19 comments

[ 3.4 ms ] story [ 45.6 ms ] thread
It's strange that they somewhat smear IRC, but don't bother to explain what Hacker News even is.

Also, the ida of the photographer going to shoot the cybercrime experts or the victims preparing by bringing the colored lights amuses me. Sitting by three computers with a wall rack of keyboards doesn't make someone look enough like a hacker, they need Mt Dew green lighting too.

> Smedley had announced online that he’d gotten identity theft protection from the company Lifelock Inc. Kivimäki responded by calling Lifelock, saying he was Smedley. In audio of the call submitted at trial, the customer service representative asks Kivimäki a series of security questions, all of which he gets wrong. Nonetheless, by the end of the conversation, he has been allowed to create a new password for the account, enabling him to log in and find, among other things, Smedley’s banking details.
And of course, he fit right in around here…
Depends what you mean: wrt. Vastaamo, if he had simply contacted the company and not crossed over into extortion, he was doing something potentially white/grey-hat hacker by exposing they had almost zero data security and were violating GDPR, SarbOx and presumably a truckload of related Finnish and EU laws.
...because given how nonexistent Vastaamo's security was, it was only a matter of time that they would ultimately have gotten compromised or ransomwared, if not by Kivimäki then by someone else. So whether Kivimäki ever existed or not, doesn't change the inevitable outcome. And Vastaamo's CEO went to jail for GDPR violations. There's also the unexplained mystery of why Keskinen (the DPO) and Lind had no sysadmin password and no firewalls, even after they had been criminally investigated for a previous incident. Also, the Finnish DPA wasn't exactly proactive about checks, either.

(To be clear, Kivimäki was a scumbag.)

So, there's lots of responsibility to go around.

Anyone have a non paywalled link?
What an asshole.

I mean, the article describes a guy who isn't just an asshole on occasion, it describes a man who has devoted over a decade of his life to acts of assholery grand and petty.

Such a damn waste. If you're going to put your freedom at risk using niche skills, at least have a pro-social goal

Going to tag physical objects -> make it real art with humor and social commentary.

Offensive hacking -> exfil shite to keep newspapers busy for decades but try not to get caught with lazy opsec.

Prison seems almost be a "crime school" reward. Sigh.

(comment deleted)
> the dump had included the innermost secrets of tens of thousands of people, desires and deeds and memories that in many cases they’d only ever confessed to their therapists

How is that all necessary to persist at all?

Because it's worth something

That's the danger of having a dedicated institution for people giving that kind of sensitive information

Because your therapist doesn't have a perfect memory and has dozens of patients. They rely on notes to remind them of what you've discussed in the past.
Those notes don't need to be persisted in any central database though. And while they are stored temporarily they do not ever need to be decryptable by anyone except that one therapist (by way of physical token or biometrics or, you know, paper locked in a drawer)

I really hope this practice is not mandated by the government... if it is then my view of Finland is going to change a lot

(comment deleted)
(comment deleted)