Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime

Cyber Criminal Jailed For Blackmailing Therapy Patients (bbc.com) 16

One of Europe's most wanted cyber criminals has been jailed for attempting to blackmail 33,000 people whose confidential therapy notes he stole. From a report: Julius Kivimaki obtained them after breaking into the databases of Finland's largest psychotherapy company, Vastaamo. After his attempt to extort the company failed, he emailed patients directly, threatening to reveal what they had told their therapists. At least one suicide has been linked to the case, which has shocked the country.

Kivimaki has been sentenced to six years and three months in prison. In terms of the number of victims, his trial was the biggest criminal case in Finnish history. One of them gave their reaction to the BBC. "The main thing is that this absolutely empathy-lacking, ruthless criminal gets a prison sentence," said Tiina Parrika. "After this there rise thoughts about how short the conviction is, when reflected against the number of victims," she added. "But, that's the Finnish law and I must accept that."

This discussion has been archived. No new comments can be posted.

Cyber Criminal Jailed For Blackmailing Therapy Patients

Comments Filter:
  • by Murdoch5 ( 1563847 ) on Tuesday April 30, 2024 @11:49AM (#64436034) Homepage
    How exactly did he access the DB? The issue is more on the side of the DB lacking security, then him “stealing” the information. Since the DB lacked proper security, the party at fault is the company who offered the DB, and or, the company who used it. It's worth asking why the data wasn't meaningfully encrypted, that would have mitigated the entire mess.

    Lock this guy up for being a cyber criminal, but don't let him take all the blame, lacking proper and decent cybersecurity, places a lot of the blame onto the company who used the DB and stored the information.

    Did the cybersecurity legislation get updated following this case? If it didn't, then you know the government never cared, and sides with the exploitation of its people.
    • I sort of agree. There are two completely separate types of blame to assign. This jackass is 100% culpable for being a piece of shit criminal and doing what he did, There should be no allowances for how hard it was to do. The company is 100% culpable for either not handling security well, or not paying somebody to handle it well.

      There's no Venn diagram here. Two separate circles.

      • Right, so putting dipshit hacker in jail only solves one part of the problem, in my mind, the lesser of the two. I like to take the stance that my data will get stolen, so it's better to protect it once that happens. That doesn't mitigate the work leading up to preventing the theft, but it does mean you need to encrypt your data.

        Years ago, I had to get a DoD contractor to certify a product was safe. We gave them the software / hardware, and I included a USB key, which had a copy of the data. The data
      • Well, to me, a larger problem is....the digitization of medical records.

        This stuff, will never be 100% safe from external enemies, nor people with casual access being nosey and potentially getting into your business.

        That's bad enough for medical....sure it could happen in paper record days, but it was a bit more difficult in many areas that you had to gain physical access to the facility, access to the storage area, looking around with people working around there with you, etc.

        None of this was from the s

        • If you're only ever going to see a psych professional once, then sure... ask that they don't write anything down. But then I'd suggest finding a bartender rather than a shrink. Otherwise they absolutely need a paper trail. If they have the luxury of treating only one patient, they might be able to keep a mental structure in place. But mostly they need the notes.

    • by gweihir ( 88907 )

      Well, clearly this person is a no-empathy psycho and should be locked up in a closed mental institution for life. That said, I agree with you. Half, possibly more, of the blame lies with the greedy and incompetent cretins that did not secure this data adequately. If he gets 6 years, they should at the very least get a year each as well. And the company should be put under tight supervision for a few years. If it cannot read an adequate security level within a year or so, it should be closed down.

      • The company already folded, the owner got 3 months on prison IIRC. There's no point on keeping the company under supervision, the market closed all doors for them, nobody trusted them anymore.

        I understand that the company should have worked better to protect their data, but they are more a victim here than a culprit. Calling both the company and the scumbag that hacked them the same is an injustice, it's like calling a ransomware victim a culprit because they didn't secured their systems. They were negli
        • by gweihir ( 88907 )

          I understand that the company should have worked better to protect their data, but they are more a victim here than a culprit.

          No. They are not. They clearly are perpetrators.

  • That must be what the hacker saw when they looked at the company name.

  • by Fnord666 ( 889225 ) on Tuesday April 30, 2024 @12:18PM (#64436132) Journal
    Maybe extorting people with psychopathic behaviors isnâ(TM)t the smartest idea.
    • Maybe extorting people with psychopathic behaviors isnâ(TM)t the smartest idea.

      There's a thriller movie plot in there somewhere.

  • His deliberate, illegal and immoral act directly lead to someone's death. IANAL, but that sounds like manslaughter.

If you didn't have to work so hard, you'd have more time to be depressed.

Working...