Ransom Man: 3. For the LOLz

"If I had done even 1% of all the stuff that was done to me, I would be in jail for the rest of my natural life."

“This is Blair Strater. He's talking to me from the basement of his home in Illinois, USA.”

He doesn't want you to know exactly where he's living today. For reasons you'll understand completely, once you've heard his story. "How old are you now, Blair?" "I am 30." Unfortunately. "Don't say that. I'm much older than 30." We're speaking in a video call. Blair is happiest when he's looking into a screen. "I have been working with computers taking them apart. For as long as I can remember,

I'm told I've been doing this since I was three. I personally don't believe that." "But his desk is crammed with tech. Drives, cables, microphones, bits of kits. I can't begin to

describe." "Why have you always been so drawn to compute this?"

“"I am diagnosed asperger and I believe now that's just considered a type of autism. I know that”

the the nomenclature has changed. Labels like that are far more relevant when you're in school, when you're an adult. You're not autistic, you're just an asshole." "So a common joke in engineering circles is nowadays if you are on the spectrum, you go into technology and that's your fixation. The computer doesn't actually do you because I miss under study or any number of things like that." "Today, Blair runs his own cyber security firm. But he's also a reformed hacker."

"Like most of these stories, it starts at 4chan. On 4chan, the key feature of image boards is near to horrible anonymity." In the late Norties, he started hanging out with strangers on online message boards and chat service. "There was essentially no moderation. How old were you when you were on 4chan and using these 12?" "You were 12. And what was it like? I mean was it exciting?" "Everything is very ephemeral, it's very throwaway and this does lend itself to certain types of behavior.

It makes certain kinds of behavior easier and it makes investigating that behavior more difficult. And behavior." "Come on. Come on." "Spel it out for me." "Blair is smoking weed when he talks to me. It's perfectly legal in the state of Illinois, but an interesting choice when giving an interview to the BBC." "I mean any general activity that you would associate with quote-unquote "the hacking scene." So that would include fraud. Now

ransomware attacking someone so doing account takeovers or just the act of breaching a website or breaching a company to do whatever to them." "What do your parents think about one of this?" "Why would they know about it?" "Blair's parents did find out some of what he was doing online when he was 16 and he had got into some serious trouble." "It was around the time when Rick Rowling

“was a thing. Do you remember Rick Rowling?" "You get someone to click on a link and it unexpectedly”

takes them to the music video of Rick Ashley singing "Never Gonna Give You Up." "It was funny at the

time, I guess." "Blair thought his school's website was ripe for the taking." "They had the marketing video as a video player on the front page, but that would accept any YouTube video ID that you'd give it." "The music video for Rick Ashley's never gonna give you up." "You know you put that on there." "But when I went back to that same school after summer break had ended." "What is the first question you get after summer break?" "What did you do over your

vacation?" "Ah, you know not much. Pack your website. I'll bring you pictures tomorrow." "This wound up in police evidence." "Hackers often do it for attention. For clouds. But if you brag about hacking, you can get into trouble." "Blair's brush with the police meant he was put on probation for a year or so, but it didn't stop him. He got deeper into it alongside a group called Hack the Planet. They'd target internet hosting companies and cyber security firms." "The question

anyone who's gonna ask is why would you do it?" "And back then the answer was always

three words done. It was for the loss." "They do it because it's funny. They do it as a challenge." "Since well before there was a word for it, teenagers have been chasing the laws. They once made prank calls or through eggs at cars, but Blair's generation had the whole cyber space to play with.

IRC called himself Zeekill. He and Blair struck up a kind of friendship. "Objectively speaking,

“yes Zeekill is a funny. He knows how to make things funny." "Would I find it funny? Or is it a”

particular kind of comedy that goes down well on fortune?" "That would be a good descriptor. Basically

well-adjusted society would not find it funny or at least not be allowed to laugh at it publicly. Dark Edgy Gallows humor. So if he's saying funny shit, I'm gonna build on that. He's gonna build on that as how it works." Zeekill was actually a 14-year-old kid from Finland. His real name was the same one that came into cyber security expert Antikuritu's mind when he was investigating the hacker holding the psychotherapy notes of tens of thousands of Finnish people to ransom. Julius

Kivi Mackie. Blair would soon discover that what Julius Kivi Mackie found funny could be absolutely

“terrifying both for Blair and for his entire family. "He has a weapon on you. What did you do”

them with?" "I'm Jenny Kleeman and from BBC Radio 4 and Intrigue, this is Rants and Man." Episode 3 "For the Loads." The way Blair describes it, hacking and intimidation often go hand-in-hand. "People in that scene are not necessarily competitive. It's more of a look how scary I am, factor. You want someone else to think that you have skills so that you can

project some air of danger." When Blair was 17 and Kivi Mackie was 14, they fell out over which

one of them was going to publish a report of a Reethon hack. "I just wanted to put it on my website and that was that and you want to put it on fucking his. That's stupid petty stuff when you really look

“at it but that is what the argument was about. Yeah I mean you have two teenagers talking shit at”

each other and both of us got thrown out of this chat." A fight between two chronically online teenage boys exploded into the real world. It began with multiple unwanted orders of pizza. And Chinese takeaway arriving at Blair's family home. On the doorstep, the delivery driver would ask for Julius Kivi Mackie. "Then it began to escalate to utility shut-offs. People would call our electric company, our gas company, our internet company, and pretend to be the account owner

and ask for cancellation of the account or access to the account itself. Getting random letters from random financial institutions about accounts you are not opening that may or may not be used to rack up a whole bunch of debt in your name is pretty scary." That is when it really escalated because now you have someone who's willing to do something that's considered less a prank and more fraud and identity theft. Taxis were sent to Blair's home.

Sand was ordered. Three tons of gravel were ordered. "My father, uh, he had to send away a, it's the big dump truck filled with gravel and hookers were ordered." So you had sex workers turning up at your house and what would they say when they arrived? "I don't as the door, apparently the door." "My attitude was, don't open the door. What are they going to do, break in?" "He would also sign us up for, uh, like social security benefits, creating an appointment with

the welfare office with my name on it, and his name on it, it would say spouse Julius Kivimaki." Then came what Blair likes to call Tesla weekend. "You're on Moscow once tweeted out my home address and phone number." Years before he went on to own the site, the richest man in the world had his personal Twitter accounts and the account of his most profitable business Tesla Motors hacked and filled with the contact details of an Illinois teenager. Get a free Tesla,

the post said, "Call Blair's number." The people who had taken over these accounts had posted

that phone number or shows up at that address gets a free Tesla car. And this was back when people were unusually fanatic about these cars. One person showed up to my house for his free car. There is no

“free car asshole going. But he wouldn't leave. He says, "No, you need to open up that garage door because”

that's where my car is." This dude had to be hauled away by the police because he was insisting my car is in that garage and you're going to give it to me. Calls were literally non-stop for at least those three solid days. That Julius Kivi Mackie's voice you can hear left on one of dozens of voice males sent to Blair. He saved a lot of recordings from this time. He personally would call our home phone and serenade me on my voicemail. The campaign against Blair and his family continued

for years, sometimes stopping for months before starting up again. And it got even more disturbing.

They would be woken up by armed police. The very first one happened at two in the morning.

I was in bed for this. He got the lights outside because they're there because someone was murdered. Someone had run up saying that you had murdered your parents. Yeah, supposedly I had murdered my mother and I would go on to do this dozens of times. This kind of harassment, making hoax calls to get armed police to descend on an address, is called swatting. This operating I went to from the national mail in one chance to serve.

Here's someone using a text-to-speech program on a call to emergency services, pretending to be Blair.

“I see for us is she breathing? No. Do you have a weapon on you? What did you do this with?”

There's a rifle. When you are being swatted, the police think it's real. They send 5-10 people. Now all of these people, they are probably going to be in full body armor and they're going to be carrying long guns with laser sights. The reason I know this is because I've had quite a few laser sights on me. They yell police search warrant as loud as they can and they start pointing guns at anyone that they find. They are ready to shoot and kill you.

Blair was still on probation for hacking his high school websites during this time. He says that someone else sent harassing messages to the officer in charge of that investigation from an email address that looks like it belonged to Blair, including a bomb threat. It led to Blair's home being raided and him being arrested and sent to juvenile detention. It got me a felony conviction and I was held in remand for three weeks over Christmas.

And a felony conviction is what I call an everlasting job stopper in that felons don't get jobs. Blair was being terrorized, but he's the first to admit he's no angel. I'm wondering whether he has ever swatted or doxed anyone by making their contact details

“and home address public. If you dox people have you swatted people?”

I myself have never swatted anyone. Have you docked people? Doxing someone?

Have I gone around and used publicly available sources and compiled that information together and released publicly as I have? When you did this doxing, what kind of people were you doxing? It was other people who were in these circles. So it wasn't like their families or people connected to them. No. When I asked Blair if he tried to get Kivy Maki back,

he tells me that a friend broke into Kivy Maki's server. I did two whole blog posts about everything that was found on that server and all the other things that he was doing. Anything that I am discussing is either shit that happened when I myself was a child

and I've grown out of an I regret terribly, but I'm not going to sit here and say I never done it.

I appreciate your honesty with it. Blair's mother, Amy, was specifically targeted. My parents are older gen X and they use that same password everywhere. And once you have the email account, you get everything. Amy's LinkedIn and Twitter account were taken over and filled with racist posts,

as well as antisemitic insults directed at the company where she worked as a health care statistician. Within months, she had lost her job. Someone hacked into Amy's email account and used it to message a group of hundreds of residents of their neighborhood. The subject line of the message was, "I will shoot up your school." Who this really affected was my sister because she went to that school.

She's dealt with some serious shit. I'm very proud of my sister.

“Blair says his mother has lost several jobs due to the online campaign against their family.”

She's had to change her name in order to get work. Blair, too, has struggled to keep a steady job because of the fallout from the years of harassment. They reported it all to the police, nothing ever came of it.

Kiwi Maki has admitted pranking Blair in his family, but always denied doing anything more

serious than that. It wasn't just Julius Kiwi Maki who did all this to them, Blair says. Kiwi Maki sometimes wrote in other people, too. "Every so often someone would hit me up and say, "Hey, I was one of the people that helped Julius do these things. Sometimes they would say he made me do them. He was blackmailing me.

“I want to make this very very clear. I am not the person's equal fucked with the most."”

And his right. Kiwi Maki always had his sights set far beyond one suburban family in Illinois. Kiwi Maki was the biggest case that we investigated in the Helsinki Police Department.

In 2013, Auntie Coritu was working as a detective for the Finnish police,

and he went to Julius Kiwi Maki's home, just outside Helsinki. We rang their doorbell in the morning. His younger brother was home and he came to open the door. And then I could hear the banging on a mechanical keyboard like the one that actually clicks when you type on it, much preferred by touch-typeists and hackers. Kiwi Maki was 16 then. Auntie and his team wanted to speak to him about a suspected hat.

We went in and found him in his room, tapping away on his keyboard and just ordered him to step away from the computer, so he got slightly agitated. Our tactical mistake was that we didn't pay attention to the fact that some of the power to his room was actually delivered by an extension cord that was right next to his foot, so he used his foot to turn it off, which caught his internet connections. So at that point, we decided we'll take him into custody. Confiscated his computers, everything

we could find in his room, laptops, hard drives, USB sticks. We realized that we're dealing with

“something much more than just an individual data breach. What did you find on his hard drive?”

I found chat logs, copies of servers, more chat logs, thousands of credit card numbers, password lists, database dumps, everything you'd expect from an active young hacker, all in a big disorganized pile. A lot of it came from Kiwi Maki's time with hacked the planet. These guys were professional in their technical capabilities, but motivation was obviously hobbyist. They would do these kind of big splashy things. I don't think any of them made any money out of

this, and it wasn't even a statement of any sort. It was just mischief, just breaking windows

basically. Just doing it for fun. Yeah, for the walls.

And they were able to do some significant damage to legitimate companies. One of the more nefarious things that he was that they were able to hijack the domain name MIT.edu. The domain of MIT, Massachusetts Institute of Technology. They set up what's called a defacement page. It was just like we owned you kind of a message. And then they redirected the traffic there. The other thing they did was that they set up a mail server to receive all of the

email sent to any address that ended in MIT.edu. And we could find the digital artefacts of this attack on his computer. One of the most prestigious universities in the world breached and humiliated by a bunch of kids. Kivi Mackey was under investigation for the MIT hack, but it still didn't stop him. In August 2014, days after his 17th birthday, a fake bomb threat, grounded a flight carrying the CEO of Sony online entertainment who was in charge of PlayStation. A hacking group calling

themselves Lizard Squad claimed responsibility. Lizard Squad struck again on Christmas Day 2014 with a cyber attack that shot down Xbox and PlayStation. Kivi Mackey agreed to appear on Sky News as a Lizard Squad spokesperson. He spoke to Joe Tidey, who's now the BBC's cyber correspondent. Kivi Mackey used a fake name, but his boyish face, blonde hair, blue eyes, plump cheeks,

enjoyment of gaming away from more than a hundred million people over this Christmas period?

I'd be rather worried if those people didn't have anything better to do than play games under consoles on Christmas Eve in Christmas Day. I mean, I can't really feel bad. I might have first a couple of kids to play spent their time with their families instead of playing games. He was quite ruthless and uncaring about getting caught. Antikorito was struck by how brazen Kivi Mackey could be. He was using his own email address, which was his first name and last

“name. You don't usually see that. And did Kivi Mackey strike you as a sophisticated hacker?”

I wouldn't choose that word. It was definitely exceptional. I think his exceptionalism was that he was, he seemed obsessed with it. It consumed his whole life. Just looking at the amount of activity on his machine. He wasn't trying to outdo himself with cleverness or math or coding. It was more about the effect. He definitely had a lot of knowledge. New more about this stuff than I did when investigating it. That's for sure. But then again, he spent probably 20 hours a day doing it.

I only spent eight hours a day because after that, they stopped paying me and I went home. In July 2015, two years after Antik and his fellow officers found Kivi Mackey in his bedroom, Kivi Mackey was convicted of 50,000 data breaches, including the MIT hack, as well as money laundering and fraud. He received a two-year suspended sentence and had to pay back over 6,000 euros obtained through his crimes. After receiving his sentence, Kivi Mackey

updated his Twitter profile to read Untouchable Hacker God. Hello, hello. What's that? Hi. Ever since the MIT investigation, Kivi Mackey's lawyer has been Peter Yari. By the time my producer Sam and I arrived in Finland,

I've been exchanging emails with him for a year. I'm very glad to finally meet you in person.

I'd like to meet you too. I'm very glad to meet you. Peter's wearing a floral shirt with a blue

“checked jacket. He has a dazzling smile. Coffee. I'd love a coffee. What about Sam?”

We settled into chats at the boardroom table of Peter's Helsinki law firm. I mean, what makes a Peter Yari case? What makes a Peter case is loyalty, client loyalty and good sense. Peter was introduced to Kivi Mackey through an old colleague. And he has the family friend and he's under 18. That would be interested to assist in this case. I said, why not? He seemed much older from his profile of behaving and he's a very special

person. He reads a lot. Studies a lot. Even though he didn't finish his high school to my understanding, he absorbs a lot of information. And of course he's good with the computers. He's clever. He's clever. I would say he's very clever.

And confident. Very confident. And even when you first met him, he had that presence in authority.

Yes, he was. He was sometimes even difficult to determine which one of us is the lawyer. Really? I guess you could say that when the guy who can read a 500-page book in a day. So he was giving you legal advice? Well, he was trying to give me legal advice.

“He hacked MIT server. Did he hack it or a group of hackers?”

He was involved in hacking. Why did he do that? He was 13, 40 years old and eager to be involved in this hacker group. What was it then called? Wizard or something. Lizard? Lizard, not mixer. And I think there was no bigger motivation than just to show off his ability. It was actually hack the planet, not Lizard Squad. But you can see why it's all one and the same for Peter. In his eyes,

Kivi Mackey was just messing around with these groups, trying to impress people online, no real harm intended. Here is found guilty of these hacking offenses, but he wasn't jailed. No, he wasn't jailed. He was under 18 years old. What do you make of that as an activity? I mean, of course. Well, first of all, I think the early

that they have holes in their cybersecurity, but they never reacted to anything.

You think he was exposing flaws in their security system? I would say so. So he was doing a kind of public good there. Peter would represent Kivi Mackey again a few years later when he faced charges for the bomb threat that grounded the plane carrying the boss of PlayStation. Again, he was found guilty. Again, he avoided a prison sentence. Kivi Mackey has never faced any charges for what he did to

Blair's traitor and his family. He's always said he never did anything more serious than

“pulling a few pranks on them. When did this entire campaign against you end?”

Never end. It's like having cancer. Your cancer is never cured. It goes into remission. The last time it happened would be around 2017, 2018. And do you know why? Why? He lost interest. I think it's a combination of him being bored. Maybe him having been caught out in the lizard squad stuff. A lot of these, you know, hacking groups. They are very, very much for children. In people ask me, "Do you hate Z-Kill?" And at this point,

“you know, I'm not a, "Oh, I forgive in him." I'm not one of those people.”

I'm just, "I am so done." And God damn it, I want the guy arrested. After Vastamo was hacked in 2020 and tens of thousands of finished people had their most private thoughts held to ransom. Blair, Auntie, and the finished police had a hunch that Kivimaki was behind it. But hunches are not enough to bring a person to justice. Detectives needed hard evidence linking Kivimaki to the biggest crime Finland had ever known.

“They had to build a case against a man who considered himself untouchable.”

And they had to find him. No one had any idea where Julius Kivimaki was. The hunt was on. Ransson Man is written and presented by me, Jenny Kleeman. The producer is Sam Peach. The executive producer is Georgia Cat. The commissioner is Dan Klock and the commissioning executive is Tracy Williams. Sound design by Sam Peach, original music for the series was composed,

performed and produced by Echo Collective. It's a BBC studio's production for BBC Radio 4. I'm Joe Tidy, the BBC's Cybro Correspondent. And I'm Sarah Rainsford, the BBC's former Moscow Correspondent. And in Cybro Hack, Evil Core, we're on the trail of a Cybro Crime gang who are accused by the FBI stealing hundreds of millions of dollars worldwide. They would just go from bank to bank.

And of having links to Russia's powerful intelligence services. Listen now, search for

Cybro Hack, wherever you get your BBC podcasts.