Skip to footer

Finnish teen convicted of 50,000 hacks avoids jail time. Why?

A Finnish teenager found guilty of credit card theft and email hijacking, among other things, has avoided jail time. The case raises questions about how judicial systems should deal with juvenile hackers.

|
Kacper Pempel/Reuters/File
A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration. The conviction and sentencing of a Finnish teen in a cybercrime case raises questions about how to deal with juvenile hackers.

A Finnish teenager has been convicted of 50,700 “aggravated computer break-ins” – and punished with what some say is a mere slap on the wrist.

On Wednesday, Finland’s District Court of Espoo found Julius Kivimäki guilty of cybercrimes that involved break-ins into Harvard University and the Massachusetts Institute of Technology (MIT), email hijacking, blocking traffic to websites, and credit card theft, the BBC reported. Despite the severity of the crimes, the 17-year-old hacker, largely because of his youth, has not been jailed, and instead received a two-year suspended prison sentence, according to the British network.

The incident has raised questions about how forcefully judicial systems around the world should deal with hackers, particularly those who are also juveniles.

“The danger in a [court] decision such as this is that it emboldens young malicious hackers by reinforcing the already popular notion that there are no consequences for cybercrimes committed by individuals under the age of 18,” cybersecurity expert Brian Krebs wrote in his blog.

The ruling, he added, was a “win for Internet trolls.”

As they have with crimes committed by minors, authorities have struggled to strike the right balance in dealing with juvenile cybercriminals. Some officials’ attempts to deter young people from committing cybercrimes have been criticized as too heavy-handed.

Take the case of “Cosmo the God,” who in 2012 was found guilty of a slew of cyber-attacks, including credit card fraud, identity theft, and bomb threats. He was 15.

Cosmo’s sentence, issued in Long Beach, Calif., placed him on probation until his 21st birthday. Until then, he would not be allowed to use the Internet without supervision or prior consent from his parole officer, or for any purposes besides education, Wired reported at the time. He also had to hand over his passwords and account logins, and give up the computers that the FBI took when they raided his home. Violation of the terms would land him in jail for three years, according to Wired.

It was, as Gizmodo’s Sam Biddle put it, “the hacker equivalent of a death sentence.”

“To keep someone off the Internet for six years – that one term seems unduly harsh,” Jay Leiderman, a Los Angeles attorney who has represented alleged members of Anonymous and LulzSec, told Wired. “You’re talking about a really bright, gifted kid in terms of all things Internet. I feel that monitored Internet access for six years ... could sideline his whole life – his career path, his art, his skills. At some level it’s like taking away Mozart’s piano.”

Yet some experts say that heavy punishment is necessary to discourage young hackers from committing crimes in the future.

Mr. Kivimäki, who was previously linked to the hacker group Lizard Squad and who now describes himself on his Twitter profile as an “untouchable hacker god,” was able to compromise more than 50,000 computer servers, installing ‘backdoors’ that let him sneak in and retrieve information, the BBC reported. Prosecutors also accused him of carrying out denial of service (DoS) attacks – which interrupt or suspend the services of a host connected to the Internet – and of helping steal gigabytes worth of data from MIT's servers.

The latter attack incurred more than $213,000 in costs as a consequence, the company that ran MIT’s email infrastructure told the network.

These are serious crimes that merit serious punishment, Mr. Krebs noted.

“It is clear that the Finnish legal system, like that of the United States, simply does not know what to do with minors who are guilty of severe cybercrimes,” he wrote.

On the other hand, Kivimäki did spend a month in jail while awaiting trial, a fact that was also considered in his sentence.

“[The verdict] took into account the young age of the defendant at the time, his capacity to understand the harmfulness of the crimes, and the fact that he had been imprisoned for about a month during the pre-trial investigation,” a court statement said, according to the BBC. 

One step that cybersecurity experts suggest against juvenile cybercrime is to teach cyber-ethics at an early age, and to perhaps even make it part of the curriculum, so that children grow up with a sense of what’s right and wrong in the digital space.

“We need to be teaching children, starting at a very young age, to shun all forms of cybercrime, from making illegal copies of software to stealing usernames and passwords and trespassing into systems that don’t belong to you,” Stephen Cobb, senior security researcher at cybersecurity firm ESET, wrote for the company’s news site.

Governments and other industries should also work to increase international pressure against hacking, as well to improve opportunities for talented young hackers, he added.

“The old saying that idle hands are the devil’s playthings also applies to hacking skills,” Mr. Cobb wrote. “If more people have them than there are jobs in which to employ them, those ‘skillz’ are apt to be misused.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.
editor@csmonitor.com
Subscribe
Mark Sappenfield
Editor

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

Subscribe to insightful journalism

QR Code to Finnish teen convicted of 50,000 hacks avoids jail time. Why?
Read this article in
https://www.csmonitor.com/Technology/2015/0709/Finnish-teen-convicted-of-50-000-hacks-avoids-jail-time.-Why
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe