Alleged Snowflake Hacker Danger to Public, Canada Says

(Bloomberg) — The man accused of carrying out cyberattacks against dozens of Snowflake Inc. customers will face an extradition hearing later this year, after Canadian officials accused him of cybercrimes and being “a risk of danger to the public, police and himself.”

Most Read from Bloomberg

Connor Riley Moucka appeared at assignment court in Kitchener, Ontario on Friday, where the court discussed Moucka retaining a lawyer almost a month after the arrest, following complications with legal aid and extradition procedures.

Moucka’s lawyer did not respond to a request for comment.

Bloomberg News first reported the Oct. 30 arrest of Moucka in Kitchener after three people familiar with the case confirmed he was linked to the attacks.

Companies including AT&T Inc., Live Nation Entertainment Inc. and Advance Auto Parts Inc. disclosed that they were affected by the attacks in June and July. Snowflake’s software pulls in, organizes and analyzes data from a variety of sources.

According to Canadian and US officials, Moucka worked with John Erin Binns and other co-conspirators to target customers of Snowflake, using a tool that gave them access to data housed in their Snowflake “instances,” a term for online storage environments intended to be accessible only by the customer organization. After stealing this data they attempted to extort their victims, and successfully retrieved $2.5 million from three unnamed organizations.

Moucka and Binns allegedly managed to access an instance belonging to Snowflake itself, by breaking into a former employee’s account, according to a Snowflake spokesperson.

The wider cyber campaign this summer resulted in the theft of millions of people’s personal data. The hacker used stolen credentials that were available in places like cybercriminal forums to access customer accounts, which lacked security measures such as multifactor authentication, Snowflake has said.

US authorities requested Moucka’s arrest in October, and Canadian officials believed him to be a threat to public safety and a flight risk, according to a search warrant seen by Bloomberg News.

In addition to the alleged attacks on more than 10 organizations earlier this year, the warrant said Moucka — who is said to use the aliases Judische, Catist, Waifu and Ellyel8 — made posts online referencing suicide, mass killings and obtaining “guns to kill Canadians.”

He also had access to nearly $3.5 million worth of cryptocurrency, authorities said, and was considering gaining citizenship to the European Union through the Czech Republic. Police have been unable to recover the $3.5 million, they said.

Moucka was active as recently as October, the warrant said, when he allegedly attempted to re-extort a company that had already paid him a ransom.

A person claiming to be behind the attacks spoke with Bloomberg News over Telegram earlier this year, saying that they were hoping to get $20 million for the full set of data they had stolen. No evidence suggests that bulk data was sold.

(Corrects to remove Riot Games as a victim of the hack in the seventh paragraph.)

Most Read from Bloomberg Businessweek

©2024 Bloomberg L.P.

EMEA Tribune is not involved in this news article, it is taken from our partners and or from the News Agencies. Copyright and Credit go to the News Agencies, email news@emeatribune.com Follow our WhatsApp verified Channel210520-twitter-verified-cs-70cdee.jpg (1500×750)

Support Independent Journalism with a donation (Paypal, BTC, USDT, ETH)
WhatsApp channel DJ Kamal Mustafa