Possibly one of the world’s worst cybercriminals who allegedly stole the data of millions of Australians earlier this year has been arrested in Canada and will face an extradition hearing early Wednesday morning.

Nightly understands that cybersecurity researchers and international law enforcement agencies, including the Australian Federal Police, have been working together for months to identify and capture the hacker who breached cloud data storage platform Snowflake in April.

Canada’s Department of Justice confirmed to Bloomberg that suspected cybercriminal Alexander “Connor” Moucka was detained on a provisional arrest warrant last week.

Moucka, who uses the online aliases Judische, Waifu and ellyel8, is believed to be behind the “largest data breach of 2024”.

“We can now confirm that, at the request of the United States, Alexander Moucka (aka Connor Moucka) was arrested on a provisional arrest warrant on Wednesday, October 30, 2024,” the Department of Justice said.

“He appeared in court that afternoon and his case was adjourned until Tuesday, November 5, 2024.

“As extradition requests are considered confidential interstate communications, we cannot comment further on this case.”

Nightly understands that Mr Moucka, a 26-year-old software engineer from Ontario, faces an extradition hearing in the Ontario Superior Court of Justice at 10am local time on November 5 (2am Sydney Wednesday).

Mr. Moucka is allegedly behind a recent wave of high-profile data breaches affecting 165 Snowflake customers, including Ticketmaster (Live Nation), AT&T and LendingTree.

Snowflake Inc. is an American cloud-based data storage company.

This hack was one of the largest in history due to the extent of personal data stolen in the breach.

The Ticketmaster breach alone, reported in early July 2024, affected more than 560 million customers.

The hackers allegedly tried to blackmail the companies by threatening to sell their stolen data on criminal forums if they did not pay.

Bloomberg reported that a person claiming to be behind the attacks told the outlet via Telegram earlier this year that they hoped to receive $20 million for all the data they stole.

Austin Larsen, senior threat analyst at cybersecurity firm Mandiant, told Bloomberg this week that Mr. Moucka “has proven to be one of the most important threat actors of 2024.”

Mandiant was the company Snowflake hired to investigate the incident.

Larsen said Moucka’s campaign against more than 100 organizations “exposed them to significant data loss and extortion attempts.”

He added that it “highlights the alarming extent of damage a single person can cause using off-the-shelf tools”.

Cyber ​​Threat Intelligence Editor-in-Chief Jeremy Kirk wrote on LinkedIn last night that Mr Moucka’s arrest “has given new impetus to global investigative efforts by private companies, including Mandiant (part of Google Cloud), and public sector organizations, including Australia.” “There is a consequence,” he wrote. and capabilities for international cybercrime investigations.”

Journalist Joseph Cox reported that before his arrest, Mr. Moucka told 404 Media “his alleged origin story and his entry into the hacking and criminal ecosystem known as The Com.”

Com reportedly includes groups engaged in cybercrime activities such as violence, extortion, kidnapping, armed assault, and robbery.

Cox also reported that in mid-October, Mr. Moucka said he was “concerned they would be arrested soon.”

“I destroyed a lot of evidence and what I couldn’t destroy, I thoroughly poisoned what I couldn’t destroy, so when/if that happens, it’s a conspiracy that I can only bind and defeat,” Mr. Moucka was quoted as saying in a statement to the press.

Another hacker named John Binns, who was arrested in Turkey in May 2024, is believed to have collaborated with Mr. Moucka, according to The Hacker News.