It’s been a while since script kiddie extraordinaire Julius Kivimaki (zee/zeekill/RyanC) got so thoroughly 0wned. The “super dooper hax0r” committed rookie infosec mistakes and a close friend popped his # cherry. Lots and lots of evidence of lots and lots of illegal things were revealed and released. You should totally check that out.
Since then, he was (finally!) taken in by the Finnish police, who sent him to a European prison. You know, the kind that has better accommodations than most U.S. college dorm rooms. Anyway, Julius couldn’t handle his all expenses paid getaway, so he misbehaved. He misbehaved so badly that they had to send him to a more restrictive facility, but that facility was full. Do you know what the Finns do when they don’t have a place to put a misbehaving prisoner? They sent him home, on the promise that he’d stay off the Internet. He didn’t stay off the Internet.
He’s been popping in and out of the Finnish criminal “justice” system ever since, the FBI twiddling their thumbs all the while. But that’s not why we’re here. Something a tad more interesting happened last night…
A group of happy ninjas were not-so-happy with Julius and his skiddie ways, so they went ahead and popped his # cherry (again), imaged the drive (again), and released a few private things (again)! Most of the private and fun things are to be released at http://ownedand.exposed/, and are currently visible at Julius’ domain, which was also compromised. Not so fun going the other direction, huh?
tl;dr: Releases will happen at ownedand.exposed, not here. So far, his /etc/shadow has been posted.
A Dangerous Finding
Update: Malcom, the co-conspirator identified in the logs below, approached me and demanded removal of his name from this article, and made thinly veiled threats when I didn’t give in. Out of firm regard for journalistic integrity, the logs are staying up!
One thing, however, that I found particularly interesting, is a chatlog showing that Julius and GNAA’s Malcom are planning to manufacture and sell Opticom emitter devices. These devices are used by first responders in emergency vehicles to override traffic control devices and change stoplights to allow them to pass through. Obviously, if these devices were to be manufactured and sold to persons unauthorized to use them, it would most definitely be a massive public safety problem. The chat log:
19:12 <malcom> we can make a fortune selling diy opticom devices
19:12 <ryan> that sounds
19:12 <ryan> p interesting
19:12 <malcom> opticom is a system is north america
19:12 <malcom> where emergency services can tell lights to change faster
19:13 <malcom> a few yrs ago all you needed to do is flash a 10-14Hz infrared signal
19:13 <ryan> o god
19:13 <ryan> ill fund this
19:13 <malcom> but now it’s interleaved w/ encoded vin data n shit
19:13 <malcom> need customer acct @ gtt
19:13 <malcom> to look @ d
After this chat log, Julius ran sqlmap against the website for Global Traffic Technologies, the makers of Opticom. sqlmap is a program that allows script kiddies like Julius and Malcom to find potential weaknesses in the SQL databases that power most dynamic websites. Thus, his use of sqlmap was malicious in nature, and shows intent for him and Malcom to penetrate a protected system. More evidence was found on the box, may be released at ownedand.exposed, but was not cleared for release here.
As I said, this has the potential to be a very big public safety problem. Just one of these devices could cause massive traffic backups, inhibit actual emergency vehicles from moving through said backups, and cause countless car crashes, injuries, and death. Mr. Kivimaki has already placed enough human lives in danger by sending armed SWAT teams to helpless, unsuspecting victims, but this conspiracy can place hundreds if not thousands of lives at risk. It’s very important that the public acts quickly to see that Julius and Malcom be brought to swift justice.
It’s Time for Action.
I’m not going to ask you to don a Guy Fawkes mask and rally in the streets. Rather, I think it’s very important that this public menace be brought into the public eye. You should definitely send this article, and the other two about Mr. Kivimaki (here and here) to your local news media. Share them on social media and ask others to do the same.
Finally, if you do just one thing about this, I ask that you call FBI director James Comey at (202) 324-3000. Special Agent Ryan Brogan, the agent assigned to Julius’ case, is also available at this number. Ask why this dangerous terrorist hasn’t been extradited and brought to justice here in the States. This isn’t about revenge, this is about you, your friends, and your family, all put at jeopardy at the hands of this sociopath. The life you save could very well be your own.
The Prize at the Bottom of the Box
It’s not all doom and gloom here. Courtesy of Mr. Kivimaki’s poor security practices, the aforementioned group of happy ninjas released a list of SSH username/password pairs for hundreds of thousands of machines that Julius used for spamming and masking his nefarious activities. Use them to your heart’s content.
Use them for lots of stuff so they get shut down.