The man accused of carrying out cyberattacks against dozens of Snowflake Inc. customers will face an extradition hearing later this year, after Canadian officials accused him of cybercrimes and being “a risk of danger to the public, police and himself.”
Recommended Videos
Connor Riley Moucka appeared at assignment court in Kitchener, Ont., on Friday, where the court discussed Moucka retaining a lawyer almost a month after the arrest, following complications with legal aid and extradition procedures.
Moucka’s lawyer did not respond to a request for comment.
Bloomberg News first reported the Oct. 30 arrest of Moucka in Kitchener after three people familiar with the case confirmed he was linked to the attacks.
Companies including AT&T Inc., Live Nation Entertainment Inc. and Advance Auto Parts Inc. disclosed that they were affected by the attacks in June and July. Snowflake’s software pulls in, organizes and analyzes data from a variety of sources.
According to Canadian and U.S. officials, Moucka worked with John Erin Binns and other co-conspirators to target customers of Snowflake, using a tool that gave them access to data housed in their Snowflake “instances,” a term for online storage environments intended to be accessible only by the customer organization. After stealing this data they attempted to extort their victims, and successfully retrieved $2.5 million from three unnamed organizations.
Moucka and Binns allegedly managed to access an instance belonging to Snowflake itself, by breaking into a former employee’s account, according to a Snowflake spokesperson.
The wider cyber campaign this summer resulted in the theft of millions of people’s personal data. The hacker used stolen credentials that were available in places like cybercriminal forums to access customer accounts, which lacked security measures such as multifactor authentication, Snowflake has said.
U.S. authorities requested Moucka’s arrest in October, and Canadian officials believed him to be a threat to public safety and a flight risk, according to a search warrant seen by Bloomberg News.
In addition to the alleged attacks on more than 10 organizations earlier this year, the warrant said Moucka — who is said to use the aliases Judische, Catist, Waifu and Ellyel8 — made posts online referencing suicide, mass killings and obtaining “guns to kill Canadians.”
Moucka also is alleged to have targeted cybersecurity researcher Allison Nixon, chief research officer at Unit 221B, a cybersecurity firm, with threats of violence. Bloomberg has previously reported the threats but didn’t name Nixon, who gave an interview on the matter to the Waterloo Region Record published Friday.
In an interview with Bloomberg, Nixon said she had been tracking the alleged hacker for years, but wasn’t working on his case until he began making threats against her. The threats spurred the company to assist in the investigation against Moucka, Nixon said.
“He made mistakes, which we caught, and the police came to his home,” she said.
Moucka also had access to nearly $3.5 million worth of cryptocurrency, authorities said, and was considering gaining citizenship to the European Union through the Czech Republic. Police have been unable to recover the $3.5 million, they said.
Moucka was active as recently as October, the warrant said, when he allegedly attempted to re-extort a company that had already paid him a ransom.
A person claiming to be behind the attacks spoke with Bloomberg News over Telegram earlier this year, saying that they were hoping to get $20 million for the full set of data they had stolen. No evidence suggests that bulk data was sold.