Canada holds onto alleged Snowflake hacker in face of US extradition

His downfall was threatening a female cyber expert

A 25-year-old man from Kitchener, Ontario, accused of carrying out one of the largest data breaches in history remains behind bars as legal proceedings unfold.

Alexander Moucka, aka Connor Riley Moucka, Catist, Waifu and Ellyel8, made a brief video appearance at Kitchener court on Friday.

Moucka faces an array of charges in the USA, including conspiracy, computer fraud and abuse, extortion, wire fraud and aggravated identity theft.

He is accused of exploiting vulnerabilities in Snowflake's cloud infrastructure to execute a large-scale hack that compromised data from 165 American companies, including AT&T and Ticketmaster. The hack affected millions of individuals and caused significant financial and reputational damage.

Moucka's next appearance has been scheduled for 20th December to determine if he has secured legal counsel.

Court records indicate that Moucka recently applied for Legal Aid and is attempting to retain Toronto-based defence attorney John Fennel.

In the interim, Moucka remains detained without bail, with no formal application for release submitted.

A provisional arrest warrant issued by the Ontario Superior Court of Justice lists two names for the accused – Connor Riley Moucka and Alexander Antonin Moucka.

The extradition process is set to begin with a sending hearing scheduled for 17th February 2025. This hearing will evaluate the case against Moucka to determine whether he should be extradited to the US.

Details surrounding Moucka's personal life remain scarce. He was arrested from the home he shared with his grandfather in Stanley Park approximately one month ago.

As the investigation unfolds, it's become clear that "Waifu" was part of a larger cybercriminal group known as "The Com." This group, which operates globally, is involved in a wide range of cybercrimes, including data theft, extortion, and even physical threats.

Don't yell at strangers on the internet

Moucka’s downfall began when he sent threatening messages to Allison Nixon, co-owner and chief research officer at the US-based cybersecurity firm Unit221B.

Nixon, whose company specialises in identifying cybercriminals, became the target of violent threats from "Waifu" over the messaging app Telegram.

Nixon tasked her team with identifying the individual behind the threats. Using advanced digital forensics techniques, Unit221B traced Moucka's online activity and pieced together his real-world identity.

Nixon declined to share details of their investigative methods, citing concerns that hackers learn from the exposure of such techniques.

Moucka's threats inadvertently shone a spotlight on his activities. Despite attempting to mislead investigators by posting false information online under different aliases, he also continued bragging about his crimes.

"All this accomplished was to draw a tonne of attention from a bunch of people he should never have attracted attention from," said Nixon.

Unit221B, along with Google-owned cybersecurity firm Mandiant, shared their findings with law enforcement, which led to Moucka's arrest in October.

"The whole situation is so ironic for this Moucka person," said Nixon.

"Why would he target a company that is not working on his case and specialises in identifying cybercriminals? It is just the stupidest thing ever."

Law enforcement officials and cybersecurity experts agree that the arrest marks a turning point in the fight against The Com.

However, Nixon has warned that others in the group remain active, including members in Ontario.