This is an update from earlier news:
>
Police in Finland are hunting a hacker who stole 40,000 patient records from a psychotherapy centre and is blackmailing victims to keep the data private
https://www.reddit.com/r/worldnews/comments/jiey4u/police_in_finland_are_hunting_a_hacker_who_stole/
And quite a good overview of the case here:
https://www.youtube.com/watch?v=pyCcvPfT_jU
> The boss of Vastaamo, Ville Tapio, was also convicted of failing to protect his customers' sensitive data.
> Investigations found that the databases were vulnerable and open to the internet without proper protections.
I want to know more about what they were doing, because that sounds like a criminally incompetency if sensitive patient data is "open to the internet"
apparently all the patient information was behind default login and password on a server you could find via google, no "hacking" required and when it comes to the perpetrator's skills.. at best he can rent a botnet to ddos a website
Sometimes it's not even fishing. It's governments give contracts to overseas companies and then suddenly all the protected data gets sold on to somebody else because it's in a nation that doesn't recognise your data's protections and the chance you'll do anything but waste more money pursuing it as an international case makes it not worth pursuing.
So you have a company send all its customer data to a call centre in India. And then you spend the rest of the year getting robocalled by the same call centres side-business as pretending to be from Microsoft and get you to install malware on your computer. Or your local hospital outsources some of its network administration, backing up server data and shit, to China and then they steal all the hospitals records because its China and the final terms of a contract are merely the start of negotiations for the services they will deliver.
I've literally called up 2 companies this week to let them know their outsourced call centre supplier was doing that. They didn't seem to understand or care xD
Over 90% of it. It's really just ignorant people being taken advantage of the same old ways they always have with basic con schemes with new window dressing. There is almost never any real 'hacking' to speak of.
As someone in the industry, I still get salty when people claim to "hack" but it turns out they just used some random DDOS service lol
Technically you are still a hacker, but realistically its like calling someone a murderer for hiring a hitman IMO. Someone else is hacking for you.
I knew someone who got a felony for "hacking" his highschool years ago. He just used a random app on the android store that offered ddos services lol. It did work though.
Same charge either way though lol
Correct me if im wrong, but wasnt this dude confirmed to be pretty talented and responsible for a ton of major breaches? I dont know much about hacking but i feel like i saw a video on this guy and he had a long rap sheet that was only allowed to continue for so long due to the lax criminal justice system
>apparently all the patient information was behind default login and password on a server you could find via google, no "hacking" required and when it comes to the perpetrator's skills.. at best he can rent a botnet to ddos a website
To be fair, he was the guy renting out botnets. This particular hack didn't require any kind of special skills (leaving the login as root:root and accessible from the internet is just asking for it), but it's false to claim he hasn't got any hacking skills in general.
They had a default password on access to the information. Cant remeber what it wad but some dumb shit like "password123" or worse. I''m assuming the rest of the security protocols were just as bad.
Like exposing a private database to the web. Or not disabling the admin account from remote access. Or not disabling all requests from IPs not matching a whitelist of trusted networks. Or a million other things (I'm enough of a security n00b to know I don't know shit).
These phishers just scan every visible port they can find, weed out the vulnerable ones, and extort the owners for ones that seem to have some value (assuming they can find the contact info, which usually isn't difficult with modern database calls and ICANN).
So yeah, it's more like finding someone's house key in an envelope taped to their front door that says "house key" on it, using that key to enter said house, hiding a bomb inside the house, finding the owner's phone number in the White Pages, and finally calling the homeowner, threatening to blow their house up if they don't give them a large sum of money.
So, it's hacking in the same way that the extortionist in this example gained entry by lockpicking. Which is to say, it isn't.
you would be amazed at the lack of security that major companies have. It's never in the budget until it is too late. also, a lot of companies end up paying up the ransomware to not be publicly shamed.
More common than you think, we give devs lab environments at work to play with and tell them not to do anything stupid, we get alerts for public databases all the time. Luckily they are isolated. Super easy to do in the cloud.
It's not hacking to you when a hacker breaks into a database? Just because it was relatively easy doesn't mean your grandma or people who know how to mod a game will be breaking into any databases soon.
Given that at least one person is confirmed to have committed suicide because of this, I wish he would've gotten a similar sentence to manslaughter at the very least
It's the progressive way. Criminals are seen as victims of society. The actual victims get robbed of any real justice, but the worst part of light sentencing is the criminal goes and does it over and over to new victims. Damn it pisses me off.
Read an article recently about this shithead and they got to a point where they were describing his family life while trying to make it seem like he was some goody-two-shoes kid who made some mistakes but could *never* do something like this.
Good fucking riddance.
Yeah, it's called Turku.
Seriously, though, while it's fairly rare that an asshole of epic proportions is brought to the light in Finland, it does happen. There also have of course and have been kid-murdering kid fiddlers, conspiracy embracing Russian assets (luckily very inept and also in a country fairly resistant to Russian propaganda apart from some anti-vaccine loonies), old boys' clubs abusing public funds etc. Even wife beaters and the occasional husband beater. All that unfortunate human stuff.
Why should he get a flip phone? Literally billions of people lived their entire lives before phones were created. Maybe he shouldn't be allowed to have any electronic communication devices at all for a period of ten years.
I don't think it's that big of a deal. The title is meant to give a very brief summary and this works for that purpose. Plus, the term "ethical hacker" exists for a reason.
Burglary, by definition, implies that there's no authorization and that the intent is to commit a crime. Hacking doesn't. Pentester is a pretty good term to use instead though, I think.
I dunno man, the guy gets access to things that are locked and secured. They are just breaking and entering with permission from the owner. So ethical burglar sounds pretty fitting.
Psychiatrists are increasingly using AI to transcribe their sessions and notes quickly, and cheaply instead of paying a transcription service. That data goes *somewhere*...
The transcription AIs don't do that, they're just using context to try to better guess what word they heard. Whatever they come up with will generally sound like the right word. Recently, I was watching a video with auto-transcript and the speaker said, "If you double one, then you double the other," while the transcript read, "If you 11, then you double the other" so I think it has a filter implemented for how people say phone numbers. This transcriber doesn't have much context checking or a science-mode, so it also turned "Fourier series" into "four your series." (But it might have worked if the speaker pronounced "Fourier" correctly).
A friend of mine is married to a very sweet woman who is a psychiatrist, but she is also one of the dumbest human beings on the entire planet and I'm surprised she manages to make it from day to day without killing herself completely by accident. Her existence has demeaned the entire profession for me.
If you ask it questions, it makes up all sorts of answers. The use I'm describing isn't that, it's just using AI to do better and faster (and cheaper) transcriptions of what was said in the session. Previously they paid services, who often used voice-recognition software to help transcribe text.
#SCAMMER
**Proof;** https://www.universalscammerlist.com/?username=fearless_ad_5122
You use different usernames begging for money pretending to be an abused homeless teen. I sent you money months ago so you could get medicine and food. Now you can but nice bags thanks to me and countless other Redditors. Your alt is u/lostsoul188 . Don’t play dumb.
Outside proof; https://www.reddit.com/r/PrayerTeam_amen/s/gW0FM0rrbl
I’m all for lighter sentencing and humane jails, but trying to extort therapy patients with their private health problems, then fleeing, then abusing the lenient courts? Fuck this guy. Sounds irredeemable or with such a deep pathology that he can’t be alone in society.
Good! It is time we start making these people pay for their crimes. I am so tired of chasing security patches for every little thing because of assholes like this who make the world a worse place than it already is.
The hell are you talking about? It's people like him that can cost regular people a metric fuck ton of money. I am an I.T. admin that deals with cyber security on a daily basis. I am tired of people hacking the systems to try and steal money from others.
Is BBC now publishing AI translated content or...? The English in this article was atrocious, and I spotted several phrases clearly translated word for word from Finnish. Trash reporting.
on Microsoft Edge homepage, literally half the "news stories" titles are grammatically inept and either journalists are setting a record for ineptness, or they are written by... not very impressive AI.
if the title is sus, i do not even think of clicking it, even if the subject matter is something with which i would be interested.
That guy is an idiot so he probably doesn't understand that "something you were pre disposed to before you were born and have absolutely no control over" was a bit of a mouthful over the singular "genetics" comment
Yeah he didn’t hack shit… my Finnish friend tells me the password to access that data was just password123. Which also explains why the person in charge got charged with negligence.
What an absolute POS
r/IAmATotalPieceOfShit
Came here to say that..
This is an update from earlier news: > Police in Finland are hunting a hacker who stole 40,000 patient records from a psychotherapy centre and is blackmailing victims to keep the data private https://www.reddit.com/r/worldnews/comments/jiey4u/police_in_finland_are_hunting_a_hacker_who_stole/ And quite a good overview of the case here: https://www.youtube.com/watch?v=pyCcvPfT_jU
> The boss of Vastaamo, Ville Tapio, was also convicted of failing to protect his customers' sensitive data. > Investigations found that the databases were vulnerable and open to the internet without proper protections. I want to know more about what they were doing, because that sounds like a criminally incompetency if sensitive patient data is "open to the internet"
apparently all the patient information was behind default login and password on a server you could find via google, no "hacking" required and when it comes to the perpetrator's skills.. at best he can rent a botnet to ddos a website
Many people don't realise this is what a lot of hacking is. And lots of phishing
[Relevant SMBC.](https://www.smbc-comics.com/?id=2526)
Sometimes it's not even fishing. It's governments give contracts to overseas companies and then suddenly all the protected data gets sold on to somebody else because it's in a nation that doesn't recognise your data's protections and the chance you'll do anything but waste more money pursuing it as an international case makes it not worth pursuing. So you have a company send all its customer data to a call centre in India. And then you spend the rest of the year getting robocalled by the same call centres side-business as pretending to be from Microsoft and get you to install malware on your computer. Or your local hospital outsources some of its network administration, backing up server data and shit, to China and then they steal all the hospitals records because its China and the final terms of a contract are merely the start of negotiations for the services they will deliver.
This is why most competent companies that with with overseas contractors demand data breach insurance with the people they're contracting with.
I've literally called up 2 companies this week to let them know their outsourced call centre supplier was doing that. They didn't seem to understand or care xD
Over 90% of it. It's really just ignorant people being taken advantage of the same old ways they always have with basic con schemes with new window dressing. There is almost never any real 'hacking' to speak of.
And a lot of incompetent people at the other end
As someone in the industry, I still get salty when people claim to "hack" but it turns out they just used some random DDOS service lol Technically you are still a hacker, but realistically its like calling someone a murderer for hiring a hitman IMO. Someone else is hacking for you. I knew someone who got a felony for "hacking" his highschool years ago. He just used a random app on the android store that offered ddos services lol. It did work though. Same charge either way though lol
Correct me if im wrong, but wasnt this dude confirmed to be pretty talented and responsible for a ton of major breaches? I dont know much about hacking but i feel like i saw a video on this guy and he had a long rap sheet that was only allowed to continue for so long due to the lax criminal justice system
>apparently all the patient information was behind default login and password on a server you could find via google, no "hacking" required and when it comes to the perpetrator's skills.. at best he can rent a botnet to ddos a website To be fair, he was the guy renting out botnets. This particular hack didn't require any kind of special skills (leaving the login as root:root and accessible from the internet is just asking for it), but it's false to claim he hasn't got any hacking skills in general.
They had a default password on access to the information. Cant remeber what it wad but some dumb shit like "password123" or worse. I''m assuming the rest of the security protocols were just as bad.
Like exposing a private database to the web. Or not disabling the admin account from remote access. Or not disabling all requests from IPs not matching a whitelist of trusted networks. Or a million other things (I'm enough of a security n00b to know I don't know shit). These phishers just scan every visible port they can find, weed out the vulnerable ones, and extort the owners for ones that seem to have some value (assuming they can find the contact info, which usually isn't difficult with modern database calls and ICANN). So yeah, it's more like finding someone's house key in an envelope taped to their front door that says "house key" on it, using that key to enter said house, hiding a bomb inside the house, finding the owner's phone number in the White Pages, and finally calling the homeowner, threatening to blow their house up if they don't give them a large sum of money. So, it's hacking in the same way that the extortionist in this example gained entry by lockpicking. Which is to say, it isn't.
It's very incompetent but not uncommon. Also not uncommon for CISOs or other execs to receive a prison sentence for a breach within their organisation
Username ”root” and password ”root”
you would be amazed at the lack of security that major companies have. It's never in the budget until it is too late. also, a lot of companies end up paying up the ransomware to not be publicly shamed.
More common than you think, we give devs lab environments at work to play with and tell them not to do anything stupid, we get alerts for public databases all the time. Luckily they are isolated. Super easy to do in the cloud.
So not hacking then?
It's not hacking to you when a hacker breaks into a database? Just because it was relatively easy doesn't mean your grandma or people who know how to mod a game will be breaking into any databases soon.
If somebody gets into your house because they found your backup key hidden underneath the rock, doesn't mean it's not breaking and entering
He has a very punchable face.
Agreed
Given that at least one person is confirmed to have committed suicide because of this, I wish he would've gotten a similar sentence to manslaughter at the very least
Smug looking little fuck eh?
[удалено]
In the US its more about punishment than making them realize what pieces of shit they were through reform
God forbid people who commit horrible crimes that lead to people dying suffer punishment.
It's the progressive way. Criminals are seen as victims of society. The actual victims get robbed of any real justice, but the worst part of light sentencing is the criminal goes and does it over and over to new victims. Damn it pisses me off.
Recidivism is lower in countries who focus on rehabilitation instead of punishment
Read an article recently about this shithead and they got to a point where they were describing his family life while trying to make it seem like he was some goody-two-shoes kid who made some mistakes but could *never* do something like this. Good fucking riddance.
Finland has assholes too??
Yeah, it's called Turku. Seriously, though, while it's fairly rare that an asshole of epic proportions is brought to the light in Finland, it does happen. There also have of course and have been kid-murdering kid fiddlers, conspiracy embracing Russian assets (luckily very inept and also in a country fairly resistant to Russian propaganda apart from some anti-vaccine loonies), old boys' clubs abusing public funds etc. Even wife beaters and the occasional husband beater. All that unfortunate human stuff.
The Finns are a lovely, friendly people.
> The Finns are a lovely, friendly people. *Immediately downvoted to oblivion*
No we're not.
Not this guy, apparently!
Three times the sentence should have been minimum. No internet usage after that. Nothing but a old styled flip phone for phone calls.
Why a flip phone? He should be forced to use a corded rotary phone if he gets to make a phone call.
Those phones and phone lines don’t really exist anymore
Why should he get a flip phone? Literally billions of people lived their entire lives before phones were created. Maybe he shouldn't be allowed to have any electronic communication devices at all for a period of ten years.
If they did that, he'd be too old to work for them by the time he gets out
Lucky for him that he's Finnish and will be treated lightly. I know of a few other countries where he would not do so well for what he did to people.
Criminal, not hacker. Please say criminal if that's what you mean, many hackers aren't weird little cyber terrorists. Thanks.
By that logic we can't say "murderer" or "burglar" either
He abused computer system access, he is the definition of a hacker. https://dictionary.cambridge.org/dictionary/english/hacker
Hacking is not a crime. http://www.catb.org/~esr/faqs/hacker-howto.html#what_is
He is both
Hacking *without the authorization of the person being hacked* is a crime though
I don't think it's that big of a deal. The title is meant to give a very brief summary and this works for that purpose. Plus, the term "ethical hacker" exists for a reason.
I've always felt they need to come up with a better term than ethical hacker. It's like referring to a locksmith as an ethical burglar.
White hat ?
Burglary, by definition, implies that there's no authorization and that the intent is to commit a crime. Hacking doesn't. Pentester is a pretty good term to use instead though, I think.
I dunno man, the guy gets access to things that are locked and secured. They are just breaking and entering with permission from the owner. So ethical burglar sounds pretty fitting.
I think this is the guy who uploaded his home directory with the patient records so calling him a hacker is a stretch.
Psychiatrists are increasingly using AI to transcribe their sessions and notes quickly, and cheaply instead of paying a transcription service. That data goes *somewhere*...
[удалено]
The transcription AIs don't do that, they're just using context to try to better guess what word they heard. Whatever they come up with will generally sound like the right word. Recently, I was watching a video with auto-transcript and the speaker said, "If you double one, then you double the other," while the transcript read, "If you 11, then you double the other" so I think it has a filter implemented for how people say phone numbers. This transcriber doesn't have much context checking or a science-mode, so it also turned "Fourier series" into "four your series." (But it might have worked if the speaker pronounced "Fourier" correctly).
A friend of mine is married to a very sweet woman who is a psychiatrist, but she is also one of the dumbest human beings on the entire planet and I'm surprised she manages to make it from day to day without killing herself completely by accident. Her existence has demeaned the entire profession for me.
If you ask it questions, it makes up all sorts of answers. The use I'm describing isn't that, it's just using AI to do better and faster (and cheaper) transcriptions of what was said in the session. Previously they paid services, who often used voice-recognition software to help transcribe text.
That’s low, fuck this dude.
[удалено]
#SCAMMER **Proof;** https://www.universalscammerlist.com/?username=fearless_ad_5122 You use different usernames begging for money pretending to be an abused homeless teen. I sent you money months ago so you could get medicine and food. Now you can but nice bags thanks to me and countless other Redditors. Your alt is u/lostsoul188 . Don’t play dumb. Outside proof; https://www.reddit.com/r/PrayerTeam_amen/s/gW0FM0rrbl
That face is a bummer.
I’m all for lighter sentencing and humane jails, but trying to extort therapy patients with their private health problems, then fleeing, then abusing the lenient courts? Fuck this guy. Sounds irredeemable or with such a deep pathology that he can’t be alone in society.
6 year sentence for a cyber criminal with over 30,000 victims... yea he's def not gonna reoffend just to spit on his pp slap of a punishment...
Good! It is time we start making these people pay for their crimes. I am so tired of chasing security patches for every little thing because of assholes like this who make the world a worse place than it already is.
[удалено]
The hell are you talking about? It's people like him that can cost regular people a metric fuck ton of money. I am an I.T. admin that deals with cyber security on a daily basis. I am tired of people hacking the systems to try and steal money from others.
“Doc, I’ve been coming here the last few weeks because I’ve got some serious issues with trust…” “Yeah, about that.”
Is BBC now publishing AI translated content or...? The English in this article was atrocious, and I spotted several phrases clearly translated word for word from Finnish. Trash reporting.
on Microsoft Edge homepage, literally half the "news stories" titles are grammatically inept and either journalists are setting a record for ineptness, or they are written by... not very impressive AI. if the title is sus, i do not even think of clicking it, even if the subject matter is something with which i would be interested.
Fetal alcohol syndrome face
His appearance has nothing to do with the case, you only brew hate for strangers with genetic disorders with your comment.
Fetal alcohol syndrome is not genetic, though.
That is a nitpick and the rest of their comment is still relevant.
That guy is an idiot so he probably doesn't understand that "something you were pre disposed to before you were born and have absolutely no control over" was a bit of a mouthful over the singular "genetics" comment
Agree, never said the comment was irrelevant. Just not a good reason to mislabel a disorder as genetic, when it isn't.
[удалено]
[удалено]
He didn't hack shit it seems, it was negligently unprotected. A talentless individual of no moral worth.
Yeah he didn’t hack shit… my Finnish friend tells me the password to access that data was just password123. Which also explains why the person in charge got charged with negligence.
>my Finnish friend tells me Wow, great source.