nito - Fotolia

Finnish hacker teen dodges jail for 50,000 cyber attacks

The leniency of a two-year suspended sentence for 17-year-old Finnish hacker Julius Kivimaki for 50,000 intrusions raises concerns

A teenager has reportedly dodged jail despite a Finnish court finding him guilty of 50,700 instances of aggravated computer intrusions.

Instead the court handed down a two-year suspended sentence to the 17-year-old Julius Kivimaki, also known online as Zeekill, who has been linked to the hacktivist group Lizard Squad.

Judge Wilhelm Norrmann ordered that Kivimaki’s computer be confiscated and he hand over €6,588 worth of good obtained through his crimes – but said the sentence took his age into account.

Judge Norrmann said Kivimaki carried out the crimes in 2012 and 2013 when he was just 15 and 16.

The sentence took into account Kivimaki’s capacity to understand the harmfulness of the crimes when they were committed, and the fact that he had been imprisoned for about a month during the pre-trial investigation, the court said.

But Europol consultant, cyber security expert and visiting professor at Surrey University Alan Woodward expressed concern about the light sentence.

"Whilst I'm sure the courts considered all the circumstances surrounding the conviction and the sentence that was warranted, there is a question as to whether such sentences will act as a deterrent to other hackers," he told the BBC.

Woodward said that, while it is not necessarily the place of the courts to factor in deterrence in their sentences, the light sentence for Kivimaki could encourage other youngsters to commit cyber crime.

Julius Kivimaki's cyber crimes

According to court documents, Kivimaki’s crimes involved hijacking emails, blocking traffic to websites and stealing credit card data.

Kivimaki exploited vulnerabilities in Adobe’s ColdFusion application server software to access data, and was accused of installing malware on around 1,400 servers.

Prosecutors said the malware enabled Kivimaki to set up a botnet of hijacked servers. He used this to carry out denial of service (DoS) attacks to block access to targeted websites, including news site ZDNet and chat service Canternet.  

Prosecutors said Kivimaki helped steal seven gigabytes of data from the email system used by the Massachusetts Institute of Technology (MIT).

The company that provided MIT's email service, Educause, said Kivimaki’s actions had cost more than $213,000.

Kivimaki is believed to have stolen credentials to access IT systems at Californian website database provider MongoHQ, which enabled him to access clients’ payment card information and make 21 online purchases using the data.

Kivimaki was also accused of involvement in a money laundering scheme using the virtual currency Bitcoin. His activities were halted when he was arrested in September 2013.

Although Kivimaki had been linked to hacker group Lizard Squad, the BBC reports that court papers made no mention of his role in the group.

Read more on Hackers and cybercrime prevention