ADVERTISEMENT

Business

Canada Arrests Man Suspected of Hacks of Snowflake Customers

By Margi Murphy and Brian Platt
The Cryptospace conference in Moscow, Russia, December 8, 2017. Cryptospace Conference, Eastern Europes largest conference dedicated to blockchain technology and cryptocurrencies, will take place in Moscow between December 8 and 9 where all the crypto enthusiasts and experts will gather to share their thoughts and exchange valuable information. (Andrey Rudakov/Bloomberg)

(Bloomberg) -- Canadian authorities have arrested a man suspected of being behind a string of hacks involving as many as 165 customers of Snowflake Inc., according to people familiar with the matter.

Following a request from the US, Alexander “Connor” Moucka was taken into custody on a provisional arrest warrant on Oct. 30, according to Canada’s Department of Justice. He is due to appear in court on Tuesday. 

The charges against Moucka weren’t immediately available. “As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case,” said Ian McLeod, spokesperson for Canada’s Department of Justice. 

However, two people familiar with the hacks, who asked not to be named so they could discuss confidential matters, have identified Moucka as the person behind the Snowflake-related hacks.

In addition, Austin Larsen, senior threat analyst at the cybersecurity firm Mandiant, alleged in a statement Monday evening, “Alexander ‘Connor’ Moucka has proven to be one of the most consequential threat actors of 2024.”

Moucka launched a campaign in April against more than 100 organizations, leaving them “reeling from significant data loss and extortion attempts,” Larsen said. He added that it “highlighted the alarming scale of harm a single individual can cause using off-the-shelf tools.”

Neither Moucka nor his attorney could be reached for comment.

When asked about the arrest over the weekend, the FBI declined to comment. The US Justice Department also declined to comment. 

Companies including AT&T Inc., Live Nation Entertainment Inc. and Advance Auto Parts Inc. disclosed that they’d been affected by the attacks in June and July. In some cases, the hacker — or hackers as it is not clear if others were involved — attempted to extort the companies by threatening to sell the data on criminal forums if they didn’t pay up, according to cybersecurity analysts at Alphabet Inc.’s Google.

The attacks resulted in the theft of millions of people’s personal data. The hacker used stolen credentials that were available in places like cybercriminal forums to access customer accounts, which lacked security measures such as multifactor authentication, Snowflake has said.

A person claiming to be behind the attacks spoke with Bloomberg News over Telegram earlier this year, saying that they were hoping to get $20 million for the full set of data they had stolen. No evidence suggests that bulk data was sold.

 

--With assistance from Melissa Shin.

(Updates with comment from Mandiant in fifth paragraph)

©2024 Bloomberg L.P.