Finland – Prolific Hacker Arrested & Sentenced

Uploaded on 2015-07-25 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Julius Kivimaki, a 17-year-old from Finland, has been found guilty of 50.700 “instances of aggravated computer break-ins”, which affected Harvard University, MIT and a host of companies. Given a two-year suspended prison sentence, his PC was confiscated and he was ordered to handover €6.588 worth of property obtained through his crimes.

Exploited vulnerabilities in software program

When he carried out his crimes throughout 2012 and 2013, Kivimaki exploited vulnerabilities in software called ColdFusion to hijack emails, block traffic to websites and steal credit card details.
He was able to install backdoors into tens of thousands of computers, which allowed him to retrieve information stored on them, adding malware to 1.400 servers. This led him to create a botnet, which he used to carry out denial-of-service (DoS) attacks on news websites like ZDNet and the chat tool Canternet.
Kivimaki was also accused of helping to steal seven gigabytes of data from the Massachusetts Institute of Technology, costing them $213.000 (€192.718).
He also used this method to access accounts belonging to MongoHQ, a Californian website database provider, which allowed him to search billing and payment card information belonging to its clients and subsequently steal credit card information.
To think that a teenager, 15 and 16 at the time, could so thoroughly compromise so many companies is worrying.

Are your systems child proof ?

This is not the first time young hackers (ethical and criminal) have been in the news. Seven-year-old Betsy Davies managed to hack a laptop via an open Wi-Fi network in just over ten minutes, having learned how to set up a rogue access point and eavesdrop on traffic in an online tutorial.
Marcus Dempsey, the ethical hacker who oversaw the demonstration, said: “The results of this experiment are worrying but not entirely surprising. I know just how easily a layman can gain access to a stranger’s device, and in an age where children are often more tech-literate than adults, hacking can literally be child’s play”.

Strengthen your cyber security practices

Businesses throughout Europe are being actively encouraged to strengthen their cyber security now and not wait until the GDPR is in place.
“Hackers won’t wait,” says founder and executive chairman of IT Governance Alan Calder. “If they see a vulnerability in your organisation, they will act on it. Businesses across Europe need to get their systems up to date with the most comprehensive information security management system standard in the world – ISO 27001.
“Implemented by thousands of businesses worldwide, the requirements found in this standard provide a holistic approach to information security, covering people, processes and technology.”
Organisations that have an ISO 27001-compliant information security management system (ISMS) will also have a solid framework for supporting adherence to the GDPR when it does come into effect.

ISO 27001 solutions

European organisations can now implement the Standard and achieve ISO 27001 certification for as little as €530 with our ISO 27001 packaged solutions, full of standards, books, toolkits, software, training and online consultancy.

IT Governanance: http://bit.ly/1IqQBdM

 

 

« Public-Private Partnerships in the Cyber Domain
Hacking Team's Malware Uses a UEFI Rootkit »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

ForgeRock

ForgeRock

ForgeRock, the leader in digital identity, delivers comprehensive Identity and Access Management solutions for consumers, employees and things to simply and safely access the connected world.

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

CYSEC NG

CYSEC NG

Cyber Security Challenge Nigeria Initiative (CYSEC NG) is the first, and largest offensive premier Cyber Conference and Hacking event in Africa.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

KrCERT/CC

KrCERT/CC

KrCERT/CC is the National Computer Emergency Response Team in Korea.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

Securafy

Securafy

At Securafy, we understand how important it is to have the right IT partner by your side. For over 30 years, we’ve helped businesses stay secure, connected, and compliant.