Psychotherapy center The catching-up of the perpetrator of Vastamo's hacking depends above all on what kind of traces the perpetrator has left.
There is always some trace of all digital activity.
Security expert Benjamin Särkkä tells STT that many things suggest that this is not the most technical type in the world, and the author has not been able to cover all his tracks.
According to him, the author's traces can be traced, for example, through blackmail messages.
- At some point, however, Bitcoins will have to be replaced by a physical world, the transition is a point where you can get stuck, Särkkä says.
Blackmail emails have been sent to victims of the leak.
The blackmailer writes that the customer must pay 200 euros worth of bitcoins within 24 hours.
If payment is not made within that time, the amount will rise to € 500, which must be paid within 48 hours.
If the victim does not pay, the blackmailer threatens to publish sensitive information.
"This is probably a Finnish author or the author collaborates with a Finnish"
According to Särkä, there are a lot of signs in the leak that refer to the Finnish factor.
- The blackmail messages are written in absolutely perfect Finnish and the information has been shared on forums that are in Finnish and that require identification information in Finnish, Särkkä says.
According to him, the texts do not look like machine translation.
According to his assessment, this is either a Finnish author or the author cooperates with a Finnish author.
- It limits the potential factors quite a lot, Särkkä says.
The risk of getting caught is increased by the fact that the case is unique and has been much in the public eye.
- If the author speaks at all to anyone, the listener hardly keeps that information to himself but it is extremely likely that someone will tell you about it, Särkkä says.
Benjamin Särkkä thinks that this is probably a Finnish author or that the author collaborates with a Finnish. Photo: EMILIA ANUNDI
There are risks involved in volunteering
Särkkä estimates that the Central Criminal Police (KRP) has the opportunity to find out the perpetrator.
According to him, KRP has skills and talented people who have the capacity to investigate the case.
The question is whether there are enough resources for it, among other things.
However, the perpetrator may remain hidden if, in spite of everything, he has managed to cover his tracks or leave traces in obscurity.
- The obfuscation directs the resource to the obscurity, and with it the investigation becomes more difficult and slower, which makes its essential data and access to it difficult, Särkkä says.
There have been reports in the public that volunteers are trying to find out the perpetrator.
Although the intention is good, there is a risk, according to Särkä.
- Those who study this independently move a little on it on the gray line of ethics.
Not everyone understands that their own functions may make it difficult to investigate the right party, in this case KRP, Särkkä says.
According to Särkä, the best way to help is to send link information, screenshots and others directly to the police.
- And that way you can get that data together, now it's not worth going to get your own legal action at all, Särkkä says.
Särkkä reminds that those who voluntarily investigate the matter can also commit the crime themselves, even if they have been on the move in good faith.
"Somewhere a security check has failed"
According to Särkä, it is a big moccupation from Vastamo that the author has had access to patient data.
- Somewhere a security check has failed and has not been noticed in time.
I don’t know if it’s about negligence, indifference or ignorance, Särkkä says.
According to him, Answers should now be answered from difficult questions.
He would also like Vastamo to take more active responsibility for the victims.
- In my opinion, Vastamo could have paid for these credit bans, for example, or at least the possibility of a refund, from his own bag.
He wants to emphasize to the victims that they should seek help if necessary and not panic.
He adds that although the blackmail message had a personal identification number, it is not a personalized message but has been sent to anyone whose information has been obtained.