(Bloomberg) — The man accused of carrying out cyberattacks against dozens of Snowflake Inc. customers will face an extradition hearing later this year, after Canadian officials accused him of cybercrimes and being “a risk of danger to the public, police and himself.”
Most Read from Bloomberg
Connor Riley Moucka appeared at assignment court in Kitchener, Ontario on Friday, where the court discussed Moucka retaining a lawyer almost a month after the arrest, following complications with legal aid and extradition procedures.
Moucka’s lawyer did not respond to a request for comment.
Bloomberg News first reported the Oct. 30 arrest of Moucka in Kitchener after three people familiar with the case confirmed he was linked to the attacks.
Companies including AT&T Inc., Live Nation Entertainment Inc. and Advance Auto Parts Inc. disclosed that they were affected by the attacks in June and July. Snowflake’s software pulls in, organizes and analyzes data from a variety of sources.
According to Canadian and US officials, Moucka worked with John Erin Binns and other co-conspirators to target customers of Snowflake, using a tool that gave them access to data housed in their Snowflake “instances,” a term for online storage environments intended to be accessible only by the customer organization. After stealing this data they attempted to extort their victims, and successfully retrieved $2.5 million from three unnamed organizations.
Moucka and Binns allegedly managed to access an instance belonging to Snowflake itself, by breaking into a former employee’s account, according to a Snowflake spokesperson.
The wider cyber campaign this summer resulted in the theft of millions of people’s personal data. The hacker used stolen credentials that were available in places like cybercriminal forums to access customer accounts, which lacked security measures such as multifactor authentication, Snowflake has said.
US authorities requested Moucka’s arrest in October, and Canadian officials believed him to be a threat to public safety and a flight risk, according to a search warrant seen by Bloomberg News.
In addition to the alleged attacks on more than 10 organizations earlier this year, the warrant said Moucka — who is said to use the aliases Judische, Catist, Waifu and Ellyel8 — made posts online referencing suicide, mass killings and obtaining “guns to kill Canadians.”
Moucka also is alleged to have targeted cybersecurity researcher Allison Nixon, chief research officer at Unit 221B, a cybersecurity firm, with threats of violence. Bloomberg has previously reported the threats but didn’t name Nixon, who gave an interview on the matter to the Waterloo Region Record published Friday.