and 10% of all e commerce in the US from household names like Mattel and Gymshark to my own T shirt shop which is shop.darknetdiaries.com and I love Shopify because of how easy it makes getting my business online. And once it's there, Shopify has built in tools to help me create, execute and analyze my online marketing campaigns. So get started with your own design studio. With hundreds of ready to use templates, Shopify helps you build a beautiful online store to match your brand style. If you're ready to sell, you're ready for Shopify. Turn your big business idea into With Shopify on your side, sign up for your $1 a month trial and start selling today at shopify.com darknet go to shopify.com darknet shopify.com darknet the reason why I wanted to talk with Joe Tidy today is because he just published a book called Control Alt Chaos and I just finished reading it. It's great. It starts out in 2020 with a cyber attack in Finland.

Joe Tidy

There was this incredibly sinister and cruel cyber attack in Finland and it shocked the world. And it was for my money, the the worst and most nasty, cruelest, darkest cyber attack in history.

Jack Rhysider

The worst, most nasty, cruelest and darkest cyber attack in history. Oh, I mean, I want to drive straight into that story. But before we hit the Gas. Let's try to guess at what it could be. What comes to mind when you hear that? Like maybe a hospital system brought to its knees where lives are on the line. Or maybe a pipeline gets shut down, there's fuel shortages, chaos everywhere. Or maybe an entire government agency gets compromised and state secrets are exposed. Well, those are all serious and probably scary, but I don't sound like the nastiest to me. Let's think smaller, closer to home, more personal. Is there something, some piece of data on you that, if exposed, would make you feel fear? Like a deeply disturbing fear? Maybe it's your photos getting out. You probably just publish your photos online anyway, so that's probably not it. Okay, well, what about your text messages? Are those private enough? That would cause a lot of fear if they got out. Maybe your location data or maybe your password getting leaked. All right, fine. Guessing game is over. Let's hear what it was.

Joe Tidy

So the Vestamo cyber attack was in October 2020. And the first we heard of it was that there was someone on a forum in Finland on the darknet who was saying that they were calling themselves Ransom man. And they were saying, I have hacked the Vestamo psychotherapy center. I have got the. All the personal details of all the clients of this ginormous chain of psychotherapy centers. So this. This is a really well known company in Finland, a kind of social good company that was. That was very, very popular. They were offering people psychiatrists, psychotherapists, that kind of thing. And they had dozens of centers popping up all over Finland. They had a very famous and recognisable logo of a green speech mark. I think Vestamo translates as the answer machine or the place to go for answers. So in a small country like Finland, everyone knew Vestamo because if you didn't go to it, you knew someone that probably went to it. So when this Ransom man popped up on the darknet on a. On a website which is now gone, but it was called Turrelauta. And he said, I have hacked Vestamo. I've got all of this information. Not only have I got the information from the patients about, like, name, address, email, phone number, Social Security number, I've also crucially and cruelly got all their therapy notes as well. So that's 33,000 people who are potentially going to have their, you know, deepest, darkest secrets exposed online.

Jack Rhysider

There it is. The notes your therapist took when you spilled your most personal and private thoughts to them. That, in my opinion, is in fact, the cruelest piece of personal data that someone could hold for Ransom, especially because you didn't do anything wrong. You were just talking to your therapist. But this Ransom man guy was talking with Vestamo, telling them, hey, I hacked your company, I stole your patient records, and all I want is bitcoin or else I'm going to release it to the world. Vestamo contacted the police, who took over communication directly with this hacker, and they were trying to get as much information as they could from this guy. But that went on for six weeks. And Ransom man felt like it wasn't going anywhere and needed to up the pressure to show that he's serious.

Joe Tidy

And Ransomman said, I have been trying to get €400,000, which I forget how many bitcoins it was at the time, but that's how much it equated to. I've been trying to get that off the CEO of, and they're refusing. The company's refusing to pay. So now I'm going to release 100 records every day until they pay me.

Jack Rhysider

Of course, the Finnish police were already very aware of this situation because they were working with Vestamo to try to catch this guy. So they noticed this post right away and start archiving anything, looking for clues. And yes, the first day he did release 100 records. Everyone's worst fears were a reality.

Joe Tidy

It's. It's the kind of stuff that is a nightmare for people who are vulnerable. They're struggling already with their mental health, and then to have this kind of information out there, it's anything you can imagine. So we know now that Ransom man took a lot of time choosing which hundred to release. He wanted the most salacious ones he could find. He wanted the most harmful ones he could find. So he did searches for things like rape fantasies, child abuse, police as well. At one stage, he was searching for that kind of keywords in the database, and he posted these. These first hundred.

Jack Rhysider

Now, typically, when you see someone post a snippet of breach data to a darknet forum, saying you hacked into something, people think it's funny and maybe even cheer for you. But he didn't see any of those kind of reactions.

Joe Tidy

He chose sites that you'd think that would be, you know, acceptable to this kind of crime and this kind of maverick approach to morals, I suppose you could put it that way. As well as posting on Turril Alta, he posted it to a clearweb forum called Yolauta, which was known as, like, Turi Lauter, known for being a place a bit like 4chan, you know, that horrible website, 4chan, where it anything goes and edge Lords rule. And the more offensive you can be, the better. And the two place, those two places that he posted. What I was really surprised at, looking back through the logs and research for the book, was just how much hatred he got straight away. There was no respect for him. There was no, wow, well done. You've done a crazy thing. Awesome. Everyone was very, very angry. There wasn't much love at all for Ransom Man. And what I found really interesting is if you look through the, the back and forth that he has over the hours that he's on both those websites, people are saying, you're a script kiddie, go and kill yourself. There's a special place in hell for you. All these things being thrown at him. And quite quickly it got. His post got marked as being sign of criminality on the Yalta website, so they took it down. But on the Darknet one, it stayed there. And he carried on, he carried through with his threats. Every day he posted a hundred more records.

Jack Rhysider

I mean, I think this might even be an instance where I'd call him a script kiddy myself. Normally I would never call anybody that, except maybe myself, because the term is usually derogatory. Script Kitty is just a beginner hacker who doesn't know what he's doing. But I like beginners. We all have to start somewhere. Beginners aren't a problem. But the reason why I might call this guy a script kiddie is more because of the you don't know what you're doing part. Holding this kind of sensitive data hostage. Dude, that's messed up. You can't mess around with that kind of data like that. This whole thing just strikes me as being so reckless and careless for other people's most inner private details getting out. He's got an unbelievable amount of highly personal data and he's weaponizing it in order to profit from it. It's like he doesn't care how much people he hurts from this just so he can try to extort this company. It does seem like he's really grasping for something here. What? Fame, money, respect. But he's just not getting it from anyone.

Joe Tidy

Ransom man even joked about that. He said that getting into this database that was holding all this really private data was really easy. He said there was no password, it was root, root. And he. And he put that on the forum and people kind of laughed along with it, in a sense. But then there was also the, the idea that he was out of his depth. People were accusing him, Ransom man, of being an amateur, of not knowing the difference between profit gross profit net, accusing him of asking the company for too much money. And what's funny about the exchanges on, on the, on the forum is that he's constantly having to defend his actions as a hacker. He's saying, like, no, no, no, I've done loads of hacks and this is just one of them, and I know what I'm doing, and trust me, I'm a serious cyber criminal. But people weren't really buying it. But what was also quite troubling and scary is that there were a couple of people, whilst most people on the forum were having a laugh with it and trying to make him feel bad for what he's done, some of them were posting, saying, hang on a minute, this is my data. Please, please don't. Don't post it.

Jack Rhysider

So that was the first day already. It stirred up some people pretty bad. But Ransom man promised another 100 more every day.

Joe Tidy

And then, like clockwork, the next day, another hundred. And then, like clockwork, the next day, another hundred. And obviously, as you can imagine, it was getting picked up now by news organizations around the world. People in Finland were getting extremely worried and concerned about it, and there was nowhere to turn to because Vestamo was in absolute chaos.

Jack Rhysider

Vastamo stayed quiet through all this, partially because they were working with the police to try to catch him, partially because they were speaking directly with Ransom man over email. Their customers were freaking out, and they were trying to focus on this catastrophe at hand.

Joe Tidy

So 300 different patient records now on the Internet for anyone to download, and all you had to do was click on. On one of the links and then you've got access to the. All of the. The data. And in some cases, some of these people would be regular clients and patients of Vestamo, so they would have maybe a year's worth of therapy notes. And these are kind of like typed out by the therapist. And it'll be things like, today we talked about this. They wanted to say this. I think it could be to do with this. So you can, you can imagine what types of information and details there are put in there by the therapist. And if you look at the whole thousands of people that were affected by this, some of them were regular Vestamo patients. So they would have. Would have had a huge amount of detail. Some of them were infrequent and some of them were, you know, only one or two visits. But the first 300 people that had their notes exposed, they were chosen specifically because they were the most deep and upsetting. And I think, you know, we know now that he knew exactly what he was doing when he chose those.

Jack Rhysider

Gosh, how awful to be one of those people who trusted this company with their innermost secrets, only to have it all posted publicly for anyone to see. That would absolutely rattle me to my core. I would simply be frozen for a solid week, unable to move, not knowing how my friends or family or co workers will react if they read it. And I guess this is another lesson in protecting your own data. Just because something is supposed to be safe and secure doesn't mean it is. Companies might say they treat your data with the utmost privacy, but actually they don't do as good of a job as they should. And it's just one of those reminders that you are the only one who will treat your data with the privacy it deserves. So make sure you're doing it.

Joe Tidy

But what he did next was he made probably the biggest mistake in the history of cybercrime because he thought, I'm going to be helpful here. So he told the forum users, here's a large folder. You can download the whole. The whole thing, instead of having to go to 1, 2, 3, download links here. Here it all is. But what he accidentally did was posted his entire home directory and the entire list and all the data from the 33,000 patients. So in that one upload, he gave away all his bargaining chips.

Jack Rhysider

He posted it late at night and went to sleep before realizing his mistake. Of course, by this point, a lot of cybersecurity researchers were keeping a close eye on him, including the police. And when they saw this post, they all immediately tried grabbing this tar folder with all the data. But since he posted it on the darknet, on Tor, it was an extremely slow connection, so nobody could really grab it. There just wasn't enough bandwidth, and everyone was getting extremely slow download speeds.

Joe Tidy

There was a couple of people on the forum in the morning who were talking about, oh, I got five megabytes here, one megabyte here. But this file was 10 gigs big. So, you know, and the kind of. The slow Internet speeds that you get on the Darknet meant that people weren't able to download the full thing. Plus, there was a. There was a little bit of luck that Ransom man had as well. He ran out of storage space or something, and it kind of. It locked out and went down overnight. So it didn't allow many people to have full access to it, but there were some who did, and there were some that managed to get a decent chunk of that file.

Jack Rhysider

So nobody got the full file. But even just getting the first five megabytes had a lot of very interesting data in it. People were extracting what they could out of it and looking through it and it had loads of patient details, but there was some other stuff in there, details about Ransom man himself.

Joe Tidy

Well, there's this moment where he wakes up and he realizes his mistake and he posts on Turilta. Whoopsie. Enjoy Big Tar. And he puts a smiley face emoticon. What's interesting about that, of course, is that he's playing down what is a serious situation for him. He, he hasn't just given away his entire bargaining chip, he's given away really, really important information that he wanted to keep secret about himself. So very quickly it becomes clear to the police that if he knows what's happened, they need to be quick. And they, very quickly, in the early hours of that morning, they started tearing through this 2 gigabyte file that they managed to download from the Big Tar and they found an IP address, a crucial IP address. It was massive stroke of luck from the police. Not only that, bizarrely, the IP address was for a cloud hosting provider in Helsinki where the, where the investigation was, was taking place. So they. There was this. I spoke to the, the head detective, Marco Leponen, and he said there was this mad race to try and get to the, the cloud service provider, get that computer off the Internet as quickly as possible to stop Ransom man having any control over it. And he says there was a race against time between Ransom man himself. He could see the files being deleted somehow. And he said that he had to get two police officers in a car, sirens going right the way across town to try and get to this place. They had another officer on the phone trying to get through to them in the early hours. They eventually got through on the phone. They had a guy from the company running through the warehouse, finding the server, unplugging it. So that Ransom man had his connection severed. Ransom man trying to delete the evidence from his massive server, which had way more than the Big Tar, of course, that had everything on there. And he was only able to delete a certain amount because they got there just in time and pulled the plug.

Jack Rhysider

Wow, the police were really on the ball here. I mean, holy cow. See, when you're on Tor, the Darknet IP addresses are hidden. These files could be hosted anywhere in the world and the police would have absolutely no idea where to look to find Ransom man or where the files are hosted. Hosted. But this file he posted pointed exactly to where those files were hosted. It was a big mistake and it gave the police, their first huge piece of evidence. With this server seized, they took it back to the police station to analyze it.

Joe Tidy

Yeah, they took the server back to their lab in the cyber Bureau, the HQ in Helsinki, and they started going into it and it gave them a wealth of information, not just about that particular hack that took place, but also about the kind of the network and the infrastructure that was being used. What other cloud service storage providers that the ransom man was using? Receipts from certain things, other little nuggets and little breadcrumbs that took them to online accounts which they could, you know, subpoena Google for or whoever it was to get information about individuals. It was a treasure trove. It was an absolute, you know, a boon for the police.

Jack Rhysider

Sounds like ransom man has screwed up way too many times and the cops are closing in on him. What would you do if you were in a situation? Stay with us. We're going to take a quick break, but I guarantee you he does something that you would never think to do. This episode is sponsored by Deleteme. Deleteme makes it easy, quick and safe to remove your personal data online at a time when surveillance and data breaches are common enough to make everyone vulnerable. Deleteme does all the hard work, wiping you and your family's personal information from data brokers websites and then continues to monitor and remove personal information that you don't want on the web. Plus, the New York Times wirecutter has named Deleteme their top pick for data removal services. Privacy is super important topic to me. So a few years ago I signed up and Deleteme immediately got busy scouring the Internet from my name and gave me reports on what they found. Then they got busy deleting things. And it's great to have someone on my team when it comes to my privacy, take control of your data and keep your private life private by signing up for Deleteme now at a special discount for my listeners. Get 20% off your DeleteMe plan when you go to join DeleteMe.com darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to join DeleteMe.com Darknetdiaries and enter code DD20 at checkout. That's join DeleteMe.com DarknetDiaries code DD20. So Ransom man was toast. All the data he was holding for ransom is now out there. So he's got nothing left to threaten vestamo with. And if it was me, I'd be like, oh, crap. And I'D delete everything on my machine and close it and set it on fire and try to disappear as fast as I could.

Joe Tidy

I don't know what goes through his mind, but he sort of thinks, okay, how can I make some money? I've come this far. I need to make some money out of this. So the next step is really, really nasty. He finds the email addresses, obviously, in the stolen data of as many people of those 33,000 patients as he can find. I think it was something like 27 and a half thousand email addresses. And then he emails them every single person, all in one batch, with their name in the email personalized to them with their Social Security numbers. And he says, I've been trying to get Pasta Mode to pay me, so I don't release your data. They are not paying me, so you're going to have to pay me now.

Jack Rhysider

Oh, wow. He contacts every person he can to try to extort the users individually. That is cruel. Like, already they're reeling from their deepest secrets being out there, and now he's hitting them when they're down, saying, give me money and I'll delete your data.

Joe Tidy

Which is €200 worth of Bitcoin. And if they don't pay within 24 hours, it goes up to €500 in Bitcoin. Otherwise, their data will be published online.

Jack Rhysider

And, of course, he cc'd the CEO of Vestamo and their executives. Vestamo goes into full panic mode at that point. Tons of people started calling in who are just now hearing about this, really worried. Not only were they calling Vestama, but floods of people were calling the police, too. And honestly, I can't recall a data breach where the hacker tried to extort all the victims whose data was in the breach. Yes, I know that people comb through data breaches looking for targets to hit. And so the people in the data breach are often victims themselves, but to extort them all like this, that is. That's just something new to me.

Joe Tidy

Yeah, certainly at this scale, never before seen. And if you speak to some of the security experts who are looking at the time, you know, this is a real nadir in cybercrime. This is the lowest of the low. This is a cybercriminal who did something despicable in the first place, failed in trying to extort the company, and now is going directly into the inboxes of these vulnerable people. And the impact that this had is just awful. I've spoken to probably, I think, about 15 of the victims, and you hear some of the stories of the impact it had on them. One of the women that I spoke to said it was. It felt like digital rape, she said, which really has always struck me as just such a horrible proposition and such a horrible description. But it does bring. To bring to life for me what it feels like. You know, having your data stolen, you know, your private data can feel like a burglary, is what some of the victims said. But. But having this particular type of information stolen, it's just such an invasion.

Jack Rhysider

Joe spoke to the lawyer of some of these victims, who told him that some people couldn't handle this news, and they chose to end their own life rather than to face the shame of their data getting out there. It was truly an awful, dark, cruel time for these victims.

Joe Tidy

Yeah, so at this point, the. The story went completely stratospheric, as you can imagine, because people started going online saying, I've been. I've got this email. I'm being ransomed directly. And if the country hadn't been doing much to help people up to this point, suddenly it kind of burst into gear. You had statements from the president, the prime minister. There were meetings held at the highest level of government, trying to work out what you can do for these people, because, of course, the data's. The data's already out there. Although Ransom man was asking for payment, not many people paid. I think about. We know for a fact about 20 people sent ransom man money, but a lot of people were advised, and they got the advice, don't pay. It's too late. The data's out there. If you pay, you're wasting your money. And that was the advice that was given. But the. The police were getting calls from. We're talking 33,000 people, potentially thousands of people, all on that same night, hit with the same email, the same threats. So that's an instant spike in criminal complaints, criminal records and reports needed to be filed. They couldn't cope. There was phone lines set up by Vestamo to try and help people, but they were overwhelmed. The police were overwhelmed. They said, Please don't call 999 or whatever the equivalent is in Finland with an emergency. You need to go to this specific number. This was all happening during COVID as Well. This was October 2020. So the country was already, you know, in a state of panic. There's this picture that I dug up for the book from Twitter, which showed the prime minister and her cabinet sat around a circular table, all socially distanced, all with. All with surgical masks on, looking at this big screen with the Vestamo details on it. And that just really hit home to me. You know, this is such a time of all already, you know, peril for society. And then suddenly you've got this, this ginormous hack, which in a small country like Finland, five and a half million people, as Miko Hyponen said, you know, everyone knows someone who is affected by this.

Jack Rhysider

20 people paid the ransom. That's what, like $6,000 worth of ransom payments that he made from all this. And in total, that's about all he made from this whole thing. Not a very big payday for him compared to how much damage he caused these victims. At this point, the police had been working on this case for almost six weeks and have started to collect some pretty interesting evidence.

Joe Tidy

Well, the. The main detective, Marco Leponen, he obviously, he's very, very happy that they managed to. To secure this. This server that Ransomman was. Was using and running. And he thinks, great, you know, I've managed to. To get something here that's going to really help us. But then, of course, it all comes crashing down for him when he's. His phone just doesn't stop ringing because of victims who've managed to get hold of his number who are calling for help. And there's a sort of scene in the book where Marco feels relieved, but then the phone is going and people are calling saying, what am I going to tell my husband about my affair? What am I going to. How am I going to go into the office on Monday if my colleagues find out what I've said about them? And he, He. It really, really hits him hard and he breaks down and he's crying and he decides to change his phone number and concentrate on the criminal investigation, which is what he does. And he spends the next best part of over a year trying to figure out who Ransom man is.

Jack Rhysider

Over a year? Wow.

Joe Tidy

Yeah. And slowly it dawns on him that this kid or this, this cybercriminal who was famous when he was a kid, infamous rather, is probably the prime suspect. And the name Julius Kivimaki just keeps coming up.

Jack Rhysider

Julius Kivamaki. Of course, his name would come up as a person of interest. It was in the back of a lot of people's minds from the beginning that it might be him. And you know what? You already know who that is. Julius Kivimaki is the guy who took down the Xbox and PlayStation Network on Christmas 2014, the guy that Joe interviewed live on Sky News. You heard his voice at the beginning of this episode. The notorious hacker from Lizard Squad. He's From Finland. He's been involved with some pretty high profile hacks in the past, and he just doesn't seem to care how much trouble he gets in or chaos he causes. Could ransom man be him? Speculators were thinking it, but the investigator, Marco, was finding actual evidence that was.

Joe Tidy

Pointing to him, but he can't find him. He can't find where Julius Kivermaki is to bring him in for an interview. He could be anywhere in the world. Nobody knows where he is. So Marco does the quite extreme move of putting out an Interpol bread notice to try and find out where he is. And I think it was in November 2022 that he put out the, the red notice, which means that if there is a police force in Europe that comes across anyone that, that bears the liking of Julius Kivamaki or, or has any, any likeness to him in terms of the kind of aliases that he's using, that kind of thing, need to arrest him on site in order to, to get, to send him back to, to Finland. And Marco puts out this, this, this red notice and obviously carries on with other, other cases and things and just hopes that somebody somewhere recognizes Kivamaki and brings him in.

Jack Rhysider

Julius was smart about evading capture. He was in hiding using fake IDs and in some other country. There was just no trace of him anywhere. But this is when Joe realized he's talked to this hacker before.

Joe Tidy

As soon as the name came out, as soon as he was wanted with the Interpol Red notice, the cybersecurity world were like, hang on a minute, this is the same kid, or not kid anymore, but this is the same person that was this notorious cybercriminal when he was a teenager. And I was like, wow, I couldn't believe it because I was trying to keep tabs on this kid. I had a feeling that he would be back after the Lizard Squad attacks. And then he comes up and does this and you just think, wow, this, this goes to show that if you don't catch and deal with some of these cyber criminals, they will just keep coming back for more. It's sort of like a, an addiction. If you look at the history of people like Kivamaki, and in the book we go into great detail about, you know, what he did as a teenager, what kind of gangs he was in, the people around him, the culture around him, and there is a kind of element of just addiction and power and greed when it comes to these individuals. And once you get a taste for that hacking life, I think it's hard to let go.

Jack Rhysider

Meanwhile, Vestamo is still reeling from this attack.

Joe Tidy

So if you ask the CEO of Vestamo and the founder of Vestamo, Vila Tapio, he would say that the company could have survived if he'd have been allowed to keep operating it and kind of steered the ship through this crisis. But he was dropped very, very quickly as soon as the investigators began poking around.

Jack Rhysider

When Vestamo got the ransom note from Ransom man, they called the police, and the police took over the situation. They took over the CEO's email, and they were responding to Ransom man posing as the CEO. They were advising Vestamo how to react to everything. And the police weren't trying to save the reputation of the company. They were trying to solve the case of who did it. So they had a totally different priority than maybe the Vestamo leadership. So the CEO of Vestamo didn't have control of the ship in the middle of this crisis. The police did.

Joe Tidy

Not only had Ransom man managed to get hold of this data in 2018, someone else somewhere, we don't know who, we don't know what happened. They got hold of it in 2019, or they had access to it. And there's still a lot of confusion here about whether or not there was a cover up. Tapio denies that vociferously. The IT team that he hired have gone dark. They don't. They don't talk, haven't spoken to anybody. So we don't know exactly the nature of that. But the Vestamo hack, Ransom man, plus this incident in 2019, it just meant the company was in absolute chaos and crisis and legal problems as well. You can imagine data protection authorities breathing down their necks. They had fines to pay. And then you've just got the fact that there was tens of thousands of people who just could no longer trust the company. And the way they handled it was atrocious. People were turning up at the therapy centers demanding their notes to be handed over, and some of the staff were in tears. And it was just utter, utter devastation. And the company collapsed into administration.

Jack Rhysider

The company collapsed. Wow. It's pretty rare for a company to be damaged so badly from a cyber attack that it can't recover and has to shut down like this. And it's wild to think that your whole business could come to a catastrophic end all because of a hacker. But all this does make you wonder, whose fault is it for not securing the customer's data better? And shouldn't they be held responsible?

Joe Tidy

Well, Villa Tapio, the CEO, he has been prosecuted for really for failing to protect the data, but he's appealing that and we don't know what's going to happen with that.

Jack Rhysider

The CEO blames his IT team for failing to protect the data and he blames the police for how badly the fallout was handled. He says when he called the nbi, the National Bureau of Investigation, they locked him out of all decision making and he didn't even know what was being said in emails using his name. And pretty early in the investigation, the NBI filed a criminal complaint against the CEO accusing him of a data protection violation, which led the board to remove him as CEO in the middle of this crisis, while people were trying to call 247 looking for help. So the company was leaderless during all this. And not only was he dismissed as the CEO, but the parent company of Vestamo also sued him, accusing him of failing to protect user data. Villa Tapio, the CEO was convicted in the District Court of Helsinki for data protection violations under the EU's General Data Protection Regulations. He was sentenced to a three month suspended prison sentence in April 2023 after being found guilty of not anonymizing or encrypting the personal data processed at Vestamo. But he doesn't agree with that and he's actively trying to fight that to clear his name. So it's still yet to be seen where he lands. Around that time, someone phones up the Paris police and reports that there's a domestic abuse situation happening. They said there's scary noises, sounds like a scared woman, an angry man, something's going on. Check it out.

Joe Tidy

They get called out to a domestic abuse situation in Paris in early 2023. And they, the police arrive in the early hours. I think it's something like half past six, seven o' clock in the morning to a very quiet part of Paris in the north, I think it's the northwest. And they approach the door expecting potentially for there to be a serious situation of, you know, potentially a, a man abusing a girl, a woman. And they knock on the door and eventually a very bleary, tired looking girl answers the door and she's fine. And the police go in and they find a, a 6 foot 3, blonde hair, green eyed man who's traveling under the name Assam Ahmet. And they think, hang on a minute, this person doesn't look like they, they should be from Romania. So they run some checks and it turns out this isn't a Romanian living in Paris with his girlfriend or wife at the time. This is the wanted cyber criminal, Julius Kivimaki.

Jack Rhysider

So the Vestamo hack happened in 2018. But the ransom attempt and public posting of this data didn't happen until two years later in 2020. And now Julius is arrested in 2023.

Joe Tidy

So they very quickly arrest him and drive him to the police station. And then of course, the call goes into Marco and the team in Finland and they are high fiving around the office. They're screaming for joy because they didn't think that, you know, this, this, this red notice would be so successful. This was only a few months after they put the, they put the call out to other police for help and they had no idea where he was. So suddenly to have this, this arrest take place in Paris meant that they, they got their guy.

Jack Rhysider

So he's sent to jail in Helsinki, Finland and has to face a judge there.

Joe Tidy

So it takes him a good few months to get together the evidence that they need to, to start the trial. And, and the trial takes place in, in Finland, just outside Helsinki. And it's the biggest, biggest criminal case in Finland's history because of the number of victims. And I went along to the first day when Kivamaki was in the dock as a, you know, doing his cross examination. And it was a absolutely rampacked courthouse, as you can imagine. So many people there wanted to know what he would say and how he would sort of get around it. What was interesting as well was there was lots of people watching who were victims in a cinema, in a secret location as well, watching the live feed. But during the trial, about halfway through the trial, somehow Kivamaki's legal team managed to convince the, the judges to let him out on bail because they thought that he wasn't a flight risk. So he was, he was released from prison and he was allowed to do what he wanted as long as he was under certain conditions, like he had to keep his phone on him and go to a police station every couple of days. But just as soon as he was released, the police were like, whoa, whoa, whoa, you cannot let this guy go because he's gonna be, he is a flight risk. He's gonna disappear again because don't forget, he's been, he was wanted and there was a manhunt for him previously. Plus you've got this massive history as well where he just doesn't seem to give a damn about the police. So lo and behold, they say, the judges change their mind and they say, right, come back to prison, please, Kivamaki, we don't know where you are, but, but come in because you've got to come back to prison. And he just refuses. He just says. He answers the phone saying, no, I'm staying where I am. I'll see you in court. But I'm. I'm still. I'm chilling. I'm not going to come into the police. I'm not going to come to prison again until. Until the court case starts. So you had this absolutely absurd situation where a wanted cyber criminal who was found by accident in Paris, brought to Helsinki, largest criminal case in Finland's history, released on bail. Now they want him back and he's saying no mid trial. I just think it was incredible because, of course, all the cases that I've covered, the defendants are always trying to be, you know, as good as possible and try and convince the jury and the judges that they are upstanding members of society and Kivamaki just doesn't care. So the police had to start another manhunt to find out where he is. And Marco is so angry about this, and he's got all the police resources are out there trying to find him. And eventually they manage to track Kivamacki down because he posts a picture of himself or posts a picture of a hand holding a really expensive champagne bottle, and they recognize the room might be something from an Airbnb, and they manage to locate the Airbnb he's in and rearrest him.

Jack Rhysider

9,600 counts of aggravated invasion of privacy. 21,000 attempted aggravated extortion attempts.

Joe Tidy

So those are the emails that they know about. Yeah.

Jack Rhysider

And 20 counts of aggravated blackmail. I mean, this is crazy. 21,000 aggravated extortion attempts. Like, of all the. I've heard people get arrested for like, seven counts of this, 13 counts of that, but 21,000 counts, holy mackerel. Yeah.

Joe Tidy

And, well, that's the kind of preposterous thing about the Finnish justice system, because when you look at it, it's outrageous, isn't it? But actually, if you look at the. The numbers in detail, so the 9,000, 231 aggravated dissemination of information, infringing private life, those are the people that actually filed complaints.

Jack Rhysider

So really, 9,000 people?

Joe Tidy

Yeah.

Jack Rhysider

Like almost like a class action lawsuit with 9,000 complainers.

Joe Tidy

Yeah.

Jack Rhysider

Wow.

Joe Tidy

And then the 20,000 are the emails that they know of. So they were 27,000. I think there were some duplicates. And 20,000 were the ones that they kind of confirmed as being aggravated. And then you've got the 20 aggravated, which is the people that pay.

Jack Rhysider

Yeah. In the US we have civil cases, which is like, you know, a user of the site is claiming damage that the site caused them, you know, reputational damage or whatever. But this is a criminal case where people complained that this particular person, Kiva Macki, has harmed their life in ways that. I think that's also unusual.

Joe Tidy

Yeah. And they're actually thinking of changing the Finnish justice system to cope with this kind of thing. They've never had a court case on this scale where so many individuals go after and accuse one individual of issues of criminality. So there's discussions in the country about how they're going to cope with something that if this happens again, because they, you know, they had to. They're still working through it, to be honest. They are still working through the backlog of potential compensation to be paid. The company Vestamo is bankrupt, so they can't really pay very much, but Kivamaki has agreed to pay some people, but it's not going to be much. And of course, the. The kind of. The scale of harm is very different depending on who you are as well. So there will be some people. I spoke to one guy who went there twice with his wife to help them with their divorce, and he did. He doesn't feel particularly aggrieved or, you know, he. He's. He's not. He's not feeling too invaded by that. But then you've got people who have been there, going there for years, and they poured their hearts out to the therapist, and now they're absolutely terrified. They look in, if someone looks at them funny in the street, they're worried that that person's read their notes and they know the deepest, darkest secrets. You know, they're kind of. There is a real difference in how it's affected people.

Jack Rhysider

Yeah. So it's. It. I mean, in the court there, they mention how many other crimes this guy has committed and how it just goes back for almost a decade that this guy was a cyber thug. And that's where I think there's just so much more to your book. Right?

Joe Tidy

Yeah. And you mentioned the 30,000 crimes that the court accused him of or convicted him of. But if you go back not that long. Kivamaki has a history of cybercrime. He got convicted of 50, 000 cyber crimes when he was a teenager because of various things he did. Because this, this guy was really brought up in a time when teenage cybercrime gangs were absolutely coming to the fore. They were prolific. There's this period of time in the 2010s where you had this conveyor belt of cyber criminal teenage gangs that were one after the Other, passing the baton, upping the ante. They were worse than each other each time they tried to outdo each other in terms of the kind of things they could do, get away with the kind of criminality and cruelty they could be responsible for. I don't know if you remember any of these, these gangs, but I'll. I'll go through some of them. So LulzSec probably started this whole thing. I don't know if you remember them. 2011, and then after that you had HTP, which Kivamaki was part of and convicted for. He was actually. He was collared when he went to DEFCON in. I think it was 2012, 2013, when he was a teenager. And the police, the FBI, managed to get him in a. In a room, in a hotel room and, and interrogate him for some of the stuff he was doing. And then he was arrested by the Finnish police and spent time in prison. And then eventually, the long, slow way that the justice system works, he was convicted. But of course, in that time he didn't stop and he carried on. And then there were other gangs he was part of, like Lizard Squad and Eugenazi, ISIS gang. All these types of gangs just came and went in this period, causing damage as they. As they did so.

Jack Rhysider

He was convicted of 50,000 cyber crimes in the past. Look. What we've covered in this episode is only the first few chapters of Joe Tidey's book, Control Alt Chaos. You've got to hear what else this guy did, so I encourage you to go get his book and hear the rest of the story. We only covered one of his hacks here, but there are so many more this guy did. And I have a strong feeling that Julius Kivamaki will go down as one of the most notorious hackers in history. And it's really amazing how close Joe was following this whole story, especially in this Bustamo case. Like, Joe was in the courtroom watching all this unfold.

Joe Tidy

Yeah, I was there on the first day that he gave evidence, and it was packed full of. Of journalists from all over Finland and also international journalists as well, because, of course, by this time, this was known as the biggest case in Finland's history. And the Vestamo court case and the Vestamo case itself was just such a big, nasty story. And I went in and it was. It was really interesting because Kivamaki sat there and he had a laptop in front of him and he was answering all his prepared questions from his lawyer, and he was just. Just not even thinking about it. Just kind of like Stroking the mouse keypad on the laptop back and forth, back and forth and smiling while he was talking and cracking little jokes. He seemed really relaxed. And of course, when you look at his history, when you look at the amount of cybercrime that he's carried out, the amount of run ins with the police convictions, that makes sense to me. This is the kind of world that he operates in. He doesn't seem to have much care for anything.

Jack Rhysider

Yeah, yeah, it does seem like that. Just what, what can I do to set the world on fire kind of thing.

Joe Tidy

Yeah, I think it is a bit of that. It's one of the really weird things about this whole case is like I've followed this guy for 10 years since he was a teenager and the people that speak to him and know him, he's not a popular, he's not a popular hacker. He falls out with people all the time. He did some nasty stuff even before armo hack. I would argue that he's probably the most hated hacker in history because he didn't give a damn and doesn't give a damn. And people are confused by him. His what, what his morals are because he, he's got the money. Some people said that he just likes to cause damage and likes to cause chaos and enjoys it.

Jack Rhysider

In April 30, 2024, Julius Kibamaki was sentenced to six years and three months in prison. He's currently sitting in prison right now serving his time. Thank you so much to Joe Tidy for sharing this incredible story with us. You have to hear the rest of the story though, so go get his book. It's called Control Alt Chaos and it releases a this month. I have to take a moment to just thank my premium subscribers. They are the real heroes to me for supporting this show. It really helps keep it going. I love you so much. Thank you. And if you're not already a premium subscriber and you want kisses from me, visit plus.darknetdiaries.com and if you sign up, you'll get an ad free version of the show plus 11 bonus episodes. This episode was created by me, the root canal Jack Resider. Our editor is the drop tables Tristan Ledger mixing done by proximity sound and the intro music is by the mysterious Brakemaster cylinder. Of course I use a password manager. It's. It's called the Dark Web. Have you heard of it? It's got everyone's password on there. You can look up mine or anyone else's. It's real easy. This is Darknet Diaries.