Hacker jailed for blackmailing therapy patients

Joe Tidy - Cyber correspondent
·3 min read
17
Julius Kivimaki hacker wanted poster
[Europol]

One of Europe's most wanted cyber criminals has been jailed for attempting to blackmail 33,000 people whose confidential therapy notes he stole.

Julius Kivimäki obtained them after breaking into the databases of Finland's largest psychotherapy company, Vastaamo.

After his attempt to extort the company failed, he emailed patients directly, threatening to reveal what they had told their therapists.

At least one suicide has been linked to the case, which has shocked the country.

Kivimäki has been sentenced to six years and three months in prison.

In terms of the number of victims, his trial was the biggest criminal case in Finnish history.

One of them gave their reaction to the BBC.

"The main thing is that this absolutely empathy-lacking, ruthless criminal gets a prison sentence", said Tiina Parikka.

"After this there rise thoughts about how short the conviction is, when reflected against the number of victims", she added.

"But, that's the Finnish law and I must accept that."

The 26-year-old had maintained his innocence - despite going on the run and being arrested in Paris under a fake identity.

During the trial, he also went missing for more than a week after refusing to be recalled back to prison by the court.

The judges found him guilty of all counts, describing his blackmail as "ruthlessly taking advantage of another person's special weakness."

"Taking into account Vastaamo's position as a company producing mental health services, Kivimäki has caused great suffering or the risk of it to the interested parties," the verdict document said.

Julius Kivimaki in court
Kivimaki's trial was the largest criminal trial in Finnish history [Joe Tidy]

The verdict brings to an end a cyber crime spree that started when he was just 13 years old.

Kivimäki, known online as Zeekill, was a key member of multiple teenage cyber gangs which caused chaos between 2009-2015.

He was arrested in 2013, at the age of 15, and given a juvenile non-custodial two-year suspended sentence.

At the time, cyber experts were worried his punishment would fail to deter him - and he was quickly linked to many more hacks carried out with teen gangs before disappearing for years.

His name was quickly linked to the Vastaamo hack of 2020 after experts pointed to Kivimäki traits in the attack.

He demanded a 400,000 Euro (£340,000) ransom from the company.

When it refused, he emailed thousands of patients asking for 200 Euros and threatening to publish their notes and personal details on the darknet which he did anyway in full.

But it was a mistake that the hacker made himself that led police to a treasure trove of information found on a server that Kivimäki owned.

Unprecedented digital forensics and cryptocurrency tracking also helped secure the conviction.

Tiina Parikka
The hack turned Tiina Parikka's life upside down [BBC]

Tiina Parikka recalls receiving the email from him saying that he had her therapy notes.

She told the BBC it caused her to relapse into mental health problems that the therapy had initially helped her overcome.

“So many people were affected by this in so many ways," she said.

The boss of Vastaamo, Ville Tapio, was also convicted of failing to protect his customers' sensitive data.

Investigations found that the databases were vulnerable and open to the internet without proper protections.

He was given a suspended three-month prison sentence last year.

The company which was once a highly regarded and successful business in Finland collapsed after the hack.

Despite the conviction, the Vastaamo case is not over as civil court cases are now likely to begin in an attempt to get some of the victims compensation for the hack.