CTRL+ALT+CHAOS (eBook)

//1

An accidental arrest

2023

It was just getting light as the patrol car rolled up the cobbled intersection to 1 Promenade Saint-Nicolas. The six-storey building wraps around a pretty little park and children’s play area in Courbevoie – a leafy corner on the northern fringes of Paris. Far from any nightlife hotspots, this is a place for families and business people. ‘Bustling during the day but usually peaceful at night’ is how one of the residents described it to me. The alert to police came from a woman worried about a friend of hers who lived there. A group of them had been out drinking at a nightclub and her friend had had a big argument with her partner. He was angry and drunk, she told the call handler. Her friend had not been picking up her phone since they returned home and she was terrified something had happened. The police took the report seriously and turned up at the apartment shortly after the call came in at 7 a.m.

They knocked and waited in the corridor but no one answered. They knocked again and nothing. Again, and still silence. Then, according to local news reports,1 the officers got their battering ram out and were readying to smash the door in when a young woman opened it.

She was fine. Perhaps a little hungover and upset, but any police fears of domestic violence were quickly laid to rest. They found her husband in bed and woke him up. Then, as a matter of protocol, they asked to see some ID. He dug around for his documents and handed over a passport that declared him to be a Romanian citizen called Asan Amet. It seemed an unlikely name for this six-footthree, blond-haired, green-eyed man so one of the officers radioed the station to run some checks while the other made small talk in the apartment.

Then alarm bells rang.

The name ‘Asan Amet’ was flagged up as one of the fake identities used by one of Europe’s most wanted criminals. This baby-faced man had been charged in Finland with ‘computer-related crime, racketeering and extortion’.

Police cuffed him and led him outside to their car as residents walked past on their way to work or on the school run. Another team came to search the apartment, finding signs of a resourceful and well-connected criminal: he had two other Romanian photo ID cards under the same fake name and there were also images on his wife’s phone of four other drivers’ licences, each one bearing his picture but each one a fake – including one from Britain and one from Arizona.

With the fugitive in the back of their patrol car, the police drove down the narrow streets towards the River Seine. The Eiffel Tower was visible in the overcast skyline that lay ahead on the long straight road to the city centre. The officers probably couldn’t wait to talk about the morning’s unexpected success. The man sitting in cuffs behind them was a huge target.

His real name was Aleksanteri Julius Tomminpoika Kivimäki.

#

Some 2,600 km away in Helsinki, the silence in the offices of Finland’s Cybercrime Centre was broken by four sounds in quick succession. First came the ding of a text message. Then a chuckle. Then another ding. And then an almighty shout of ‘JOOOO!’, which is the Finnish for ‘Yeeeeees!’

The first ding was Detective Chief Inspector Marko Leponen receiving a text from a colleague informing him of the arrest. The chuckle was him laughing it off as a bad joke and sending a sarcastic reply. The second ding was the confirmation that the news was real. And that exultant ‘JOOOO!’ was the chirpy middle-aged cyber cop shouting out in delight. Congratulations exploded around the station. Everyone knew how hard Marko had worked over the previous couple of years to find the hacker behind the Vastaamo cyber attack. They knew too that he had been waiting for news of this arrest for months – ever since he had identified Kivimäki as the prime suspect and arranged for him to be remanded ‘in absentia’ on 27 October 2022.

That notice released by Helsinki District Court had been the biggest talking point of the cyber world at the time. It read: ‘A European arrest warrant has been issued against the suspect. He can be arrested abroad under this warrant. After that the police will request his surrender to Finland. An Interpol notice will also be issued against the suspect, who is a Finnish citizen and about 25 years of age.’

The reason it sparked so much interest was simple: the Vastaamo cyber attack of October 2020 was one of the most impactful and cruel hacks in history – and remains so to this day. Not only did it affect 33,000 innocent and vulnerable people, including children, it exposed them to the most grotesque form of blackmail, with their therapy notes used as a bargaining chip and then callously published online for the world to see. It also destroyed a growing Finnish company that had been doing important work in mental health. Even grizzled cyber professionals who thought they’d seen it all were stunned by the incident and desperate to see the criminal brought to justice.

Although the police didn’t initially name the twenty-five-yearold suspect, they didn’t need to. Kivimäki AKA The Untouchable Hacker God AKA Zeekill AKA Ryan was a notorious figure with a long history of causing cyber chaos. Marko and his team had been certain he would eventually be found, but they had been forced to put their faith in the ability of foreign police forces to see through Kivimäki’s bank of false identities. They couldn’t believe their luck when the call came in from France so quickly.

Messages of congratulation came flooding into the Helsinki Cyber Crime centre from other police forces around the world. ‘Everyone was rooting for us to get Kivimäki,’ Marko recalls. He cancelled all of his other case work and scrambled a team to go to France and bring the fugitive back to Finland. They would do the lengthy and complex paperwork needed to organise the extradition while Marko and his detectives would begin working towards the most important trial of their careers and the biggest criminal case in Finland’s history. No expense or police officer’s time was spared. Everyone wanted to see justice done.

The anger felt by the police towards this young man long predated the Vastaamo hack. His chosen alias of The Untouchable Hacker God was all too appropriate. Kivimäki had been on the force’s radar for more than ten years. He had been a serial offender since the age of thirteen. With a click of his mouse he had repeatedly disrupted the lives of millions of people and done profound harm to some individuals too. But until now he’d largely got away with it. Not only that, he had bragged about his crimes and taunted the police for years in social media posts and press interviews. This was their chance to right a wrong and put him behind bars.

A couple of days after Kivimäki’s extradition from France came his opening interrogation. Seeing his quarry for the first time face to face, Marko Leponen was surprised by how polite and cooperative he was. But the interview was also extremely tense. It took place in a small room with Marko and three fellow officers facing off against Kivimäki and his lawyer. The detective had prepared for this moment mentally and been willing it to happen for months, but was still amazed that they finally had Kivimäki in custody. He could sense Kivimäki found it all strange too. ‘It was very surreal.’

There’s always a huge amount riding on the first interrogation of a suspect. For the detectives it is less about extracting evidence and more about building a workable connection and relationship with the accused. For that reason, Marko himself took the decision to leave the room after the first introductions had been made. He knew that he had a slim chance of building any rapport with Kivimäki because the hacker saw him as the agent of his doom; it was Marko who had been the figurehead of the Vastaamo investigation and who had arranged for him to be arrested in absentia. It was a good decision. One of his fellow detectives built up a strong connection with Kivimäki from the off. Over the course of the next eight months, that’s how it worked: Marko would stay out of the room unless he was needed for a specific topic and would instead receive detailed feedback on each interview from his officers and via the recorded tapes.

The detectives called Kivimäki in from his prison cell for interviews around a dozen times, sometimes questioning him for eight hours in a day as they tried to break through his guard and find the truth. He was always polite and cooperative, but also wily and careful. He liked to talk. He seemed to enjoy discussing everything cyber and computers – but only on his terms. He had a very good memory for detail until it came to anything potentially incriminating – for example, how much money he had amassed in bitcoin. ‘I can’t remember’ or ‘I can’t answer that’ were his responses when Marko or others tried to press him on important details.

Marko could never work out who the real Kivimäki was under that politeness. He would skirt around subjects and avoid any outright lies with clever turns of phrase. Working out how Kivimäki answered became more important than what he actually said. Detectives slowly identified a pattern to his evasive language that helped them gain clues about what he was – and wasn’t – lying about.

Another thing gradually became...