Man Arrested for Snowflake Hacking Spree Faces US Extradition

For overmuch of this summer, a mysterious radical of hackers carried retired a landmark spree of large information breaches, all targeting customers of the unreality information retention institution Snowflake. Now 1 alleged hacker—whom experts judge to beryllium the ringleader of that group—has been arrested successful Canada, and helium whitethorn beryllium connected his mode to a US court.

On Monday, Bloomberg and 404 Media reported that a Canadian antheral named Alexander Moucka, who besides goes by the sanction Connor Moucka, was detained astatine the extremity of October connected a provisional apprehension warrant. Moucka past appeared successful a tribunal proceeding today, November 5, arsenic portion of extradition proceedings, 404 Media archetypal reported.

Under the hacker handles Waifu and Judische, Moucka is believed to beryllium a notorious fig successful the cybercriminal underground, says Allison Nixon, a information researcher and the main probe serviceman astatine information steadfast Unit 221B, who has agelong tracked his online activity. She alludes to Moucka’s alleged hacking enactment going backmost years anterior to the Snowflake breaches. “I was waiting for this one,” says Nixon. “Waifu was the person of a radical who was liable for galore large intrusions implicit the past fractional decade.”

Suspicious enactment linked to Snowflake lawsuit accounts was archetypal spotted successful April, according to a June study by Google-owned information institution Mandiant, which was employed by Snowflake to jointly analyse the hacking. The archetypal chartless victim’s Snowflake systems had been accessed utilizing login details that were antecedently taken by infostealer malware, the study says. Over the adjacent mates of chaotic months much than 165 Snowflake customers, according to Mandiant’s report, perchance had information they stored successful Snowflake’s systems, exposed oregon stolen. Hundreds of millions of records from AT&T, Santander, Ticketmaster proprietor Live Nation Entertainment, and much were accessed successful the hacking spree.

Mandiant’s study successful June said that the bulk of the compromised Snowflake accounts did not person multi-factor authentication turned connected and credentials gathered from infostealer logs—some dating backmost to 2020—were utilized to entree them. Since the breaches, Snowflake has updated its systems to necessitate multi-factor authentication to beryllium turned connected by default.

A spokesperson for Snowflake tells WIRED it has nary remark connected the arrest. Ian McLeod, a spokesperson for Canada’s Department of Justice, says Moucka was arrested pursuing a petition by the United States. “As extradition requests are considered confidential state-to-state communications, we cannot remark further connected this case,” McLeod says.