Julius Kivimaki, a 17-year-old teenager, has been found guilty of 50,700 instances of computer hacks in Finland. The teen was also known as "
Lizard Squad claimed notoriety back in 2014 for offering DDOS (Distributed Denial of Service) services for just $6 per month, although their website and twitter account now appear to have been shut down.
Despite the comprehensive nature of the attacks Julius has not been jailed, but instead sentenced by the District Court of Espoo to a two-year suspended prison sentence. Also, the teen had his computer confiscated and was ordered to hand over €6,588 ($7,300) worth of property determined to be have been obtained directly from his crimes.
The judge appears to have taken into account the age of Julius who was only 15 \ 16 at the time of the crimes back in 2012 and 2013:
[The verdict] took into account the young age of the defendant at the time, his capacity to understand the harmfulness of the crimes, and the fact that he had been imprisoned for about a month during the pretrial investigation.
Some concerns have been raised about the leniency of the sentence, and whether it would act sufficiently as a deterrent for other people to carry out similar crimes.
The teen was linked to the hacking group Lizard Squad, which later claimed responsibility for the PSN and Xbox Live Christmas downtime. This was their response to the verdict:
Zeekill got a suspended sentence for 2 years. 0 time spent in prison.
And referencing possible charges in the US:
And no zeekill will not be extradited. Finnish citizens have the right to refuse extradition regardless of any treaty.
Adobe's ColdFusion Vulnerability
Many of the attacks were a result of a vulnerability in Adobe's ColdFusion software. Julius was able to install "backdoors" into many thousands of computers, allowing personal and confidential information to be retrieved from them.
Also, it was reported that Julius had installed software onto about 1,400 of the computers to turn them into a botnet, allowing him to launch DDOS attack. DDOS works by bombarding the targeted server with requests causing it to become overwhelmed until it becomes unresponsive.
Other attacks included:
- Attacks on ZDNet & chat tool
Canternet— Chat logs were found on the teen's PC that indicated he used the botnet to attack these websites.
Attackon Massachusetts Institute of Technology (MIT) email system — The teen apparently set up a website on a server run by Harvard University and redirected all MIT internet traffic through it, where it could be examined. Educause, the provider of MIT's email system, incurred more than $213,000 in costs dealing with the attack.
- MongoHQ — The teen was also accused of obtaining login details to the Californian database provider and retrieving payment card and other billing information. This was then used to make online purchases (including Champagne and shop vouchers) on at least 21 occasions, and it was noted that the information was also passed on to third parties.
- Money Laundering — By using the Virtual Currency Bitcoin proceeds of crime were then laundered. The teen apparently used this to fund a trip to Mexico.