nito - Fotolia
A teenager has reportedly dodged jail despite a Finnish court finding him guilty of 50,700 instances of aggravated computer intrusions.
Judge Wilhelm Norrmann ordered that Kivimaki’s computer be confiscated and he hand over €6,588 worth of good obtained through his crimes – but said the sentence took his age into account.
Judge Norrmann said Kivimaki carried out the crimes in 2012 and 2013 when he was just 15 and 16.
The sentence took into account Kivimaki’s capacity to understand the harmfulness of the crimes when they were committed, and the fact that he had been imprisoned for about a month during the pre-trial investigation, the court said.
But Europol consultant, cyber security expert and visiting professor at Surrey University Alan Woodward expressed concern about the light sentence.
"Whilst I'm sure the courts considered all the circumstances surrounding the conviction and the sentence that was warranted, there is a question as to whether such sentences will act as a deterrent to other hackers," he told the BBC.
Woodward said that, while it is not necessarily the place of the courts to factor in deterrence in their sentences, the light sentence for Kivimaki could encourage other youngsters to commit cyber crime.
Julius Kivimaki's cyber crimes
According to court documents, Kivimaki’s crimes involved hijacking emails, blocking traffic to websites and stealing credit card data.
Kivimaki exploited vulnerabilities in Adobe’s ColdFusion application server software to access data, and was accused of installing malware on around 1,400 servers.
Prosecutors said the malware enabled Kivimaki to set up a botnet of hijacked servers. He used this to carry out denial of service (DoS) attacks to block access to targeted websites, including news site ZDNet and chat service Canternet.
Prosecutors said Kivimaki helped steal seven gigabytes of data from the email system used by the Massachusetts Institute of Technology (MIT).
Read more about cyber crime
- A cyber espionage group has targeted high-profile technology, internet, commodities and pharmaceutical companies in the US, Europe and Canada, reports Symantec.
- Fraudulent online purchases of airline tickets using stolen credit card data is the fastest growing type of fraud, resulting in estimated losses of €1bn to the airline industry.
- While 96% of UK firms have been hacked, 9.1% have not acted to protect themselves from hacking, a survey has revealed.
The company that provided MIT's email service, Educause, said Kivimaki’s actions had cost more than $213,000.
Kivimaki is believed to have stolen credentials to access IT systems at Californian website database provider MongoHQ, which enabled him to access clients’ payment card information and make 21 online purchases using the data.
Kivimaki was also accused of involvement in a money laundering scheme using the virtual currency Bitcoin. His activities were halted when he was arrested in September 2013.
Although Kivimaki had been linked to hacker group Lizard Squad, the BBC reports that court papers made no mention of his role in the group.